Cyber threats during COVID-19

As many of us find ourselves working from home in self isolation, it’s prudent to consider guidelines to help you get started working in a safe and secure manner. Here is some advice from our in house team.

Cyber Threats during Coronavirus

Cyber Security Threats still pose a significant risk to organisations and will continue to do so throughout this crisis, with cyber attackers seeking to take advantage of our increased online dependency. On the national scale for example, where dependence on deliveries to help us for everyday items will increase sharply, attackers may be looking to cause disruption and target these services. Proofpoint in February saw specific attacks being placed against key targets which were intending to disrupt the supply chain or other services such as manufacturing, industrial, finance, transportation, and pharmaceutical industries, which are vulnerable to shipping and logistics chains.

Personal scamming and fraud attempts, as well as more traditional offline fraud, maybe an issue in the forthcoming months. There have already been reports of people’s home being visited by “Covid Testers” praying on the vulnerable or uninformed. Read more from the National Cyber Security Centre.

Action fraud recently found a 400% increase in reports towards the start of the year, proof if any were needed of the requirement to be vigilant online.

On a personal and local scale, there has been an uptick in website registrations in connection to COVID-19 virus, many of which bear the hallmarks of malicious intent, mostly through the mechanisms of scammer emails. These may be used when an attacker sends an email to a victim under the guise of a COVID-19 update or official advice.

There has been at least one COVID-19 map which researchers have found to be malware, this malware steals credentials and also sets up an administrator account on the device in order to carry out a remote connection to the device.

A recent attack took place against a COVI-19 testing center which has been hit by a Maze, an attacker group who are holding data to ransom.

There has also been a wave of emails being sent out from companies outlining their preparations for dealing with and operating during COVID-19. Any one of these emails could potentially be a phishing attack, sending emails to previously breached email lists.

The best defense against all of these attacks is to maintain caution and to apply good cyber hygiene. Think before you click and make sure you are double checking the source and senders of the emails as well as the URLs you are clicking upon. Be aware of any website that you visit asking you to download codecs, or programs, it is highly likely that they will be malicious.

Lastly, attackers may use tactics such as urgency, familiarity or impersonating someone you know. The scale of sophistication and complexity of recent attacks is impressive. It is better to give that person a quick call to double check, rather than bowing to your natural impulses. Remember to stop, check and confirm.

For more advice on cyber issues, please contact us