As the world gears up to fight back Coronavirus, which has claimed nearly 117,569 lives, caused global shutdowns, economic repercussions, halting industrial productivity, putting brakes on travel and tourism, etc. , there is one enormously underrated threat: cybersecurity. And soon a widespread event occurs, cybercriminals spring quickly into illicit activities that spews communal hatred, spread disinformation, and look for financial, and data theft.
Recent instances are:
It is one of the most common attacking techniques. Prime targets are Health organizations such as the WHO and US Centers for Disease Control and Prevention (CDC). Here the attackers impersonate via spamming emails and messages on the context of the perceived authority across the globe. They try tempting victims with URLs or document downloads using promises of important safety documentation or infection maps.
These scammers tried to register fake domain names (cdc-gov.org and cdcgov.org) which seemed similar to valid domains (cdc.gov) to confuse the online audience.
According to new figures from sources phishing attacks have risen 667 percent in the UK in March, compared to February.
In February, a member of prestigious Russian-language cybercriminal forum XSS, began selling a “digital Coronavirus infection kit” one the pretext of using the Johns Hopkins Center for Systems Science and Engineering’s (CSSE) legitimate interactive map as part of a Java-based malware deployment scheme via emails. The cost was priced at $200 for buyers having a Java code signing certificate and $700 if not.
Additionally, after the onset of coronavirus, there has been a shocking increase in registrations of COVID-19 related domains, where they spread misinformation, host phishing pages, impersonate legitimate brands, and sell fraudulent or counterfeit items.
While people are facing scarcity of protection masks and other necessary items. Online space is flooded with shady ads about masks and other amenities being offered at subsidized rates or in exchange for bitcoins and customized forms.
There are pages and posts which claim to have found a medical solution to the pandemic. But these are easy to get recognized as misleading claims, unlike the conspiracies theories that are taking rounds.
Theories about the virus, being genetically engineered, or used as bio-weapon can cause mass hysteria, incite racism and xenophobia. Social media posts featuring harmful at-home cures or remedies without scientific backing and labeling coronavirus as doom to create stockpiling, hence shortages of supplies and critical medical equipment have been common misinformation propaganda to boost engagement on their pages. These feed on the human tendency to panic at the sight of danger or socio-economic rooted stereotypes.
With government-imposed lockdowns taking place to slow down the spread of coronavirus due to exposure, there a sudden uptick in work from home opportunities. Most of the employing firms use VPNs to remotely access to the workspace either for additional security or less regional traffic. But generally, these VPNs are free service providers and they are likely to steal sensitive information including location, phone number, etc. Not only that, but hackers are also taking advantage of less secured open home Wi-Fi networks.
Given the mentioned threats, users must check for relevancy of the sources of the articles or posts they come across. Encrypt their local or home Wi-Fi as they treat the corporate ones. Avoid clicking on links in unsolicited emails and be wary of email attachments and never reveal personal nor financial info online. Review emails for grammatical or spelling mistakes for spam signs and cross-check for original websites or emails on institutes. Check for the authenticity of the charity sites. Request employers to provide clear WFH guidelines and easy to implement security steps.
For a detailed solution on cyber threats during COVID-19 scare, do watch out for this space.