The Coronavirus (COVID-19) pandemic has led to biggest number of employees globally bound to work remotely. The people working from home required awareness and knowledge of phishing scams, the fastest growing type of cybercrime, many of which are now playing on fears of the Coronavirus. Employees from organizations of all sizes and types now have minimal cybersecurity resources, if any, compared to what is normally available to them.
Organisations are required to ensure any endpoint that an employee is using is fully protected. As the Absolute 2019 Global Endpoint Security Trend Report showed, 42 per cent of endpoints are unprotected at any given time. Therefore, the people working from home should immediately get educated about their cyber privacy and cybersecurity failing which the global cybercrime damage may costs as much as double by the end of this year.
As the home-working becomes the new normal, criminals are seeking to capitalise on the widespread panic – and succeeding, alas. New coronavirus-themed phishing scams are leveraging fear, hooking vulnerable people and taking advantage of workplace disruption.
Cybercrime is the greatest threat to every company in the world, and one of the biggest problems with mankind. The impact on society is reflected in the Official Cybercrime Report, which is published annually by Cybersecurity Ventures. The most effective phishing attacks play on emotions and concerns, and that coupled with the thirst for urgent information around coronavirus makes these messages hard to resist.
According to the report, cybercrime will cost the world $6 trillion annually by 2021, up from $3 trillion in 2015. This represents the greatest transfer of economic wealth in history, risks the incentives for innovation and investment, and will be more profitable than the global trade of all major illegal drugs combined.
Cybercrime costs include damage and destruction of data, forensic investigation, restoration and deletion of hacked data and systems, fraud, post-attack disruption to the normal course of business, stolen money, lost productivity, theft of personal and financial data, embezzlement, and reputational harm and theft of intellectual property. There are 10 tips on how to spot a phishing scam. As the Phishing emails usually want you to click on something, for instance to update your payment details, or access the latest information on COVID-19.
People working from home should be aware on how to detect and react to phishing frauds, and other types of cyber-attacks. If they act immediately and thoroughly, then cybercrime damage costs can be contained and kept at the current level. If the carelessness due to lack of awareness will continue, it may cause heavy loss globally. As per the Cybersecurity Ventures’ estimation that cybercrime damage costs could potentially double during the Coronavirus outbreak period is concerned not only with phishing scams, but also with ransomware attacks, insecure remote access to corporate networks, remote workers exposing login credentials and confidential data to family members and visitors to the home, and other threats.
Malicious actors are also using COVID-19 or coronavirus-related names in the titles of malicious files to try to trick users into opening them. One example is Eeskiri-COVID-19.chm (“eeskiri” is Estonian for rule), which is actually a keylogger disguised as a COVID-19 help site. If unpacked, it will gather a target’s credentials, set up the keylogger, and then send any gathered information to maildrive[.]icu.
The mention of current events for malicious attacks is nothing new for threat actors, who repeatedly use the timeliness of hot topics, occasions, and popular personalities in their social engineering strategies. In haste to uncover the supposed good news you could inadvertently reveal personal and professional secrets. Indeed, in these difficult times, when it comes to cybersecurity, it’s worth to relax and ask yourself that to Whom you should trust before proceeding on cyberspace.
Delhi Police issued advisory on cybercrime threat amid coronavirus. People are advised to be careful before login to any website and carefully check the authenticity of the website. Most of the website are malicious and engaged in Phishing. Think very carefully before clicking on a tempting link purporting to be from the World Health Organization (WHO), or similar, with positive information about the cure for COVID-19. Chances are it will be a hacker preying on your understandable anxiety about the coronavirus pandemic. Please be careful and double cross check before login or clicking to any links and websites. The following website have already been blocked and categorized as phishing sites.
Data from artificial intelligence endpoint security platform SentinelOne shows that from February 23, 2020 to till 4th April, 2020 there was an upward trend of attempted attacks with peaks at 145 threats per 1,000 endpoints, compared to 30 or 37 up to 22nd February, 2020. In the UK alone, victims lost over £800,000 to coronavirus scams in February, reports the National Fraud Intelligence Bureau. One unlucky person in particular was left £15,000 lighter after buying face masks that never arrived.
Banking trojan malware is masquerading as a WHO-developed mobile application helping individuals recover, or virtual private network (VPN) installers. And consider that Check Point research shows some 4,000 COVID-19 domains have been registered this year, many likely fronts for cybercrime. So-called ‘scareware’ will only ramp up as uncertainty rises and online searches increase as people seek information about the outbreak and solutions,” predicts Terry Greer-King, vice president of Europe, Middle East and Africa at California-headquartered cyber organisation SonicWall. They know people are looking for safety information and are more likely to click on potentially malicious links or download attachments. Approximately 70 per cent of the emails Proofpoint’s threat team has uncovered deliver malware and a further 30 per cent aim to steal the victim’s credentials.
Due to high demand for virtual conferencing and other collaboration, tools could expose more vulnerabilities for hackers to exploit. Companies quickly adopting consumer-grade video conferencing can make it easy for an attacker to pretend to be a member of staff. Worryingly, Apricorn research published last year found that one third of IT decision-makers admitted their organisations had suffered a data breach because of remote working. Further, 50 per cent were unable to guarantee that their data was adequately secured when being used by remote workers.
The UK government’s National Cyber Security Centre published a home-working guide earlier this week that offers tips for organisations introducing home working as well as highlighting the telltale signs of phishing emails.
Computer viruses can spread just as easily as human viruses. Just as you would avoid touching objects and surfaces that are not clean, so should you avoid opening emails from unknown parties or visiting untrusted websites. Keep you devices and networks secure. You may use hand sanitiser to remove germs from your hands, and you should have an effective antivirus solution to keep germs off your computers and networks.
Home-working people must follow the following Cybersecurity Tips for their Own Welfare.
- Enable multi-factor authentication wherever possible, adding another layer of security to any apps you use. Additionally, a password manager can help avoid risky behaviour such as saving or sharing credentials.
- Try to use VPN solution with encrypted network connection. It is safe for the worker to access IT resources within the organisation and elsewhere on the internet.
- Organisations should update their cybersecurity policy and include home and remote working. Ensure the policy is adequate as your organisation transitions to having more people outside the office. They need to include remote-working access management, the use of personal devices, and updated data privacy considerations for employee access to documents and other information.
- Employees should communicate with colleagues for official matters using IT equipment provided by employers. There is often a range of software installed in the background of company IT that keeps people secure. If a security incident took place on an employee’s personal device, the organisation – and the employee – may not be fully protected.
- Without the right security, personal devices used to access work networks can leave businesses vulnerable to hacking. If information is leaked or breached through a personal device, the company will be deemed liable.
Hope the people working from home and the concerned organisations understand the challenges of cybersecurity and follow the suggestions to be able to get the genuine output in the ongoing difficult phase of life, business and global economic downturn.
Prof. ( Dr. ) Tabrez Ahmad,
Pro Vice Chancellor and Dean,
Galgotias University, India