It might look like an e-mail from a supervisor with an attachment on the new “work from home policy,” but it could be a cleverly designed scheme to hack into your network.
The abrupt move of millions of people to working remotely has sparked an unprecedented volume of attacks to trick people into giving up credentials to attackers, security researchers said.
“We’ve never seen anything like this,” said Sherrod DeGrippo, head of threat research for the California-based security firm Proofpoint. “We are seeing campaigns with message volumes up to hundreds of thousands which are leveraging this coronavirus.”
The pandemic has created a perfect storm for cyberattacks, with millions of people working in unfamiliar, less secure circumstances, and eager for information about the virus and new organizational policies being implemented.
This opens up a new avenue for malicious actors using phishing e-mails or “social engineering” to gain access or steal sensitive information.
“When someone is working form their home it is a similar threat profile as at an airport or a Starbucks, you just don’t have that protection you might have in the workplace,” DeGrippo said.
“And if we’re at home with our family where we feel safe, you might see a family member hop on to do homework, and might not understand the security controls. Keeping mom’s and dad’s computer for mom and dad is the right thing to do,” he said.
Tom Pendergast, chief learning officer of the security and privacy training firm MediaPRO, said many of the millions of people adjusting to the new landscape are unprepared for teleworking.
“It’s one thing if people have been working remotely with equipment that has been properly configured,” Pendergast said. “It’s different for people who haven’t had that experience.”
Attackers are taking advantage of people’s fears about COVID-19 with scare tactics to get people to click on malicious links or attachments, but also playing on sympathies with fake crowdfunding pages purported to be for people who have fallen ill, he added.
Pendergast said healthcare organizations are especially susceptible to schemes such as ransomware, because “they are less likely to shut down their systems by refusing to pay.”
This was highlighted with a major hospital in the Czech Republic hit with ransomware following an e-mail campaign with a coronavirus “awareness” message, media reports said.
“The COVID-19 scare has proven lucrative for cybercriminals in recent weeks as healthcare institutions scramble to test patients, treat the infected and protect their own staff from the contagion,” a blog post from Filip Truta of the security firm BitDefende said. “Healthcare infrastructures are highly susceptible to hacker attacks because of lax cybersecurity skills and safeguards.”
The potential for costly cyberattacks has prompted warnings for stepped up vigilance.
The French public-private cybersecurity alliance this week warned businesses to be alert for faked e-mails related to purported orders or bank transfers, or telephone calls aimed at obtained financial account information.
The US Department of Homeland Security issued an alert this month warning that the COVID epidemic has increased threats and that “cyberactors may send e-mails with malicious attachments or links to fraudulent websites to trick victims into revealing sensitive information.”
Hawaii Attorney General Clare Connors advised residents to watch for fraudulent e-mails claiming to be from the US Centers for Disease Control and Prevention or experts saying they have information about the virus.
“Scammers may still offer fake vaccines and other bogus medical products claiming to offer ‘cures’ for the virus,” a statement from Connors’ office said.
DeGrippo said virtually all the cyberschemes related to the pandemic are financially motivated and added that “personally I find it depraved ... it is taking humanity at its most vulnerable and trying to use that for financial gain.”
She said that the threats may evolve as attackers craft new scheme and techniques.
“I can see some attackers sending messages like: ‘I’m in quarantine and need you to buy something for me,’ or ‘I need you to make this transfer of funds,’” she said. “I think we’ll see criminals leveraging the coronavirus to do more of that.”
FRUSTRATIONS: One in seven youths in China and Indonesia are unemployed, and many in the region are stuck in low-productivity jobs, the World Bank said Young people across Asia are struggling to find good jobs, with many stuck in low-productivity work that the World Bank said could strain social stability as frustrations fuel a global wave of youth-led protests. The bank highlighted a persistent gap between younger and more experienced workers across several Asian economies in a regional economic update released yesterday, noting that one in seven young people in China and Indonesia are unemployed. The share of people now vulnerable to falling into poverty is now larger than the middle class in most countries, it said. “The employment rate is generally high, but the young struggle to
ENERGY SHIFT: A report by Ember suggests it is possible for the world to wean off polluting sources of power, such as coal and gas, even as demand for electricity surges Worldwide solar and wind power generation has outpaced electricity demand this year, and for the first time on record, renewable energies combined generated more power than coal, a new analysis said. Global solar generation grew by a record 31 percent in the first half of the year, while wind generation grew 7.7 percent, according to the report by the energy think tank Ember, which was released after midnight yesterday. Solar and wind generation combined grew by more than 400 terawatt hours, which was more than the increase in overall global demand during the same period, it said. The findings suggest it is
TICKING CLOCK: A path to a budget agreement was still possible, the president’s office said, as a debate on reversing an increase of the pension age carries on French President Emmanuel Macron yesterday was racing to find a new prime minister within a two-day deadline after the resignation of outgoing French Prime Minister Sebastien Lecornu tipped the country deeper into political crisis. The presidency late on Wednesday said that Macron would name a new prime minister within 48 hours, indicating that the appointment would come by this evening at the latest. Lecornu told French television in an interview that he expected a new prime minister to be named — rather than early legislative elections or Macron’s resignation — to resolve the crisis. The developments were the latest twists in three tumultuous
SHIFTING POLITICS: The Liberal Democratic Party’s turmoil has created a ‘once-in-a-decade chance for a change of government,’ opposition leader Yoshihiko Noda said Japan’s biggest opposition party would seek to support a unified candidate with other groups in a bid to block Sanae Takaichi’s election as prime minister, media reported after the ruling coalition collapsed. Junior partner Komeito quit its 26-year alliance with the ruling Liberal Democratic Party (LDP) on Friday, putting in peril Takaichi’s bid to become the country’s first female prime minister. Conservative Takaichi was elected as LDP president a week ago, but needs the approval of parliament to secure the top job. “This is a once-in-a-decade chance for a change of government,” said Yoshihiko Noda, president of the main opposition Constitutional Democratic Party