What you need to know about Coronavirus related cyberattacks
Moving the office to home means many risks and issues in IT infrastructure might have been left unaddressed. Businesses may have also now furloughed employees in the IT department, or cut budgets, leaving cybersecurity on the back burner. As a result, the coronavirus has caused an increase in both the likelihood and impact of cyber-attacks.
Priorities are likely to shift to maintain business operations which could delay making businesses more resilient to cyber threats.
You can read about protecting your remote employees and data here, but we thought it would be useful to cover the methods cyber criminals are taking advantage of and how to prevent them.
Malicious actors rely on basic methods to entice a user to carry out a specific action – through an email or text message. You might find an email subject line to include ‘Coronavirus updates’ or ‘2020 Coronavirus updates’. A recent example of this was someone impersonating the World Health Organisation, and the email looked very convincing. If you receive something like this, it’s important to go back to the basics, don’t click on a URL if you do not recognise the source.
But also be wary if the email tries to create a sense of urgency, that you must click its link now. And if the content seems too good to be true then it probably is.
If you’ve already clicked, don’t panic. Contact your IT department and let them know if you’re using a work phone or laptop. Open your antivirus software and run a full scan to clean up any problems it may find. If you’ve provided a password, change the password on all accounts that use the same one.
Rather than steal data, cyber criminals have used Covid-19 related lures to deploy malware – usually in the form of an email with an attachment or link to an infected web page. According to researchers at Check Point, a global cybersecurity firm, we’re seeing more than 2,600 attacks daily – that’s escalated from a few hundred since February. Microsoft has warned that hackers are sending out emails offering free Covid-19 advice and testing to trick victims into downloading malware on their devices.
Digital viruses spread quickly and if one employee makes a mistake this could very well contaminate others within your team. That’s why being extra careful and training your staff on how to react in these situations is essential, in order to keep your business secure.
Exploiting remote working
Now that most people are remote working, businesses are installing new software like Microsoft Teams or Virtual Private Networks (VPNs). Cybercriminals have taken advantage of the increased number of homeworkers to scan for vulnerabilities in these kinds of networks and exploit them. To exploit the increased use of popular communications platforms such as Zoom, cybercriminals have been able to send phishing emails with malicious files or hijack videoconferences that have been set up without passwords or other security controls.
Be extra cautious of meeting links sent to you and if you’re hosting, make sure you set screen sharing to ‘host only’ and disable file transfer to stop any malware being shared.
Registration of new domain names
More than 4,000 new domain names have been registered since January with Covid-19 or Coronavirus wording. Almost 10% of them are thought to be used for suspicious intent according to Check Point. Most of these domains are used for phishing attempts, but many websites lure visitors with discussions around the virus, or scams that claim to sell face masks or virus testing kits.
Be aware of lookalike domains, spelling errors in emails or websites and unfamiliar mail senders.
Being familiar with the types of fraud that can threaten business and knowing how to protect yourself against them with them is key in making sure you don’t fall victim to it, also prioritising cybersecurity when working from home is vital in keeping your business and employees safe.
At Aura Technology, we can help with implementing cybersecurity measures and our business continuity solution involves a bespoke disaster recovery plan should you be affected by Covid-19. Contact us for more information.