Cyber Security Risks in a Time of COVID19 - What’s Happening
Whilst most of us pull together to face the challenges of the COVID19 crisis, some wish to exploit the stress and uncertainties for profit. Since the initial outbreak occurred, there has been a significant rise in global cybercriminal activity.
These can be split into three broad categories.
Social Engineering and Phishing
The Sale of Counterfeit and Fraudulent Goods
Social Engineering Scams
It seems that no one is safe from attack, not even those who are leading the fight against the Virus. In March, cybersecurity specialists in the U.S. identified malicious activity relating to the World Health Organisation (WHO).
A group of hackers had launched a malicious site, mimicking the WHO’s internal email system. Alexander Ubelis was one of the consultants who spotted the activity. “I realised quite quickly that this was a live attack on the World Health Organisation in the midst of a pandemic,” The replication of the website, was an attempt to steal details and passwords from WHO agency staff, and this level of focus and attack on WHO continues.
The World Health organisation (WHO) has also been used for Phishing scams and since COVID-19 started, these have increased by over 600%. Security Software vendor Sophos recently identified a phishing email that impersonated official email correspondence from WHO. The email contained a link to an important document on preventing the spread of the virus and once clicked, redirected victims to a malicious site used to harvest data. Luckily, the email has been identified and contained formatting and grammatical errors which can be an indicator of a phishing email.
Exploitation and Fake Sites
The example of WHO is just one of many ways, criminals are using the pandemic to mimic and exploit us, using our fears and the desire for information. The UK’s National Cyber Security Centre (NCSC) has detected more government branded scams relating to COVID-19 than any other subject.
It is not just organisations that are being used to defraud people, there has been a spike in new fraudulent websites offering goods that are in demand. A recent report from Red Points, a brand protection firm concluded that online sales would increase by 73% if the COVID crises continue with more people buying online than before. This presents even more opportunities for criminals.
Whilst counterfeit goods are not a new thing, there has been a huge surge in goods and fake websites preying on people’s insecurities and desire to stay safe. These include the sale of Personal Protection Equipment (PPE) like facemasks. These fake goods and websites are preying on our front line workers at the coalface of the fight, claiming to sell legitimate PPE supplies and they will go to great lengths.
Recently, scammers stole the identity of a Birmingham company, A&G Medical Ltd and launched a site selling large quantities of masks, gloves, and sanitiser, requesting that half of the order value to be paid upfront. This was all fraud.
Luckily, the scam was soon discovered as A&G Medical had been trading years, but the domain name used, was first registered on February 25, 2020 - just days before the first UK death from COVID-19. Further investigation found that the business address on the website is currently a building site.
Held to Ransom
According to research by Beazley Insurance Company, ransomware attacks more than doubled in 2019, and appear to be increasing during the pandemic. Whilst this may not be directly attributable, a time when companies focus is elsewhere, provides a perfect opportunity to attack.
Also as organisations scramble to make changes to their working practices and systems, many struggle to keep pace and are being hit with staff and skills shortages.
If your organisation has not made adequate provisions to secure remote workers and have a stringent data backup process, we suggest you do so quickly.
The risks of suffering a ransomware attack are high, this is down to several different issues, many resulting from the necessities driven by COVID.
With users working remotely, devices are not set up properly and unsecured Remote Desktop Protocol (RDP) applications are running, which can be exploited by criminals. RDP runs on standard ports and can be easily identified if not set up securely.
Many organisations still have poor password hygiene and policies, this means a brute force attack on your organisation may pay dividends.
Some organisations also have poor patching policies, or not keeping up to date due to staff shortages. This makes systems easier to break into.
Staff are connecting to the network through unsecured Wi-Fi and using their own unsecured devices.
With the increase in clickbait through Coronavirus phishing emails and our threat exposure levels, the risks we face are increasing exponentially and cannot be ignored.
Conditions are ripe for cyber-attack, with confusion, fear, and stress it has created a perfect storm for exploitation. Whilst many now struggle to focus and stay sane working at home, this has been the realm and reality of many hackers, who have now declared hunting season open.
We need to take steps to be extra vigilant and diligent at this time, to ensure we do not open us or our businesses up to being held for ransom.
To discuss security concerns with one of our consultants call us on 0800 285 1692
Download our “15 Ways to Secure Your Business” PDF