It might look like an e-mail from a supervisor with an attachment on the new “work from home policy,” but it could be a cleverly designed scheme to hack into your network.
The abrupt move of millions of people to working remotely has sparked an unprecedented volume of attacks to trick people into giving up credentials to attackers, security researchers said.
“We’ve never seen anything like this,” said Sherrod DeGrippo, head of threat research for the California-based security firm Proofpoint. “We are seeing campaigns with message volumes up to hundreds of thousands which are leveraging this coronavirus.”
The pandemic has created a perfect storm for cyberattacks, with millions of people working in unfamiliar, less secure circumstances, and eager for information about the virus and new organizational policies being implemented.
This opens up a new avenue for malicious actors using phishing e-mails or “social engineering” to gain access or steal sensitive information.
“When someone is working form their home it is a similar threat profile as at an airport or a Starbucks, you just don’t have that protection you might have in the workplace,” DeGrippo said.
“And if we’re at home with our family where we feel safe, you might see a family member hop on to do homework, and might not understand the security controls. Keeping mom’s and dad’s computer for mom and dad is the right thing to do,” he said.
Tom Pendergast, chief learning officer of the security and privacy training firm MediaPRO, said many of the millions of people adjusting to the new landscape are unprepared for teleworking.
“It’s one thing if people have been working remotely with equipment that has been properly configured,” Pendergast said. “It’s different for people who haven’t had that experience.”
Attackers are taking advantage of people’s fears about COVID-19 with scare tactics to get people to click on malicious links or attachments, but also playing on sympathies with fake crowdfunding pages purported to be for people who have fallen ill, he added.
Pendergast said healthcare organizations are especially susceptible to schemes such as ransomware, because “they are less likely to shut down their systems by refusing to pay.”
This was highlighted with a major hospital in the Czech Republic hit with ransomware following an e-mail campaign with a coronavirus “awareness” message, media reports said.
“The COVID-19 scare has proven lucrative for cybercriminals in recent weeks as healthcare institutions scramble to test patients, treat the infected and protect their own staff from the contagion,” a blog post from Filip Truta of the security firm BitDefende said. “Healthcare infrastructures are highly susceptible to hacker attacks because of lax cybersecurity skills and safeguards.”
The potential for costly cyberattacks has prompted warnings for stepped up vigilance.
The French public-private cybersecurity alliance this week warned businesses to be alert for faked e-mails related to purported orders or bank transfers, or telephone calls aimed at obtained financial account information.
The US Department of Homeland Security issued an alert this month warning that the COVID epidemic has increased threats and that “cyberactors may send e-mails with malicious attachments or links to fraudulent websites to trick victims into revealing sensitive information.”
Hawaii Attorney General Clare Connors advised residents to watch for fraudulent e-mails claiming to be from the US Centers for Disease Control and Prevention or experts saying they have information about the virus.
“Scammers may still offer fake vaccines and other bogus medical products claiming to offer ‘cures’ for the virus,” a statement from Connors’ office said.
DeGrippo said virtually all the cyberschemes related to the pandemic are financially motivated and added that “personally I find it depraved ... it is taking humanity at its most vulnerable and trying to use that for financial gain.”
She said that the threats may evolve as attackers craft new scheme and techniques.
“I can see some attackers sending messages like: ‘I’m in quarantine and need you to buy something for me,’ or ‘I need you to make this transfer of funds,’” she said. “I think we’ll see criminals leveraging the coronavirus to do more of that.”
With much pomp and circumstance, Cairo is today to inaugurate the long-awaited Grand Egyptian Museum (GEM), widely presented as the crowning jewel on authorities’ efforts to overhaul the country’s vital tourism industry. With a panoramic view of the Giza pyramids plateau, the museum houses thousands of artifacts spanning more than 5,000 years of Egyptian antiquity at a whopping cost of more than US$1 billion. More than two decades in the making, the ultra-modern museum anticipates 5 million visitors annually, with never-before-seen relics on display. In the run-up to the grand opening, Egyptian media and official statements have hailed the “historic moment,” describing the
SECRETIVE SECT: Tetsuya Yamagami was said to have held a grudge against the Unification Church for bankrupting his family after his mother donated about ¥100m The gunman accused of killing former Japanese prime minister Shinzo Abe yesterday pleaded guilty, three years after the assassination in broad daylight shocked the world. The slaying forced a reckoning in a nation with little experience of gun violence, and ignited scrutiny of alleged ties between prominent conservative lawmakers and a secretive sect, the Unification Church. “Everything is true,” Tetsuya Yamagami said at a court in the western city of Nara, admitting to murdering the nation’s longest-serving leader in July 2022. The 45-year-old was led into the room by four security officials. When the judge asked him to state his name, Yamagami, who
DEADLY PREDATORS: In New South Wales, smart drumlines — anchored buoys with baited hooks — send an alert when a shark bites, allowing the sharks to be tagged High above Sydney’s beaches, drones seek one of the world’s deadliest predators, scanning for the flick of a tail, the swish of a fin or a shadow slipping through the swell. Australia’s oceans are teeming with sharks, with great whites topping the list of species that might fatally chomp a human. Undeterred, Australians flock to the sea in huge numbers — with a survey last year showing that nearly two-thirds of the population made a total of 650 million coastal visits in a single year. Many beach lovers accept the risks. When a shark killed surfer Mercury Psillakis off a northern Sydney beach last
‘NO WORKABLE SOLUTION’: An official said Pakistan engaged in the spirit of peace, but Kabul continued its ‘unabated support to terrorists opposed to Pakistan’ Pakistan yesterday said that negotiations for a lasting truce with Afghanistan had “failed to bring about a workable solution,” warning that it would take steps to protect its people. Pakistan and Afghanistan have been holding negotiations in Istanbul, Turkey, aimed at securing peace after the South Asian neighbors’ deadliest border clashes in years. The violence, which killed more than 70 people and wounded hundreds, erupted following explosions in Kabul on Oct. 9 that the Taliban authorities blamed on Pakistan. “Regrettably, the Afghan side gave no assurances, kept deviating from the core issue and resorted to blame game, deflection and ruses,” Pakistani Minister of
RSS