BackArming yourself against cybersecurity threats in the age of coronavirus
Turn on two-factor authentication (2FA) across all your social media accounts
PremiumCovid-19 has significantly impacted the global geopolitical and healthcare ecosystem. While the world continues to grapple with this pandemic, there has been a significant increase in cyberattacks, causing serious and unwarranted disruption in business continuity.
Hackers are homing in on government health agencies and hospitals, globally, who are struggling to cope with the rapidly increasing cases of patients impacted by coronavirus. A spokesperson of the //US?// Department of Health and Human Services (HHS) recently told the global media that they “became aware of a significant increase in activity on HHS cyber infrastructure and are fully operational as we actively investigate the matter".
You may assume you are safe from these forms of cyber-attacks, but you will be surprised by the sophistication of scams happening. What will you do if you receive an email sounding legitimate and from the World Health Organization asking you to click on certain links to ensure your health records are with them, and on the basis of which they will provide healthcare facilities, if necessary? Not only this, our threat intel team has found a rise in multiple other attacks such as credential theft, financial fraud, social engineering and more.
Measures to protect yourself from cyberattacks:
Emotet was one of the first campaigns to have used the coronavirus scare to spread itself further. Other recent attacks discovered by security researcher @issuemakerslab include a malicious Word document written in Korean by the threat actors behind BabyShark. Similarly, there has been a significant rise of websites claiming to provide updates on Coronavirus, and we have seen multiple of these websites containing malicious information. According to DN Pedia, a provider of domain name solutions and statistics tools, 934 domains, including “coronacure", have been registered in the last few days.
So, as a consumer, what can you do to protect yourself?
Use two factor authentication and use authenticator applications: Turn on two-factor authentication (2FA) across all your social media platforms and email services. It acts as a second layer of protection and, more often than not, can stop hackers from penetrating into sensitive information stored across platforms. Additionally, use authenticator applications.
Beware of phishing emails, while phishing emails have become sophisticated, you can follow few basic steps to ensure you are able to identify them:
1.Be cautious when you see a suspicious sender address
2. Emails with generic greetings and signatures like “Dear valued Customer “ or “Sir/Ma’am" can be avoided
3. Be on the lookout for poor Grammar and misspellings
4. Completely avoid suspicious attachments from unknown senders
5. Do not share any sensitive information over email
You should also follow other steps, such as ensuring your wifi is secure while working from home, create backups, use updated cybersecurity products and keep your systems/mobile devices up to date. While these are simple steps, ignoring them can result in grave consequences.
Another area where hackers have become sophisticated is in smartphone-based cyberattacks. Cybercriminals generate money by utilizing the smartphone’s RAM and processors for crypto mining, data exfiltration and, in many cases, lock down the device. For example, a recent analysis conducted by Domain Tools shows that cyber-criminals have deployed an Android ransomware called CovidLock, which claims to be a Covid-19 information tracker, but is actually designed to lock victims’ screens until they pay a ransom.
Businesses are increasingly focusing on cybersecurity, though often people’s security is overlooked. Cybersecurity training for employees is still treated as a no more than a box to tick, and conducted either during audits or orientation sessions. As people shift to a work from home set-ups, their cybersecurity is even more compromised. According to a recent Ponemon Institute report, inadvertent breaches from human error and system glitches were still the cause for nearly half (49%) of the data breaches in the report, costing companies $3.50and $3.24 million respectively. If you are running a business, adopt real-time, quantifiable, objective and unified cyber risk quantification (CRQ) platforms for workforce cybersecurity training to ensure people related breaches are avoided. In today’s time, cybersecurity training needs to be gamified and always available rather than being calendarised and laptop only. People are an organisation’s biggest asset and it is crucial to educate them on cybersecurity, not only for the business but also for their own self.
Rahul Tyagi is co-founder of Lucideus
Unlock a world of Benefits! From insightful newsletters to real-time stock tracking, breaking news and a personalized newsfeed – it's all here, just a click away! Login Now!
