In many ways, COVID-19 has given us the opportunity to find solutions to a long list of new problems and collectively work towards a better future for the world. But unfortunately, this is an attitude not shared by everyone, as evidenced by a rising trend in cybercrime since the beginning of the global pandemic. This surge in crime has led to warnings from Interpol, the Cybersecurity and Infrastructure Security Agency (CISA) in the US, and the National Cyber Security Centre (NCSC) in the UK. The FBI even reported a fourfold increase in cybercrime as a result of the pandemic.
Hackers and criminals are finding different ways to exploit the fears that the virus has caused, an increase in people working from home, and an overall rise in online activity. A sensible response to this is to find a knowledgeable IT consultancy near you that will be able to provide the best measures for keeping your IT network and sensitive data secure.
Phishing
Phishing is one of the most common forms of cybercrime, whereby malicious actors send false emails attempting to mislead the recipient, often with a link to click that downloads malware to a device or network. Action Fraud reports around 400,000 phishing emails every year, and 58 percent of organizations have experienced phishing attacks in the last year according to the State of Email Security 2020 from Mimecast.
The coronavirus pandemic has enabled criminals to pose as alerts or recommendations from healthcare institutions like the World Health Organization (WHO) or the Center for Disease Control and Prevention (CDC). One of the early COVID-19 phishing scams sent emails purporting to be the WHO, with a button to download ‘safety measures’. Other phishing attempts are known as Business Email Compromise, where the perpetrators pretend to be representing particular companies, explaining that they have needed to change their banking details due to the global crisis. This causes victims to transfer funds to a false bank account.
Ransomware
Ransomware is the kind of cyberattack that seizes control of systems or devices and demands that the users make payments before they can regain control. Hackers often threaten organizations with data breaches in which the personal data of their customers will be leaked unless ransoms are paid. Rather than showing some sense of humanity at the time of a crisis, cybercriminals have revealed the extent of their cruelty with the sharp growth in ransomware attacks.
The victims are commonly medical and scientific organizations, such as the Hammersmith Medicines Research company. The company fell victim to a data breach after refusing to pay a ransom to the Maze criminal collective. Other cybercriminal groups include DoppelPaymer, Nemty, and Sodinokibi, and they have created special websites where they can leak stolen files. While some of the groups say they will not target medical facilities during the pandemic, this is not true for all perpetrators of ransomware attacks.
Info-stealing trojans
Similar to phishing, trojan horses are forms of malware that claim to be something else. Info-stealing trojans arise at the time of an infodemic, such as that we have experienced this year with COVID-19. They rely on complex predatory code and social engineering to harvest passwords, cryptocurrency wallets, and sensitive personal information. One such info-stealing trojan is AZORult, which purports to be an interactive coronavirus map application that provides virus statistics from a reliable source. At the same time, it executes an information-stealing component.
Malicious domains
As there has been an increase in demand for medical supplies and coronavirus-related information, cybercriminals have sought to take advantage. This has included an increase in the registering of domain names that have keywords related to the virus, such as COVID. These websites can be the base for a range of malicious activities, such as malware deployment, C2 servers, and phishing. The first month of the global pandemic saw growth in malicious registrations by as much as 569 percent, and a 788 percent increase in high-risk registrations was reported to Interpol.
Misinformation
We can all understand that misinformation and fake news have become
a larger threat in recent years. This trend has only been exaggerated in the coronavirus pandemic, with a high amount of unverified information, conspiracy theories, and misunderstood threats causing anxiety in populations and even facilitating the introduction of cyberattacks. In a global cybercrime survey, one country recorded 290 postings that mostly contained hidden malware. Thirty percent of countries reported false information related to the coronavirus, and misinformation has also been used in the illegal trade of medical supplies. There are also reports of text message scams with offers of free food and special supermarket discounts.
In addition to all of these cyber threats during the global pandemic, there are various fraud schemes related to medical supplies and attacks on mobile devices. Businesses that are working hard to keep operations running at a difficult time need to make a special effort to protect against new types of cybercrime. Key to this is the training of employees so they can be aware of the new dangers, and staying up with the latest news in IT security. It is recommended that organizations hire experts in cybersecurity who can apply solutions that will hold up in the new normal.
In a time of uncertainty, cybersecurity may be the last thing on the minds of small to medium business owners. Unfortunately, this is something that some cybercriminals are banking on. 2020 has already proven to be an extremely challenging year in various respects, so we should not let cyberattacks become one more problem. Keep your business safe and secure, and hopefully, 2021 will bring brighter prospects.
Comments