Coronavirus-themed Cyber Attacks and the Road Ahead
Remote work culture — although convenient in the times of COVID-19 — has led to an upsurge in cybercrime. According to reports, over 38.48 million new malware was introduced in just the first quarter of 2020. This phenomenal rise in cybercrime activities, coupled with a flawed operational transition has triggered millions of security breaches across the globe.
As most businesses did not have a clue about the pandemic until it happened, they did not have the time to create a secure remote work environment. This worked to the advantage of cybercriminals as they could exploit existing vulnerabilities and break into private corporate networks. Now that the remote work culture is here to stay, will the year 2020 be remembered only for “viruses”? The vaccine for COVID-19 is yet to come, but for the virtual viruses, there are many readily available security measures that we shall now discuss.
For Employees
1. Stay Away from Fake emails
While working remotely, you need to be more cautious than ever before. Particularly, about the emails you receive because over 90% of malware is transmitted through emails. Plus, cybercriminals are sparing no effort when it comes to tricking unsuspecting employees via fake emails. For instance, miscreants now send phishing emails disguised as meeting requests or official communication requiring the recipient to download malicious attachments.
To avoid all suspicion, they make use of a domain name that looks deceptively like that of your employer or a reputable organization. Let us assume that you work for Amazon. In that case, the attacker launches the attack by using email linked to a domain name such as ‘Amozon’ or ‘Amazan’ which although different, might be sufficient to trick someone who is occupied with a lot of work.
2. Only Use Secure HTTPS Website
Legitimate businesses never shy away from using an SSL certificate, which enables the HTTPS protocol. You can easily spot such sites by looking for the padlock in the URL bar, just before the website’s address. The HTTPS protocol is indicative of secure data transmission between the client and the server. However, you must know that there are different types of SSL Certificates and validations as well SSL providers. For example, a website owner can look for reliable resellers for budget price and buy SSL from SSL2BUY, which confirms the domain’s ownership.
The image below is that of a domain validated certificate, which only confirms the domain’s ownership.
On the other hand, if you look at websites like PayPal, then you get to see that the certificate validates the Organization. In other words, it means that the certificate is issued to PayPal Inc., and not just to the domain PayPal.com.
Upon a single click on ‘Certificate’, you would be able to see that it is an EV SSL certificate issued by DigiCert, which performs a more in-depth validation process to confirm an organization’s identity.
3. Phishing
Cybercriminals have always misused public sentiment to compel their targets to disclose personal and sensitive details. The most recent trend has been COVID-19 themed phishing attacks. This includes pretending to be an official representing the WHO, CDC, or some other leading research institute and offering a COVID-19 test or cure. The sender typically requires the recipient to take some action or provide personal information. Now, this is something you must avoid at all costs.
Always remember that when there is a cure or a breakthrough development in the COVID-19 vaccine, then your government would disseminate that information through mainstream media. Neither does CDC, nor WHO send personal emails to anyone, instead, they publish all information on their respective official websites. Besides targeting the public, Cybercriminals have also been carrying out highly targeted spear-phishing attacks. According to a report, there has been a 667% increase in the number of spear-phishing attacks since the end of February 2020.
4. Change your Cyber Behavior
If you have always worked from your onsite office and have only recently switched to working from home, then educate yourself about remote work-related security threats. Start by checking if your PC has active security tools and check if your Wi-Fi connection is encrypted. Always avoid using public Wi-Fi and only browse through secure websites with HTTPS. Finally, make it a point to avoid accessing personal emails or installing random software applications on the system you use to carry out official work.
For Employers
1. Use Secure Remote Tools
While managing employees remotely, you are most likely to use remote project management and employee monitoring tools. However, make it a point to check the service provider’s data storage and data transmission policies before choosing any of those tools. You do not want confidential corporate data such as the record of keystrokes and screenshots from your employees’ computers to get into the wrong hands.
2. Fix Existing Vulnerabilities
If you provide laptops to your employees, then you must be extra cautious about its upkeep when your employees are working remotely. You may have neglected OS updates up until now, but this must change. You must direct your IT Helpdesk professionals to remotely update the OS, Antivirus, and Firewall for all your employees. A study indicates that 60% of all security breaches occur despite the release of security patches, simply because the user’s PC did not have it installed.
3. Other Cybersecurity Best Practices
Your employees may not be aware of cybersecurity best practices such as not using their office laptops for personal use, and vice versa so inform them about it. Also, you need to educate your employees about how using public WI-FI, accessing unsecured websites, and downloading malicious files can lead to security breaches. Also, if you run a business or an organization and do not have an EV or OV SSL certificate installed on the web server, then you can buy an SSL from SSL2BUY. This lets you add an extra layer of security and build more credibility with your employees and customers.
Conclusion
Cybercrime is at its peak, and criminals are continually deploying creative techniques to break into private corporate networks and steal confidential data. Professionals think that this tendency is expected to continue. However, by following the above mentioned security measures, you can reduce the attack surface considerably.