Cyber Threats in the name of Corona Virus

We greeted 2020 knowing that the trade war between the China and U.S. was going to bring economic uncertainty but little did we know a global pandemic was upon us, with the Coronavirus having an impact even on cyberspace.

Cyber risks and threats have multiplied with many more attack vectors, and hackers techniques are evolving faster than ever, blending technical skills with sophisticated social engineering.

Employees that work from home often would do so from their personal computers which are significantly less secure than the organisational ones, making them more vulnerable to malware attacks.

While 21% of these emails featured simplistic attacks with a link to download a malicious executable embedded in the email body, the vast majority included more advanced capabilities such as malicious Macros and exploits or redirection to malicious websites – a challenge that surpasses the capabilities of most AV and email protection solutions.

“The Covid-19 lures we’ve observed are truly social engineering at scale,” said DeGrippo. “They know people are looking for safety information and are more likely to click on potentially malicious links or download attachments

Against this backdrop, both employers and employees need to take the utmost care to protect themselves as well as confidential company information. Here are some things for employers and employees to keep in mind to minimise the risk:

Create Work From Home Policy - Create clear remote working policies and procedures that cover the use of devices like USB/External digital Devices

Secure VPN Access - Mandate VPN and make sure all necessary important web security patches that are applied.

Strong Login Factor - Create strong cyber security policies and mandate two-factor authentication to access assets from remotely.

SOC - Need to facilitate SOC Operations to continue from remote with minimal onside dependency.

Only Use Secure WiFi or Hotspot - Avoid accessing any confidential or sensitive information from a public WiFi network. Hackers will try to trick you by mimicking the name of a secure network, so look closely and verify to make sure the one you’re joining is legitimate.

Report Lost or Stolen Devices Immediately - Be sure to report any lost or stolen device immediately to company information security personnel to minimise the risk of fraud.

Cyber Security Awareness - Keep educate your team and create awareness to know the scenarios of COVID-19 CORONA Virus based cyber attacks

Kumayl Rajani (Cyber Security Consultant & Trainer)