At this point, coronavirus disease 2019 (COVID-19) has infected millions around the world and caused hundreds of thousands of deaths, according to the World Health Organization (WHO). The pandemic has turned life upside down for people all over the globe. Unfortunately, cybercriminals have taken advantage of the upheaval to ramp up their hacking efforts and carry out coronavirus-related schemes.
How COVID-19 Has Affected the Cybersecurity Threat Landscape
It’s not uncommon for malicious actors to try to take advantage of vulnerable people during crises like this: “Be aware that criminals are attempting to exploit COVID-19 worldwide through a variety of scams,” the U.S. Department of Justice warns on its website.
Cybersecurity experts and tech companies have warned of pandemic-related hacking schemes. In an April 8 alert titled “COVID-19 Exploited by Malicious Cyber Actors,” the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC) noted that they had observed “a growing use of COVID-19 related themes by malicious cyber actors.”
In addition, the CISA and NCSC pointed out that the sudden rise in the number of people working remotely created new points of vulnerability that cybercriminals can potentially take advantage of, such as weak spots in virtual private networks (VPNs).
COVID-19 Cyber Scams to Watch Out For
Malicious actors are exploiting the current public health crisis in various ways, according to the CISA and NCSC. Here are just a few common types of cyberattacks government agencies and security experts have noticed popping up so far:
- Malicious new domain names containing language related to “COVID-19” or “coronavirus,” typically in an attempt to steal personal info or trick visitors in to downloading malware. As of April 14, there were more than 1,700 malicious domains out there with “covid” or “corona” in their names, according to Sophos.
- Phishing emails with “COVID-19” or “coronavirus” in the subject line as a lure. Some fraudulent emails and text messages purport to come from official sources, such as the WHO and the Centers for Disease Control and Prevention (CDC).
- Cyberattacks targeting newly implemented remote work infrastructure and tools.
How to Protect Your Business From Coronavirus-Driven Cybercriminals
This pandemic-linked rise in cybercrime is unlikely to slow down anytime soon, so it’s imperative that everyone in your organization remains vigilant and that your business maintains a comprehensive cybersecurity strategy to safeguard your IT environment and data during this challenging time.
Here are a few steps you can take to keep your organization’s data breach risk level low despite the increase in cyberattacks related to this crisis:
1. Ensure your team undergoes employee security awareness training related to COVID-19 cyberattacks. They should be on high alert and know how to recognize phishing attempts. Everyone should know to avoid clicking on attachments and links in suspicious emails.
2. Check that your VPN solution is up-to-date and doesn’t have any unpatched vulnerabilities.
3. Implement a comprehensive cybersecurity strategy for your entire network, including remote devices. These are just some of the solutions we recommend for maximum security:
- Endpoint and network Managed Detection and Response (MDR)
- Mobile Device Management (MDM)
Additionally, if you run across a coronavirus-related scam, please report it by calling the National Center for Disaster Fraud (NCDF) hotline at 1-866-720-5721 or emailing disaster@leo.gov.
If you’d like to learn more about any of the cybersecurity solutions listed above or would like guidance on how to protect your business from cyberattacks, our team of security experts would be happy to help you. Please give us a call at 877-599-3999 or email sales@stratospherenewtorks.com for more information.
