The COVID-19 pandemic is here to stay, and it has radically changed all our lives. With growing uncertainty and concerns, we now need more information than ever. But how reliable is all this information? Are we certain that we are getting the right information?
Cyber criminals are taking charge and exploiting this need for information, they are taking advantage of our fear and doubts and targeting businesses and individuals in multiple ways.
Brno Hospital University in the Czech Republic,which is one the country’s primary COVID-19 testing places was attacked and had to turn away patients suffering with severe symptoms of the virus.They were also forced to delay surgeries because they could not access their systems which was shut due to a cyber-attack. The World Health Organization (WHO) also identified a complex cyber-attack on their system earlier in March.
Google has said that their Gmail service has detected more than a 100 million phishing emails in total that are all related to COVID-19. These phishing attacks are taking advantage of fear and using monetary incentives to prompt users to respond to their threats. Small business owners are also at risk since they are interpreting phishing emails to be legitimate government communications, making them more susceptible to such attacks.
What to look out for?
There are several “campaigns” being put out with COVID-19 as bait. Here are some examples:
Emails containing CO-VID19 information, with malicious document attachments that exploit a known vulnerability to run malicious code.
COVID-19 related phishing emails attaching macro-enabled Microsoft word documents that contain health information which leads to the download of Emotet or Trickbot malwares.
Phishing emails that claim to come from different government health organizations or the World Health Organizations with precautionary measures containing embedded malware.
The unavoidable dependency on third party software for remote working is also creating opportunities for cyber criminals to exploit, as businesses closed their offices and remote working became a common mode, security issues in everyday necessary applications, such as Zoom, became a common problem. This pandemic has led to some serious privacy issues. As our need to keep track of the virus grows, society is becoming more and more dependent on technology. A mobile application is more cost efficient and safe rather than human interactions, but this too comes with a price.
KPMG also mentions that many cyber attackers have changed their tactics to use CO-VID19-related materials on health updates, false cures, fiscal packages, emergency benefits and supply shortages.
However, there are typical giveaways that may make an email suspicious. The email may include grammatical, punctuation and spelling mistakes, have an unusual or unexpected design and quality, and not be addressed to you by name (instead using terms such as ‘Dear colleague’, ‘Dear friend’ or ‘Dear customer’). It might also include a veiled threat or a false sense of urgency, and directly ask for your personal or financial information. It would be pertinent to also be aware when opening and emails and to recheck the domain to confirm its authenticity.
Summing up we can expect such scams, phishing, and malware attacks to continue to grow in the coming months. Cyber criminals will not let such an opportunity go in vain. The only way we can combat this is by being vigilant, double checking the authenticity of any attachments and making it difficult for such attackers to exploit.