Ever since it first popped up in the Wuhan Province of China, COVID-19 (better known as the coronavirus) has created quite a stir—bordering on panic—around the world. Unfortunately, as has been the case many times before, cybercriminals have used this near panic to support their attacks.
Let’s review how they create an infected network and how you can protect yourself and your business from these efforts.
How are Cybercriminals Using Coronavirus to Infect Networks?
“You can sit in a room and create anything on a laptop. That’s why the real con men are gone.”– Frank Abagnale
Reformed con man and FBI consultant Frank Abagnale is right, as the cybercrimes shaped around the coronavirus have proven. Due to the deep anxiety and trepidation that the media coverage of COVID-19 has encouraged, cybercriminals have been handed an opportunity to take advantage of the panicked populace through phishing attempts… an opportunity they have embraced since the end of January.
These themed attacks have been directed toward a variety of targets. For example:
- Healthcare providers have been targeted by phishing attacks that deliver keylogging malware meant to look like emails from local hospitals or the World Health Organization.
- “Informational” emails referencing coronavirus have enabled hackers to introduce ransomware to the populace.
- Members of the supply chain have seen coronavirus emails that install information-extracting malware through malicious Microsoft Word documents.
Of course, this kind of activity has been going on for far longer than the Internet has been around… it’s just that the Internet makes these attacks much more efficient and effective.
How this Complicates Things
Unfortunately, the latest application of these attacks have proven effective. Much of this is likely because they are leveraging a very visible and nerve-wracking event. This helps to boost the interest of a target. Phishing attackers launch many attacks around tax time using the same tactic. It is also why fraudulent messages were shared via SMS, claiming the recipients needed to register for the draft… for a fee.
Whatever the approach, the tactics have remained the same. They scare the recipient enough that they don’t consider that the message may be fraudulent. Then, give them a perceived “out” if they turn over their information.
Adding to the complexity, the situation with COVID-19 is just different enough from other events that cybercriminals typically take advantage of for it to be uniquely dangerous. For instance, many of the other disasters that a cybercriminal will use to their advantage are over in a relatively short time frame. In comparison, COVID-19 has already spent weeks dominating the headlines. Additionally, with no way to tell how many more weeks (or months) are yet to come.
Coronavirus is largely unprecedented. Unlike the foundation of many other phishing attacks (such as major sporting events and the like). People do not have a trusted resource to turn to. For weather events, the National Weather Service and FEMA fill that role. No such resource is as commonly trusted for coronavirus.
What Can Be Done for an Infected Network
In most cases, resisting these efforts will require a combination of basic cybersecurity measures and–perhaps more critically–user awareness and education. While the protections ideally block the majority of phishing attacks and malicious messages, you need to ensure that your employees are aware of how to handle such attacks:
- Train effectively – Rather than taking up half of one day on a dull and repetitive training seminar, split your training efforts into shorter pieces. Thus, focusing on assorted aspects of the threat. Give your team the knowledge they need to recognize phishing attacks and understand the importance of mitigating them.
- Emphasize that phishing goes beyond email – Remind your staff that phishing is far from an email-exclusive threat. While email-based attempts are common (and perhaps the most well-known means of phishing someone), phishing can happen through text messaging or even a voice call.
- Report any and all suspicious attempts – This includes those that your staff may have fallen for. Without this collected knowledge, how can you expect to protect your business by avoiding future attacks? or responding quickly and decisively? Resist any temptation to retaliate against a staff member who was bamboozled. This will only encourage them and others to hide their mistakes… something you definitely don’t want.
Whether a cybercriminal uses coronavirus or some other story to try and phish your employees, they must know how to spot them. Then how to respond when they do properly. For more assistance in handling these threats, give WheelHouse IT a call at (877) 771-2384.
