eSchool Media

COVID-19 and cyberattacks: What you need to know

By Roy Zur
Founder and CEO, Cybint
April 15th, 2020

COVID-19, or the coronavirus, is causing a global crisis of historic proportions—it’s not only changing the way we work, learn, travel, and interact with each other, but also increasing online security risks for both individuals and organizations. With the coronavirus forcing millions to work and study from home and interact more online than in person, cybercrime and cyber-attacks are on the rise.

Cybercriminals have long used current events and social trends to spread malware and maximize the impact and dissemination of malicious campaigns, and for the past few weeks, cybercriminals have increasingly exploited the coronavirus for social engineering campaigns designed to infect online accounts and systems.

In this challenging time, it’s important to know how to protect yourself and your organization from the increasing risk of cyber-attacks. Here are some of the major coronavirus-themed cyberattacks used around the world, along with some strategies for better online safety.

Phishing scams

Phishing scams are attacks in which a hacker/criminal impersonates a legitimate certified entity to steal sensitive information, install malicious malware on the user’s computer, or cause damage.

Recently, many cybersecurity and cyber intelligence companies have reported a significant increase in the number of phishing attempts purporting to provide updates about the coronavirus. For example, the cybersecurity firm Check Point reports that coronavirus-themed domains are 50 percent more likely to be malicious than other domains. Cyber-criminals are no doubt aware that people are hungry for up-to-the-minute information about the virus and its spread, and may be eager to click on any link that promises them such information.

As Check Point notes, “Hackers around the globe have found the coronavirus serving them well as an enabler of their activities, and are still riding the wave of the epidemic.”

Successful phishing messages may be hard to distinguish from real messages, which is why we list below some of the most common signs of phishing.

Common signs of a phishing attempt:

Misspelled URLs – If you get a message purporting to be from a legitimate organization, confirm that any link in the message matches that organization’s official URL before clicking on it. For example, the World Health Organization (WHO) reported suspicious email messages about the COVID-19 emergency pretending to come from them.

Requests for sensitive information – These can include requests for passwords, financial information, usernames, or credit card numbers. Avoid providing unnecessary personal information, and consider why the sender is requesting it and if sharing it is appropriate.

Spelling and grammatical errors – Another potential giveaway is the use of unusual wording and generic, non-personalized greetings, such as “dear customer.”

Unusual senders – Another red flag is if the message comes from an unexpected sender, such as someone the receiver does not know or does not communicate with regularly.

Suspicious links – Check any links before clicking on them by hovering your cursor over the link–this may show it points to a fraudulent site.

Cyber risks when remote working or learning from home

With health officials calling on us to practice social distancing to prevent the spread of the coronavirus, working from home has become increasingly common. But the fact that many of us and our colleagues will be working online without the usual protections of our office or school IT systems—which tend to catch and filter out most spam, malicious or otherwise—make us especially vulnerable to cyber-attacks.

A solution to keep your organization’s data safe while working remotely is to use a virtual private network (VPN) as your organization’s online network for remote work. VPNs connect devices to a secure server, allowing users to avoid insecure home or public wi-fi networks. They offer users an extra degree of privacy by obscuring their actual location (their IP addresses will point to the location of the server, not their actual device). Some VPNs connect users to overseas servers, allowing them to access online material (such as streaming media from other countries) normally inaccessible to U.S.-based users. In addition, all data on a VPN is encrypted, adding an extra layer of security.

VPNs, like any other network, however, still have their vulnerabilities. According to the U.S. Department of Homeland Security – CISA: cybercriminals are increasingly finding ways to infiltrate them, both by identifying their technical vulnerabilities and through phishing emails tricking employees into revealing their usernames and passwords. Adding to their vulnerability is the fact that many organizations fail to keep up with the latest patches and security updates because the network is active around the clock. By being proactive and following a few simple strategies, however, you can ensure your organization stays secure and user-friendly while everyone is working or learning from home.

Guidelines for remote working and learning:
• Confirm that everyone has the technical resources needed for remote work, including a strong internet connection and an up-to-date computer.
• Ensure the security features of the VPN and all devices using it are updated regularly.
• Scan all remote assets for viruses and other potential security issues.
• Implement two-factor authentication for logins.
• Implement controls to block users from browsing potentially malicious sites from home.
• Train your team to recognize and avoid phishing attempts
• Have a response plan in place in the event a data breach occurs.

Coronavirus and cybercrime fake news

In times of uncertainty, bad actors can exploit the public through rumors and intentionally false information. The growing dissemination of “fake news” about the coronavirus, such as reports that the disease can be cured by silver compounds or other substances, can not only panic and harm those who consume it, but is often intended to generate chaos and mistrust. Such false information may be passed along innocently, or may be propagated by entities with an interest in disruption, profiteering, or pushing a particular agenda. These can include government-led organizations, cybercriminals, and hacktivists.

How to identify “fake news” and disinformation:

Source evaluation – One of the most important steps is to review the reputation and credibility of the media source. If the source is not well known, you should identify its views and biases by reviewing its background and other content it published. Note that a source can look credible, but in fact, the article can be hosted on a different domain. ABCNews.Com.Co was a website that used to post fake news stories and have its stories seem legitimate only by similarity to another reliable news source.

Author evaluation – Every text you find online has been written by a person or persons with their own set of beliefs and values. A good way to understand who the author is is to try to look for other articles by them on the same site and see the author’s viewpoint. They could also have their details on a page listing their history and experience, which is assuming an author is a real person and not a pseudonym. Credible writers will usually try their best to keep in line with reporting high-quality content based on relevant data, and not jump into far-fetched conclusions or make bold exclamation without a strong basis. Checking this kind of information out could also help your assessment of how reliable the article is.

Suspicious accounts on social networks – Social media accounts, posts, tweets, blogs, and other social channels generate a significant amount of information and disinformation. Content, once posted, can spread online like fire, even when there’s no real person behind the accounts. The content they generate is liked, retweeted, and shared by unsuspecting users. Most social media services today are flooded with accounts opened only for those reasons, so much that current assessment is that 5 percent of users are not genuine and can be called social bots. In the context of the coronavirus crisis, the activity of some of these fake users is on the rise, and social media giants like Facebook are trying to fight the spreading of the COVID-19 fake news.

Read beyond the headlines – Many times, a headline represents a limited part of the story, in an attempt to generate more traffic for the article. For that reason, headlines can sometimes seem like “clickbait,” expressing an exaggerated stance or using strong phrasing. Those kinds of headlines attempt to generate a reader’s emotional response, basing their action on the fact that many people don’t read more than the headline. Whenever you encounter a headline like this, consider it another hint for fake news.

The coronavirus crisis is not only a health issue–it’s changing the way we work, learn, travel, and interact with each other. Therefore, keeping safe in this new situation requires us to be vigilant to digital threats, cyber-attacks, and online crimes as well. This is true for our organizations, ourselves, and our loved ones, including our children who learn from home and spend a significant amount of time online. We need to join forces to fight these threats together.

About the Author:

Roy is the founder and CEO of Cybint, a cyber education company. As a retired Israeli Defense Forces Major, Roy has more than 15 years of experience in cybersecurity and intelligence operations and has developed cyber education programs and technological solutions for companies, educational institutions and government agencies around the world.

Our 250+ Clients Include