With majority of the employees working remotely, cybercriminals are taking advantage of the ongoing COVID-19 crisis across the globe. Several industry experts stated that remote work increased the risks of cyberthreats like never before. We continue to see malware attacks, weaponized websites, and phishing attacks targeted to trick people into opening Coronavirus-related malicious links or attachments.
Australia has seen a sudden surge in cyberattacks amid the pandemic, which led the Australian Cyber Security Centre (ACSC) to release a new threat report exposing how cybercriminals are exploiting the situation for their own gain through phishing schemes and malicious activities. The report is intended to raise awareness of increasing COVID-19-related malicious cyberthreats and provide cybersecurity advice in real-time that organizations and individuals can follow to reduce cyber risks.
Coronavirus-Related Malicious Cyber Operations
According to the report, enterprises in Australia have seen a significant increase in COVID-19 themed malicious cyber activities since early March 2020. The Australian Competition and Consumer Commission’s (ACCC) Scamwatch has suffered over 100 reports of scams about COVID-19 in the last three months. It’s said that between March 10 and 26, 2020, the ACSC received around 45 cybercrime and security incident reports from individuals and businesses, which are related to COVID-19 themed scam and phishing activities. It’s expected that the number of these malicious activities are likely to be much higher, as these numbers only represent those incidents reported only to the ACSC and ACCC.
Cyberthreat Mitigation Strategies
ACSC also recommended a few threat mitigation strategies to combat COVID-19-related phishing scams. These include:
- Before opening an email, consider who is sending it to you and what they’re asking you to do. If you are unsure, call the organization you suspect the suspicious message is from, using contact details from a verified website or other trusted source.
- Do not open attachments or click on links in unsolicited emails or messages.
- Do not provide personal information to unverified sources and never provide remote access to your computer.
- Remember that reputable organizations locally and overseas—including banks, government departments, Amazon, PayPal, Google, Apple and Facebook—will not call or email to verify or update your personal information.
- Use email, SMS or social media providers that offer spam and message scanning.
- Use two-factor authentication (2FA) on all essential services such as email, bank and social media accounts, as this way of double-checking identity is stronger than a simple password. 2FA requires you to provide two things, your password and something else (such as a code sent to your mobile device or your fingerprint) before you – or anyone pretending to be you – can access your account.