It certainly seems like civilization has come to a halt under the assault of the coronavirus, but one area that hasn’t stopped is cybercrime. One virus breeds another.
In fact, cyber criminals are, not surprisingly, taking advantage of the global situation and people’s concerns for their own ends. According to Kaspersky, phishing schemes and malware strains have taken on a new theme reflective of the current uncertainty. Impersonating both the Center for Disease Control and Prevention (CDC) and the World Health Organization (WHO), hackers send our phishing emails with malware-infused links, to get a panicked populace to leap before they look. Or, click before they think.
One especially tempting type has to be when the hackers offer healthcare products, such as the surgical masks everybody wants, but which are increasingly difficult to get.
Checkpoint research has also revealed over 4,000 domain names related to coronavirus have been registered, and that 8% of these were suspicious.
Security researcher David Emm urges everyone to exercise caution in such cases, including employees who are now working from home. This is particularly relevant, as more companies send their employees to do just that in light of the pandemic. Working from home and travel restrictions can of course bring their own security risks to an organization. Access, authorization and authentication procedures can become more complex, as well as monitoring the network and ensuring sufficient staffing. Protecting infrastructure from any compromised remote access is also paramount. Stolen credentials are just what cyber criminals need to remotely access their target, who would be none the wiser.
It’s more important than ever to remind employees of these risks so that human error doesn’t create a security breach during a time of crisis. Make sure their own endpoints have strong protection, too. Even then, it’s crucial to expect attacks – it always is, but especially during these times. As we’re already seeing, cyber criminals are not shy about exploiting the situation. Will your organization be properly defended when it becomes a target?