COVID-19 Cybersecurity Attacks: Now Is the Time to Educate Your Workforce

Amidst the global struggles of the COVID-19 pandemic, cyber criminals are capitalizing on the unfortunate situation. Attackers are preying on individuals looking for information regarding the coronavirus, so it is imperative that the workforce be vigilant during these times. Corporate security controls will provide necessary layers of protection; however, it is up to individual end users to act as a key line of defense to ward off these attacks.

Educate your employees on some of the attacks and scams they might see in the coming weeks:

  • Malicious Outbreak Maps – There has been a thread of malware-ridden coronavirus outbreak maps spreading across the internet. Confirm that the maps are coming from credible sources and think twice before downloading anything from the internet. Downloadable maps can easily deliver ransomware, spyware and other malware to the user’s device.
  • Malicious Coronavirus Applications – Be cautious when downloading coronavirus-related apps. Multiple malicious applications have surfaced in the past few weeks. For example, one application plaguing the Android app store was a “coronavirus infection map” being sold as a “map to determine if your neighbors are infected” – a successful ploy to grab the attention of end users in high-density, high-infectious areas1. Once the app is downloaded, it locks the entire device, and the end user is asked to pay a ransom in Bitcoin.
  • False COVID-19 Testing Kits – Scams are appearing worldwide with false testing kits that are promising quick and easy in-home testing. False testing kits are being sold over the web through many vectors. The malicious entities behind these campaigns have the power to harvest credit card information, personally identifiable information (PII) and sometimes health information if their schemes ask the end user health-related questions. These have the potential to not only cause physical harm but can cause personal and corporate data breaches when purchased.
  • Social Engineering (Phishing & Vishing) – Two of the primary vectors for delivering COVID-19 attacks to the workforce are through email and phone.
    • Phishing – Employees are seeing an influx of spam messages regarding the virus as malicious entities attempt to entice and lure individuals into visiting malicious websites, downloading maps with malware, buying false testing kits and handing over sensitive information.
    • Vishing – Workers may receive calls from numbers that may look legitimate but are actually scammers using fearful messages. Callers are posing as healthcare institutions, governmental organizations and law enforcement in an attempt to obtain sensitive information over the phone.

The risks of these attacks now extend beyond corporate devices to home networks. Once an attacker has access to a device, he or she can move laterally throughout the compromised network, potentially putting all devices on home networks at risk.

We anticipate that there will continue to be a rise in the number of COVID-19 related cyberattacks. Therefore, it is imperative that organizations educate their team members on these attacks.

For more information on how to avoid breaches during this time, click here to read how DHG’s Tom Tollerton describes ways to prevent incidents during the pandemic.

About DHG IT Advisory

DHG IT Advisory works with companies to manage technology risk while maintaining data integrity, protecting privacy and complying with regulations. From project management and regulatory compliance assistance to digital forensics and incident response, DHG is equipped to meet your IT advisory needs that drive your business.

Sources

  1. Sussman, Bruce. Coronavirus Cybercrimes: Are These the Lowest? SecureWorld, Seguro Group Inc., 16 March 2020, https://www.secureworldexpo.com/industry-news/coronavirus-cybercrimes-are-these-the-lowest#.XnS8wo7dRqQ.linkedin
If you experience issues with this form, please use a different web browser or contact us at info@dhg.com.
 

CONTRIBUTORS

Douglas Jambor
CISSP, ISFCE, CCE
Senior Cybersecurity Manager

itadvisory@dhg.com

RELATED KNOWLEDGE SHARE

© Dixon Hughes Goodman LLP. All rights reserved.
DHG is registered in the U.S. Patent and Trademark Office to Dixon Hughes Goodman LLP.
praxity