As the first quarter of 2020 comes to a close, the world is about to experience an unprecedented wave of cyberattacks, and the COVID-19 pandemic is expanding the opportunity to exploit businesses of all sizes. Even without a global pandemic, cyberattacks are expected to cost $6 trillion worldwide by the end of 2020. With the current novel Coronavirus outbreak of COVID-19, experts are now projecting that number to double by the end of the year. As if the turmoil caused by COVID-19 has not caused enough damage, cybercriminals are capitalizing on this global crisis to make a payday. Both experts and analysts agree, global emergencies are peak times for cyberattacks.
On any normal day, cyberattacks such as ransomware and phishing occur every 14 seconds. While attackers mostly target smaller businesses, a staggering 80% of those attacks can be prevented with proper configurations and assessments. But nothing about our world is normal right now; many people are out of work and falling victim to employment scams; those who are lucky enough to still be working, are doing so remotely, often without proper VPN’s. Students of all ages are using remote learning platforms, highly susceptible to malware; and the elderly population is more isolated and vulnerable than ever.
This sudden global shift in our economy is leaving both people and businesses susceptible to scams and cyberattacks. Now more than ever we must stay one step ahead of cybercriminals to protect our businesses and our livelihoods. To predict the biggest threats to cybersecurity amidst the COVID-19 crisis, we look at history, the economy, expert analysis’ and the ever-expanding technology platforms we use today. Let’s review some of the common ways threats occur:
Cybercriminals have been phishing for the better part of 25 years, and though the concept of acquiring sensitive information from victims has not changed much over the years, their methods and techniques have evolved exponentially, and they continue to become more sophisticated each year.
Phishing in COVID-19 Waters
Phishers typically use the power of numbers to target the most people in the least amount of time. This looks a lot like spoofed emails intent on obtaining sensitive and personal information from credit card companies, financial institutions, and other popular sites like Paypal and eBay. However, during this global pandemic, phishers are counting on human emotion to break down cybersecurity in new ways. COVID-19 has brought rise to spear phishing, where instead of random email configurations, spear phishers use a more targeted approach specific to a person, organization or business.
Phishing for Work
State authorities are seeing unprecedented unemployment claims since COVID-19 made its way to the United States. A record-breaking 3.3. million people filed for unemployment as of March 27, 2020. Few people have emergency funds large enough to sustain the loss of income for extended periods of time, forcing them to look for new jobs. In a time of mandated social distancing, they are specifically looking for remote work. Cybercriminals are capitalizing on this disparity by launching phishing attacks to specific victims and network recruiters. Their goal is to gain access and credentials of organizations in an effort to appear more legitimate and trustworthy. This type of scam almost always results in the phisher seeking money for things like onboarding or training costs. Other phishers are seeking personal information in an effort to steal your identity. In either scenario, the cybercriminal makes a payday while you do not.
Phishing for the Good
Other methods being used by phishers during the COVID-19 crisis include preying on the good in people and seeking out the vulnerable. We have seen a massive surge in spoofed email spear phishing, emails designed to look reputable and noble. In the midst of this crisis, these emails are perceived as coming from a trustworthy organization, asking you to donate to COVID-19 victims and medical staff. However, your donation will never reach the hands of those in need, and will instead go into the accounts of cybercriminals, funding and fueling their nefarious activities.
Malware activity has steadily increased in recent years, and similar to phishing, malware attacks are becoming more refined in how they wreak havoc to a system. Much like a biological virus, malware attacks spread far and wide.
Malware Capitalizing on Crisis
Malware attacks come in many forms, most often we hear about viruses, worms, trojans, spyware, and ransomware. This malicious software is intent on corrupting programs, stealing private information or spying on a person or organization. Experts warn that due to COVID-19, thousands of new malware sites are being created every single day by cybercriminals.
There has been a recent upswing in mobile-based ransomware attacks, according to intelligence from Domain Tools. Cyberattackers are deploying ransomware in an app claiming to provide real-time COVID-19 information, but instead it locks the unsuspecting victim’s phones until a ransom is paid. This malware is specifically targeting Android devices, but new apps are being released every single day – some demanding ransom, others obtaining your passwords and a few even giving the attacker the power to control your device in real-time.
With the increase in people working and studying remotely, this malware has the ability to infiltrate personal and professional networks alike. Kristin Del Rosso, a cybersecurity expert warns that cybercriminals will take advantage of as much as they can during a crisis.
Distributed Denial of Service (DDoS) attacks occur roughly 30,000 times per day. These attacks are designed to overwhelm or ‘crash’ a website by sending too much traffic to its network or servers. DDoS attacks occur for many reasons; blackmail, extortion, activism, revenge and even as a distraction for another attack. Sometimes, however, the victim never knows the reason for the attack, regardless, they can be costly and time-consuming to handle. Experts anticipate a rise in DDoS attacks as restrictions continue to be placed on brick and mortar stores due to COVID-19, ultimately forcing businesses to utilize their online platforms.
DDoS Attack on Health and Human Services
The US Health and Human Services Department was recently the victim of a DDoS attack, albeit an unsuccessful one. Fortunately the site never crashed, and while there is no clear answer as to the motives behind the attack, the intent to spread fear and mistrust of the government is highly suspected. Since the attack on the HHS, cybersecurity researchers are warning that the cyberattacks driven by the coronavirus pandemic are only just beginning.
Prevention and Protection
We are in uncharted territory, and even though our world has experienced disasters, both natural and man-made, we have never experienced anything like this. Despite the uncertainty and fear in a time when resources are low, you can protect yourself from one aspect of COVID-19 by being diligent and aware of what to look out for.
Popular COVID-19 Scams
- Treatment & Supply Scams: Scammers selling fake cures, vaccines and other high demand supplies like masks and gloves, pocketing the money and never delivering.
- Provider Scams: Scammers posing at Doctor’s demanding payment for treating family or friends with COVID-19.
- Charity Scams: Scammers soliciting donations for victims and organizations supporting COVID-19.
- Phishing Scams: Scammers posing as national and global health authorities, including the World Health Organization (WHO) and the Centers for Disease Control and Prevention (CDC), are sending phishing emails designed to lure recipients into downloading malware or providing personal identifying and financial information.
- App Scams: Apps that are designed to spread COVID-19 information, but instead insert malware and compromise the users’ device.
Ways to protect yourself from COVID-19 Scams
- Update your anti-malware and anti-virus software.
- Verify the identity of any person or organization that contacts you soliciting donations for COVID-19.
- Triple check websites and email addresses.
- Do not click on links or open email attachments from unverified sources.
- Use a firewall for your Internet connection.
- Set up a Virtual Private Network (VPN).
How Socialfix is here for you
As we all adjust to this rapidly changing economy, our team of experts is working at maximum capacity to keep you updated and informed.
We encourage you to follow legitimate and official sources and to always use a security solution on your devices that will protect you from phishing, fraud and malware.
If you would like help securing your website, please dont hesitate to reach out to our expert team.