Cyber Attacks Amid the COVID-19 Outbreak

We’ve all heard about the ways we can protect ourselves and our loved ones against this deadly infected virus: wear a mask, wash your hands, do not touch your face, practice social distancing, etc.

The risk of this virus outbreak is impacted badly and all of us have to play a role in slowing and eventually stopping its propagation.

However, we also have to realize that, in the tech world since everything and everyone is connected – you have to be as cautious online as you have to be in real life.

What Does It Mean?

Since work from home is in wake of the COVID-19 outbreak in the country, there has been an increase in the number of cyberattacks on personal computer networks and routers.

Cyber criminals are exploiting the COVID-19 outbreak as an opportunity to send phishing emails claiming to have important updates or encouraging donations, impersonating trustworthy organizations.

With the recent mass shift to remote working, cyberattacks massively increased during the past few months. This alarming increase in cyberattacks became a serious concern for IT managers and enterprises and prompted a rethink of their cybersecurity initiatives holistically for fixed and mobile assets.

The cyber attackers are releasing new computing viruses and mobile applications relating to Covid-19 updates and other information exploiting the fear of the coronavirus and causing the victim to fall prey to cyber-attacks. They are misleading the victims by designing phishing websites, emails, and phishing UPI accounts which are leading to Cyber frauds.

The disastrous spread of the Coronavirus has become an opportunity for cybercriminals to spread various cyber attacks like Malware attacks with "Coronavirus Maps" infecting PCs to steal passwords.

By using WHO mail in the name of COVID-19, cybercriminals are spreading malware to control your end devices. They are also making the fake mobile applications in the name of COVID-19 as an authorized application from WHO for spreading phishing and to steal the confidential information.

WHO reported, some of their active WHO email addresses and passwords were leaked online along with the employees working on the novel coronavirus responses. Some of them are collecting charity through UPI by using the name of PM-care, PM relief fund, etc.

WHO asks the public to remain vigilant against fraudulent emails and also recommends the use of reliable sources to obtain factual information about COVID-19 and other health issues.

During this time of increased use of online activity, cybercriminals are actively working to exploit the current COVID-19 story with attacks aimed at taking advantage of the situation. You should be aware of online scams and threats as they are increasing in volume.

Against this backdrop, both employers and employees need to take the utmost care to protect themselves as well as confidential company information. Here are some things for employers and employees to keep in mind to minimize the risk:

For Employees

1. Be Extra Vigilant About Phishing Emails

Cyber criminals love a crisis. Be on the lookout for phishing emails designed to entice you to click on the latest and greatest offer related to coronavirus protections, or with urgent instructions from your boss who is out of the office, all with the intent of getting you to unwittingly download malware onto your device and the company’s systems.

2. Practice Good Cyber Hygiene

Make sure your devices including your internet router are up to date on their anti-virus protection and that you’re using secure and known connections. Avoid the temptation of using Bluetooth in a public place. It is an easy way for hackers to connect to your device. 

Use multi-factor authentication on any accounts for which it is available. Follow company guidelines on internet use and use of your own device.

3. Use Only Secure WiFi

Only work on secure, password-protected internet connections. If you have to use public WiFi, be sure to verify with the owner that the network to which you’re connecting is their legitimate network and is secured through a password. Avoid accessing any confidential or sensitive information from a public WiFi network

Hackers will try to trick you by mimicking the name of a secure network, so look closely and verify to make sure the one you’re joining is legitimate. If you don’t, you can give the hacker control and access over everything you do on the internet.

4. Report Lost or Stolen Devices Immediately

Remote work increases the potential for the loss or theft of your devices. Be sure to report any lost or stolen device immediately to company information security personnel to minimize the risk of fraud.

For Employers

1. Set Up Remote Access Now

If you have personnel who need remote access, get it assigned now before an office closure. It is more difficult to issue multifactor authentication tokens to offsite employees who are working remotely for the first time and to install similar technology without physical access.

2. Confidential Information is Still Confidential

Remind employees to use the same care or more with confidential information as they would if they were in the office. Personal email should not be used for any company business, and employees need to keep track of what they are printing at home. 

If the printed document would be subject to shredding in the office environment, take care to segregate and shred that same document at home, or refrain from printing it in the first place.

3. Remind Employees Not to Use Personal Laptops for Work

Ask your employees to use company-issued laptops or to contact your information security personnel if they are unsure about the equipment they are using. Use of personal devices creates problems around document preservation matters and add increased risk. 

In addition, the software powering some home equipment can be months or even years out of date.

4. Update Your Emergency Contacts

Be sure your company has an “out of band” way to contact all employees — whether a cell phone number or other way to contact the employee outside of company systems. That way, should your company fall victim to an attack, you’ll be able to communicate with your employees. 

For key personnel or senior management, set up a group on a secure texting application such as Signal so that if the systems are down and email is unable, senior management will be able to communicate without fear from interception by cyber criminals.

Remote access tools have advanced in ways that were inconceivable even as little as 10 years ago, making mass remote work possible. As with all data security, however, remote access is only as strong as its weakest link. 

With a strong combination of technology and employee know-how and training, it can be done safely and smartly. Stay safe and be careful out there.

Written by - Parul Verma

Edited by - Anusha Vajha

Post a comment