Amidst the coronavirus pandemic, the Global Computer Emergency Response Teams (CERTs) have doubled down on their warnings. Officials, as well as the public, are asked to be wary of scams and cyber-attacks.
The situation has created an ideal story for cyberattacks. With millions of people transitioning to working remotely, people are eager for information. This has opened a new avenue for malicious actors. They are employing social engineering techniques to gain access and steal critical information. What looks like an email from work with an attachment named “work from home policy” can be a cleverly designed system to hack into your network
According to CERT, cybercriminals, as well as suspected spies, are cynically using the current global health emergency as bait for malware-based and phishing attacks.
Sherrod DeGrippo, head of threat research for the security firm Proofpoint, said:
We’ve never sen anything like this. We are seeing campaigns with message volumes up to hundreds of thousands which are leveraging this coronavirus. When someone is working form their home it is a similar threat profile as at an airport or a Starbucks, you just don’t have that protection you might have in the workplace, and if we’re at home with our family where we feel safe, you might see a family member hop on to do homework, and might not understand the security controls. Keeping mom’s and dad’s computer for mom and dad is the right thing to do.
An advisory by US-CERT warned:
Cyber actors may send emails with malicious attachments or links to fraudulent websites to trick victims into revealing sensitive information or donating to fraudulent charities or causes. Exercise caution in handling any email with a Covid-19-related subject line, attachment, or hyperlink, and be wary of social media pleas, texts, or calls related to Covid-19.
A similar warning was put out by UK’s National Cyber Security Centre (NCSC), elaborating the range of cyberattacks being carried out. According to NCSC:
These attacks are versatile and can be conducted through various media, adapted to different sectors and monetized via multiple means, including ransomware, credential theft, bitcoin or fraud.