The Coronavirus pandemic has caused widespread disruption and cyber criminals have been adding to the chaos. Financially motivated threat actors have started to prey on the digital tools so many of us rely on and the uncertainty of the crisis is leaving individuals open to exploitation.
As we enter the fifth month since the outbreak of COVID-19 we have seen a huge increase in the number of online risks facing both businesses and households. In our recent webinar, we discussed some of the changes we have seen in the cyber threat landscape and ways you can protect yourself. You can find a summary of the points discussed in this article.
New cyber threats to be aware of
While the world's authorities have been busy coming up with effective measures to stop the spread of the virus, cyber criminals have been busy developing new phishing campaigns to spread malware. Cyber attack methods tied to the rapidly spreading Coronavirus vary from credential theft, malware, malicious websites, business email compromise (BEC) and ransomware strains.
The widespread transition to remote working
Vodafone reported a 50% rise in internet usage in March 2020 as employees around the world have transitioned to remote working. While working from home ensures business continuity, it also means businesses face new challenges when it comes to maintaining security. Many employees have little to no experience of working from home for sustained periods, which increases the likelihood of risky online behaviour. Unusual working conditions have also put the readiness of businesses IT systems to test as many employers will find it difficult to monitor and mitigate cyber threats.
Phishing surges by 60%
Phishing campaigns have increased by 60% peaking at over 2,500 daily live phishing sites in March. This huge spike can be associated with threat actors trying to entrap people looking for information about the virus. Read our blog post about suspicious emails you should be aware of for more information.
Hacking groups increase ransom demands
Maze, a prolific hacking group, is actively targeting SMEs and officially announced that they will use any data they steal to demand ransom payments. Failure to pay results in the data being shared with wider hacking communities. Adequate data back-ups should be performed regularly in order to prevent the loss of the data; in the event of a ransom attack, businesses should seek professional advice - we do not recommend paying.
DDoS attacks are on the rise
Cyber criminals are also using DDoS (Distributed Denial of Service) attacks to disrupt online businesses. Cyber resilience company, Link11, revealed that they had defended more than 2,860 hours of DDoS attacks between 17 February to 9 March.
Hackers tamper with Google's organic search results
As ‘Coronavirus’ is a hugely popular search term in Google, cyber criminals are using bots to inject virus related keywords onto malicious websites to increase their visibility and rank highly in organic search results. It’s important to know how to spot malicious websites - we cover how to identify malicious websites here.
A trend referred to as ‘Zoom bombing’ hit the headlines when hackers infiltrated a conference call and started screen sharing pornography. Meetings should be set up using passwords and access keys to prevent unwanted guests.
Ransomware apps increase
There has also been an increase in the number of malicious Android apps distributing a new type of ransomware known as CovidLock. One example appeared to be a COVID-19 tracker, giving users real-time information on the number of virus cases in their area. Once installed, the victim’s phone is locked until a ransom demand of $250 is paid.
Where to start: the cyber security basics
The number of threats can feel overwhelming, but protecting against them isn’t as hard as it sounds. Businesses need to provide remote workers with clear guidelines on how to maintain high safety standards. Our remote working checklist provides clear action points to help staff improve their cyber hygiene.
DynaRisk is also offering free access to our Ultimate plan to help employees monitor their risks while working from home. For 30 days you can get access to our cyber security platform which includes:
- A personalised Cyber Security Score
- Data breach monitoring
- Tailored action plan to reduce personal areas of risk
- Vulnerability scanning
To get started, select our Ultimate plan and apply the code WORKREMOTE at checkout.
For more advice and free resources, visit our Cyber Hygiene Hub. You can also register for our upcoming webinar starting at 2.30pm GMT this Thursday to discover more about the latest threats and put your questions to DynaRisk's founder and cyber security expert Andrew Martin.