With Coronavirus or COVID-19 pandemic, organizations across the world are restricting their employees to work from home as part of social distancing to decrease the outbreak. On the flipside, most industry experts stated that remote work increases the risks of cyberthreats like never before. According to Zurich, a specialist in cyber insurance and risk engineering capabilities, businesses in financial, healthcare, federal and state agencies that deal with sensitive data might impact due to remote working conditions.
Zurich also suggested some guidelines to employees to help thwart cyber threats:
- Be wary of suspicious emails, downloads, USB drives or other things that could introduce malicious software onto your computer and into the network. These could include spoofing and phishing attacks from hackers pretending to be IT personnel asking for your credentials
- Promptly install patches and updates, including to your anti-virus software, to all devices on your home network
- Go into your Wi-Fi router’s management software to ensure it’s running the latest firmware, which can update security flaws.
- Connect to corporate networks using a secure means (e.g., a virtual private network), and store data on available encrypted network drives to avoid loss in the event of a computer virus or other malfunction.
Nikki Ingram, a Senior Cybersecurity Risk Engineering Consultant for Zurich, said “As an employee, ensure you are complying with your company’s security standards as a remote worker. Everyone wants to get their job done, but if, for example, you’re having internet trouble at home and your service provider tells you to lower your security settings, talk to your employer’s technical support before doing that.”
How Coronavirus Impacting Cyberspace
Cybercriminals never leave an opportunity to exploit any vulnerability or situation to prey on users online. A research from CYFIRMA found that Korean-speaking hackers were planning to make financial gains using sophisticated phishing campaigns, loaded with sensitive data exfiltration malware and creating a new variant of EMOTET virus (EMOTET is a malware strain that was first detected in 2014 and is one of the most prevalent threats in 2019). These hackers were planning to target Japan, Australia, Singapore, and the U.S. the researchers also observed North Korean hackers targeting South Korean businesses. The phishing email had the Korean language title “Coronavirus Correspondence”, tricking recipients into opening them and launching malware into machines and networks.
Malicious Coronavirus Maps
Shai Alfasi, a security researcher at Reason Labs, discovered that threat actors distributed malware disguised as “Coronavirus Map” to steal personal information like usernames, passwords, credit card numbers, and other sensitive information that is stored in the users’ browser. Attackers use the stolen information for illegal activities like gaining access to bank accounts or selling it on the deep web. Attackers designed multiple websites related to coronavirus information to prompt users to click/download an application to keep updated on the situation. The website displays a map (looks like a genuine one) representing COVID-19 spread. It generates a malicious binary file and installs it on victims’ devices.