Protect your data: Cybercriminals pose threats leveraging Covid-19
Trickbot campaigns that have been active for at least six months.
Work From Home (WFH) is no more just a option but a new normal, and businesses have turned prudent - ever since the outbreak of covid-19 - to protect their precious data.
The World Health Organisation (WHO), the US Federal Trade Commission (FTC), the US Cybersecurity and Infrastructure Security Agency (CISA) and the UK's NCSC have all published various advisories warning about the threats posed by cybercriminals seeking to capitalise on the fear and uncertainty surrounding covid-19.
There have been reports of scammers who created a fake version of the Johns Hopkins Coronavirus Map that should show the spread of infections, but is instead laden with the malicious AZURult malware, an information-stealing Trojan that exploits a four-year-old vulnerability to exfiltrate sensitive data from compromised systems. By patching the vulnerability [CVE-2017-11882, a memory corruption vulnerability in Microsoft Office's Equation Editor component] the system would be protected, even if an employee were to inadvertently visit the spoofed version of the website.
Maher Jadallah, regional director, Middle East, Tenable, said: "The best advice for everyone to protect themselves against digital threats leveraging the interest in covid-19 is to stay informed. If you receive an unsolicited e-mail with a covid-19 theme/message, question its authenticity, and, if there's any uncertainty then don't click on any links or open any attachments. Use trusted sources for up to date information, such as the local health organisation or World Health Organisation's website for the latest information."
A few measures may be helpful like limiting privileged accounts and protect those that are used; educate users on phishing attacks; importance of utilising strong unique passwords that aren't shared; controlling USB devices; and identifying software that isn't being used or is obsolete and remove it. Also, performing regular back-ups to roll-back to a previous stable version. Monitor network traffic for anything that deviates from the norm with policies in place that will either flag, ring-fence or even halt risky behaviour.
When introducing new working practices, do so securely. If providing access to data, make sure you have a mechanism to control that access and secure data in transit.
"Given that the workforce may not be using company-owned devices, it's worth investing in an assessment solution that can check the security posture of all devices, regardless of ownership, connecting to the corporate network. Identify any with exploited vulnerabilities and either patch or remediate the risk - this could mean stopping the device connecting until its been updated," added Jadallah.
Many covid-19 campaigns play on the fear and lack of information relating to the virus which encourages users to click on malicious links that will redirect them to malicious sites or download malicious content onto their systems. Types of attacks can range from Business Email Compromise (BEC) attacks, through to ransomware, credential acquisition, lateral movement and network reconnaissance.
So how do businesses minimise the chances of being attacked? "There are a number of simple steps you can take to minimise your risk, such as using a reliable anti-virus (AV) solution and following safe cyber hygiene practices such as strong password usage and never enabling macros in any attachments if you do open them. Users should be encouraged to search for and visit credible sites, such as offered by .gov departments, rather than following links in unsolicited e-mail correspondence. Everyone is urged to be vigilant at this time in relation to any emails or electronic communications purporting to be in relation to the support of those affected by the coronavirus," said Jonathan Miles, head of Strategic Intelligence and Security Research at Mimecast.
Typical activities right now relate to sites carrying "urgent" news regarding the covid-19 pandemic. These sites attempt to scam the victims into buying items such as facemasks and other preventative measures, says Chris Dale, SANS certified instructor and head of Cyber Security at Netsecurity.
"There have also been viruses being spread through similar campaigns, where the goal is to get users to install some piece of software, giving attackers control of the victims' computers. These computers can be used for monetisation purposes for cyber crime, or for cyber espionage. We are also seeing reports that the Iranian government published an application called AC19 to the Google appstore. This application was designed to pull users' phone numbers and to track their movements, all in the guise of a covid-19 prevention application. Such applications are likely to be used for espionage purposes," said Dale.
Harish Chib, vice president, Middle East & Africa, Sophos, said: "Whenever there is a topic of public interest like covid-19, we see cybercriminals try to manipulate our concern into an opportunity. Cybercriminals love a crisis, because it gives them a believable reason to contact you with a phishing scam. The main driving force behind phishing is financial gain. Cybercriminals often target employees who have access to company finances, trick them into making financial transfers to bank accounts controlled by the criminals. However, they also target those who manage business processes and IT controls, open organisations up to a range of attacks including ransomware and extortion."
Tips to protect data
. Look out for spelling and grammatical errors. Not all crooks make mistakes, but many do
. Check the URL before you type it in or click a link.
. Never enter data that a website shouldn't be asking for
. Never use the same password on more than one site
. Turn on two-factor authentication (2FA) if you can
. Educate your users
. Never let yourself feel pressured into clicking a link in an email
. Don't be taken in by the sender's name
The Community Help option was added four years ago and now includes... READ MORE
Stick it on your Insta stories and join the community READ MORE
Sub-Dh1,000 devices both come with quad-lens cameras READ MORE
Smartphone brings gaming, lots of lenses to budget territory READ MORE
Customers will not be charged anything either. READ MORE
The lab is the first in the world of this scale to be operational... READ MORE
Residents have also been given a hotline they can call on by local... READ MORE
The public are urged to stay at home as much as possible, and only go ... READ MORE