Cybersecurity in the Age of the Coronavirus: Cybercrime
The Coronavirus pandemic has remolded us into a digitally dependent world. The directives of social distancing forced a rapid shift of activities from the physical world to the digital world. The platforms that are used to host business meetings are now the same platforms used to host virtual celebrations and gatherings. The lines between our personal lives and our work lives are blended now more than ever. As society conforms to this “new normal”, IT professionals are faced with several challenges. Our reliance on technology opens doors for new cyberattacks. It also poses obstacles for business executives, demanding operational changes to focus more on cybersecurity. Nevertheless, this unprecedented time allows for cybersecurity and information security to aid in different fields, specifically the medical field. The Coronavirus pandemic has tested the operational efficiency and capability of cybersecurity departments and heightened the importance of cyber safety.
An Increase in Cybercrime
The internet has become the main channel for human interaction and the way we work, contact, and support one another. Because of this, any cyberattack that deprives organizations or families of access to their IoT devices can be devastating. Our dependency on the internet and technology gives attackers several entry points into our systems and our lives. Attackers can now target you as both an employee and an individual, which can cause a wave of detrimental effects. According to Dark Reading, 46% of global businesses have encountered at least one cybersecurity scare since shifting to a remote work model.
Technical Vulnerabilities
Zoom is the most downloaded app since the pandemic began, as it provides users with a form of communication. Zoom bombing happens when unwanted guests intrude on video meetings for malicious purposes. There have been cases of attackers intruding on work meetings and online school classrooms. Zoom has since updated vulnerabilities and raised protections for users to enter meetings. Microsoft Teams, another platform widely used by organizations, also recently fixed a vulnerability that allowed attackers to hijack a user’s profile by sending a GIF.
Social Engineering and Phishing Scams
Along with manipulating technical vulnerabilities, cyber criminals have also exploited users’ fear and uncertainty. During a crisis situation, people tend to make mistakes they would not have made otherwise due to stress. A Dashlane survey conducted by Harris Poll found that 59% of Americans feel more at risk online than ever before. Also, nearly 60% of Americans are using personal devices for work during COVID- 19, passing on the vulnerabilities found in bad online security practices to their employers. Employers have reported an increase in victimization of phishing emails.
The World Health Organization (WHO) said it has seen a five- fold increase in the number of cyber attacks directed at its staff and email scams targeting the public. The Federal Trade Commission (FTC) says that since January 2020 until mid- April, they received over 18,000 reports related to COVID- 19, and people reported losing $13.44 million to fraud, mostly about travel and vacations and online shopping.
Fake Facebook accounts take advantage of users’ stress and worry. These accounts post misleading and harmful Coronavirus information, such as “miracle cures”. In April, Facebook took down 732 Facebook accounts, 162 accounts on Instagram, 793 pages, and 200 groups. Another common phishing attack happens when attacker creates a false URL that is similar to a legitimate one. Attackers will often impersonate health organizations to redirect victims to a malicious website.
Manipulation and exploitation may also present itself by other means. For example, vishing is a form of phishing that takes place over the phone. The reconnaissance is performed online through Open Source Intelligence (OSINT) such as searching through social media profiles. Attackers target social security numbers and credit card numbers. Many times, this private information is sold on the dark web. By combining details found on OSINT along with information found on the dark web, an attacker can create a whole victim’s profile and target that specific individual.
Lending a Helping Hand
We’ve seen humanity stand in solitude during these times, offering assistance to those who need it. While many groups have good intentions, they still take advantage of victims. In a Russian- language cybercriminal group, a member expressed frustration due to lack of financial aid they received during these times. The group then set up a falso charity, claiming that donations will be sent to fight COVID- 19 in Italy and Spain. Instead, the money went to the member of the group. The member communicated a feeling of guilt, but that he or she was in a hard financial situation and needed some help.
Legitimate organizations, such as Emisoft and Coveware, are offering free decryption services to any hospitals that may be hit by a ransomware attack. Both Brno University Hospital in Czech Republic and Champaign- Urbana Public Health District were both hit by ransomware attacks in March, prompting an urge for cybersecurity in the health sector.
