Cybercriminals have taken advantage of the fears surrounding the coronavirus pandemic to hack government computer systems and spread dangerous malware. As the world concentrates on finding a solution to this unexpected virus, hackers have taken this formidable opportunity to trick the already panicking population faced with global mayhem.
Hackers are exploiting this crisis by posing as WHO officials to steal bank details, officials of the public health institute, CDC officials, and target crucial government infrastructure. With such convincing fake positions, hackers get people to click on fishy links to messages about the illness.
1. Leveraging Remote-Work Vulnerabilities
The outbreak of the Covid-19 pandemic led to the sudden surge in remote work as companies and government institutions instituted this to curb possible infections from physical workplaces. Despite being an excellent measure to reduce the rate of infection, working from home introduces a new set of cybersecurity risks to companies. With remote working, communication is purely online, making it easier for cybercriminals to gain access to systems through various social engineering deceptions.
Hackers, for instance, can call a department pretending to be from another department in the same organization. They can then pretend to be having some issues with their remote access systems, tricking IT staff into guiding their access to the organization’s system. In some situations, they can impersonate various high profile departments to call the police or hospital chain to access their systems.
Hackers impersonating government institutions often have goals beyond stealing bank details or infiltrating corporate systems. Cybercriminals could be looking to slow emergency information systems for personal gain or spread false information through reliable-looking text messages.
In extreme situations, hackers could interfere with crucial systems that help in the fight against the virus. For instance, a Czech hospital was hit by a ransomware attack where hackers shut down the hospital’s information systems and asked for money to open the systems.
2. Widespread Phishing Campaigns
Probably chief among various techniques used by cybercriminals are coronavirus related phishing campaigns. The campaigns specifically target countries hit hard by the virus, such as Italy, China, the USA, and Japan. Like other phishing strategies, hackers aim at getting their targets to click emailed links that instantly download malicious malware to their systems. The malware enables cybercriminals to steal personal data or freeze computer systems.
Hackers use convincing headlines, such as “Coronavirus: How to avoid being infected,” to bait users into clicking them. Other phishing emails that have been spotted include information about coronavirus vaccine, which doesn’t exist, investment opportunities during this outbreak, and heavily paying deals on medical equipment.
Hackers can also use such eye-catching subject lines to spread coronavirus related ransomware. The ransomware encrypts the computer’s hard drive, and hackers demand payment to decrypt it. There has also been a widespread software themed to provide coronavirus related information and updates but deliver malicious software.
Coronavirus map, for instance, appears to track the progress of this global pandemic but hides AZORult, a password-stealing malware. That aside, there are suspicious domains that claim to provide Virtual Private Network software for the increasing remote workers, but downloading it from untrustworthy sites leaves the computer with a dangerous malware infection. There are also mobile apps that claim to provide information on how to get rid of coronavirus, but instead, deliver a malware that steals user bank details.
3. Exploiting Isolation
With the government encouraging social distancing as a sure way of slowing and stopping the disease spread, the opposite is true for cyber viruses. Working at home means that people will remain isolated from their social peers, prompting them to make prudent cyber-decisions. For instance, in the quest to find more information about the situation of the virus, they will click on various links and download stuff from social platforms, which puts them at risk.
The rate of people falling for phishing attacks through mobile devices is on the surge since 2011. Malware and infectious links can easily be masked to appear legitimate on mobile devices. That said, as more people work remotely, they will spend more time on personal devices. As such, you should be extra vigilant when using these devices. The best way is to use properly patched work laptops for work-related activities and personal devices for individual browsing.
With security experts labeling this new trend as “Fearware,” unsuspecting victims are susceptible to hacker’s tricks, especially during such times of global uncertainty. What makes Fearware a serious challenge is because traditional security tools, which block phishing attacks in emails, for instance, will not pick on these messages due to their unique content. As such, the population should remain alarmed and observe the necessary measures to avoid coronavirus related scams.