COVID-19 – Beware of hacking

Unfortunately, hackers show no mercy and try to exploit people and organisations when they are most vulnerable, i.e. in times of crisis. We’ve seen this over and over, and it’s no different now with the corona virus. Phishing scams to watch out for:

• False government announcements: emails with imagery similar to official bodies and subject lines that promise new updates. They contain links to items of interest, such as, "update on cases of corona near you", but the websites, while looking legitimate, are often malicious and designed to steal email credentials.
• False charity: emails pretending to come from organizations seeking donations to fight the spread of the virus. The emails appeal to recipients’ altruism requesting to donate via Bitcoin or some fundraising platform. If you want to donate, go to known charities (who don’t ask to pay in bitcoins, btw) and don’t click on any links in suspicious messages.
• False cure: some phishing mails claim that COVID-19 was manufactured to reduce the world population and invite recipients to download attachments containing “secret cures” for the virus. However, the attachments contain malware construed to steal victims’ personal and financial information.

As always, email is not the only means used, caution is equally warranted with text messages and on social media, and fake websites abund.

Stolen information is also used in “business email compromise” (BEC) campaigns where attackers use impersonation hoping that victims confuse their mails with legitimate organisation emails (e.g. from HR or the organisation’s crisis team), often with ‘weaponised’ attachments with malware or ransomware.

The goal can be to steal information of value (intellectual property, personal data) and/or disrupt operations by encrypting files on compromised systems, often demanding ransom payment for the decryption keys.

Although some hackers provide a helpdesk and appear helpful when paid, decryption keys do not always work. Generally, paying the ransom is not recommended, and even if you do and the decryption works, your systems environment was compromised and is likely to need to be partially or completely rebuilt to ensure it’s ‘clean’ and safe from future attacks.

Some Distributed Denial of Service (DDOS) attacks have also been noted against organisations’ VPN infrastructure. More sadly, hospitals are also specifically being targeted in these difficult times (as seen in the US and CZ, although some ransomware groups claim they will spare hospitals).

As some organisations are allowing their people to work remotely from their own devices, they also incur additional risk as they don’t have security control over the endpoints, and hackers may be able to exploit poor home security practices.

#staysafe #cybersecurity #corona #cybercrime #ransomware #securityawareness