It might look like an e-mail from a supervisor with an attachment on the new “work from home policy,” but it could be a cleverly designed scheme to hack into your network.
The abrupt move of millions of people to working remotely has sparked an unprecedented volume of attacks to trick people into giving up credentials to attackers, security researchers said.
“We’ve never seen anything like this,” said Sherrod DeGrippo, head of threat research for the California-based security firm Proofpoint. “We are seeing campaigns with message volumes up to hundreds of thousands which are leveraging this coronavirus.”
The pandemic has created a perfect storm for cyberattacks, with millions of people working in unfamiliar, less secure circumstances, and eager for information about the virus and new organizational policies being implemented.
This opens up a new avenue for malicious actors using phishing e-mails or “social engineering” to gain access or steal sensitive information.
“When someone is working form their home it is a similar threat profile as at an airport or a Starbucks, you just don’t have that protection you might have in the workplace,” DeGrippo said.
“And if we’re at home with our family where we feel safe, you might see a family member hop on to do homework, and might not understand the security controls. Keeping mom’s and dad’s computer for mom and dad is the right thing to do,” he said.
Tom Pendergast, chief learning officer of the security and privacy training firm MediaPRO, said many of the millions of people adjusting to the new landscape are unprepared for teleworking.
“It’s one thing if people have been working remotely with equipment that has been properly configured,” Pendergast said. “It’s different for people who haven’t had that experience.”
Attackers are taking advantage of people’s fears about COVID-19 with scare tactics to get people to click on malicious links or attachments, but also playing on sympathies with fake crowdfunding pages purported to be for people who have fallen ill, he added.
Pendergast said healthcare organizations are especially susceptible to schemes such as ransomware, because “they are less likely to shut down their systems by refusing to pay.”
This was highlighted with a major hospital in the Czech Republic hit with ransomware following an e-mail campaign with a coronavirus “awareness” message, media reports said.
“The COVID-19 scare has proven lucrative for cybercriminals in recent weeks as healthcare institutions scramble to test patients, treat the infected and protect their own staff from the contagion,” a blog post from Filip Truta of the security firm BitDefende said. “Healthcare infrastructures are highly susceptible to hacker attacks because of lax cybersecurity skills and safeguards.”
The potential for costly cyberattacks has prompted warnings for stepped up vigilance.
The French public-private cybersecurity alliance this week warned businesses to be alert for faked e-mails related to purported orders or bank transfers, or telephone calls aimed at obtained financial account information.
The US Department of Homeland Security issued an alert this month warning that the COVID epidemic has increased threats and that “cyberactors may send e-mails with malicious attachments or links to fraudulent websites to trick victims into revealing sensitive information.”
Hawaii Attorney General Clare Connors advised residents to watch for fraudulent e-mails claiming to be from the US Centers for Disease Control and Prevention or experts saying they have information about the virus.
“Scammers may still offer fake vaccines and other bogus medical products claiming to offer ‘cures’ for the virus,” a statement from Connors’ office said.
DeGrippo said virtually all the cyberschemes related to the pandemic are financially motivated and added that “personally I find it depraved ... it is taking humanity at its most vulnerable and trying to use that for financial gain.”
She said that the threats may evolve as attackers craft new scheme and techniques.
“I can see some attackers sending messages like: ‘I’m in quarantine and need you to buy something for me,’ or ‘I need you to make this transfer of funds,’” she said. “I think we’ll see criminals leveraging the coronavirus to do more of that.”
DISASTER: The Bangladesh Meteorological Department recorded a magnitude 5.7 and tremors reached as far as Kolkata, India, more than 300km away from the epicenter A powerful earthquake struck Bangladesh yesterday outside the crowded capital, Dhaka, killing at least five people and injuring about a hundred, the government said. The magnitude 5.5 quake struck at 10:38am near Narsingdi, Bangladesh, about 33km from Dhaka, the US Geological Survey (USGS) said. The earthquake sparked fear and chaos with many in the Muslim-majority nation of 170 million people at home on their day off. AFP reporters in Dhaka said they saw people weeping in the streets while others appeared shocked. Bangladesh Interim Leader Muhammad Yunus expressed his “deep shock and sorrow over the news of casualties in various districts.” At least five people,
LEFT AND RIGHT: Battling anti-incumbent, anticommunist sentiment, Jeanette Jara had a precarious lead over far-right Jose Antonio Kast as they look to the Dec. 14 run Leftist candidate Jeannette Jara and far-right leader Jose Antonio Kast are to go head-to-head in Chile’s presidential runoff after topping Sunday’s first round of voting in an election dominated by fears of violent crime. With 99 percent of the results counted, Jara, a 51-year-old communist running on behalf of an eight-party coalition, won 26.85 percent, compared with 23.93 percent for Kast, the Servel electoral service said. The election was dominated by deep concern over a surge in murders, kidnappings and extortion widely blamed on foreign crime gangs. Kast, 59, has vowed to build walls, fences and trenches along Chile’s border with Bolivia to
DEATH SENTENCE: The ousted leader said she was willing to attend a fresh trial outside Bangladesh where the ruling would not be a ‘foregone conclusion’ Bangladesh’s fugitive former prime minister Sheikh Hasina yesterday called the guilty verdict and death sentence in her crimes against humanity trial “biased and politically motivated.” Hasina, 78, defied court orders that she return from India to attend her trial about whether she ordered a deadly crackdown against the student-led uprising that ousted her. She was found guilty and sentenced to death earlier yesterday. “The verdicts announced against me have been made by a rigged tribunal established and presided over by an unelected government with no democratic mandate,” Hasina said in a statement issued from hiding in India. “They are biased and politically motivated,” she
It is one of the world’s most famous unsolved codes whose answer could sell for a fortune — but two US friends say they have already found the secret hidden by Kryptos. The S-shaped copper sculpture has baffled cryptography enthusiasts since its 1990 installation on the grounds of the CIA headquarters in Virginia, with three of its four messages deciphered so far. Yet K4, the final passage, has kept codebreakers scratching their heads. Sculptor Jim Sanborn, 80, has been so overwhelmed by guesses that he started charging US$50 for each response. Sanborn in August announced he would auction the 97-character solution to K4
RSS