Covid-19 and Cybersecurity
In the age of a global pandemic, very little attention gets paid to potential risks that organized movements and citizens are vulnerable to opportunistic criminals, who thrive on panic and clandestinely conjure up a plan to unleash a level of cyber crimes.
More so for civil society organizations working remotely. This means that many workers are connecting from their home network, which, most likely, isn’t as secure as the company network, with weaker firewalls and no IDS/IPS solutions. The global focus, rightfully so at the moment, is solely on addressing the potential catastrophic effects that the Coronavirus pandemic could have on humanity.
This pandemic threatens to have a massive impact on almost every aspect of our lives and unfortunately, global health services will bear the brunt of it all. This means that we are vulnerable as always, to criminality as some in society have an intent to expand on their criminal conduct and networks to exploit the situation in order to benefit from this period.
By their very nature, Cyber Criminals are opportunistic, they thrive on devastating challenges like the Covid-19 pandemic and use them to their advantage. In times of panic and distress, people are often far more susceptible to malicious scams committed by Cyber Criminals. It would therefore be important not to let down our guard and ensure that, not only do we observe hygienic behaviors in order to reduce the spread of Covid-19 but to also keep an eye on our cyber hygiene.
Challenges: This trend is not a recent one but has been on the rise in the last couple of months, cyber criminals are continuing to exploit the Covid-19 situation, primarily through Phishing Campaigns. (Phishing: is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords)
A common phishing trend that can be witnessed recently is the emails that are circulating claims about “important Covid-19 updates”, implying a sense of urgency and coercing, through manipulation, users into opening attachments or clicking links that infect devices. The World Health Organization has warned of phishing emails posing as coming from them about important Covid-19 developments, thus urging people to be extra vigilant by verifying the authenticity of these emails before engaging with them. One would imagine official government sites with critically important, valuable Covid-19 related information may be vulnerable too to such attacks and infiltrated by cyber criminals.
The criminal’s modus operandi includes going as far as establishing fake sites and illegitimate email addresses that look real with the sole attempt to steal employee’s passwords and personal information. Cybercriminals take advantage of newsworthy events to spam potential victims with phishing emails.
A phishing email is one where the sender assumes a fake identity to trick the recipient into divulging confidential information, by pretending to offer something that the recipient may need or want. The sophistication of internet-enabled scams directed at non-government entities, such as private companies and individuals, varied considerably.
In the wake of Covid-19, we are not even spared as cyber criminals also utilise apps that we install on our phones to have the same effect of infiltrating our gadgets and having access to our passwords and personal information that are contained in our phones. This means the tracking specifically by governments in response to the Covid-19 pandemic, could also be infiltrated through insidious surveillance. Through the remote working of most employees and using different social media tools and video links, we need to be more careful about the firewalls that we set up for our networks to secure our connections.
Many organized movements and government departments are vulnerable as mostly roll-out remote video conferencing solutions, making it easier for attackers to impersonate members of staff and even hack the call. This necessitates that companies ensure endpoints used by employees are secure.
Cyber criminals will continue to leverage the Covid-19 outbreak as the situation continues to develop and destruct us enough to lower down our guard.
We must remain vigilant when it comes to opening emails, viewing websites and downloading applications related to the Covid-19 pandemic in order to keep our information and devices safe from compromise
What you can do:
- Avoid clicking links or opening attachments in unsolicited emails
- Only follow trusted sources, such as the World Health Organisation (WHO) and specific, official, credible governments websites and communication platforms
- Check website URLs and email addresses to ensure they are from a trusted source
- Verify a charity’s authenticity before making a donation
- Ensure that you rather use apps that have end to end encryption
- Streamline public communication by government agencies
- Promote threat-related information-sharing across and between governments information
- Introduce cyber security sensitization programmes in schools and workplaces