Cybercriminals exploiting virus fears to gain access to corporate IT systems
Article by Zscaler A/NZ country manager Budd Ilic.
With the world now a different place amid the COVID-19 crisis, criminals are taking advantage of the situation to mount a range of cyberattacks.
Not only are cybercriminals exploiting the public’s thirst for new information about the virus, the rise in the number of people working remotely is increasing the threat surface for these attacks. In light of this, we are witnessing an increase in email scams, malware-infected apps, and malicious websites.
The changing threat landscape
Cybercriminals are making use of a range of techniques to deliver these attacks and some of those recently noticed in the wild include:
- Mobile apps: Hackers are creating applications that appear to offer advice or information about the virus. If installed on a mobile device, they can harvest personal information or gain access to other connected systems.
- Phishing: URLs with mentions of COVID-19, or Coronavirus, are becoming increasingly common. They appear to offer information about the virus, however, these URLS are a guise used by attackers to infect the devices of those who visit.
- Malware: Scammers are also creating email attachments with the terms ‘COVID’ or ‘Corona’ in the name. Designed to appear as though they have come from a legitimate source, they in fact contain malware that infects a user’s system once opened.
- Ransomware: Some websites claiming to help users track the virus around the world have been identified to deliver ransomware, a type of malware that locks a user out of his or her device.
- PowerPoint: There have also been a few isolated examples of criminals distributing PowerPoint files infected with malicious code. The files appear to contain lists of hotels infected by the outbreak.
All these threats are exploiting the fears of people and their desire to find out how to cope with the rapid spread of the virus. Many of the techniques being used are not new, however, they are succeeding because people are currently more emotionally vulnerable.
Thus, cybercriminals are successfully stealing personal data, extracting financial gain, and infecting corporate IT infrastructures as a result.
Minimise your exposure to COVID-19 related threats
Here are a few tips to ensure your digital safety amidst the current pandemic:
- Mobile app safety: Avoid downloading or purchasing applications not found within a reputable app store. Check the logos of any questionable apps to see if they look off or slightly different than what you recognise. Oftentimes, attackers mimic logos of large brands to increase downloads. Next, make sure your devices are up-to-date before installing and always be attentive to the information an application requests to access.
- Phishing safety: Remember, legitimate companies never ask for personal information directly from email. Moreover, phishing emails typically lead with a generic salutation instead of your name.
- Be on the lookout for fake domain names similar to legitimate ones. Malicious domains usually add numbers and letters to their “real looking” domain addresses.
- Always check for poor grammar and spelling — very rarely do real emails contain misspelling.
- Lastly, and probably most importantly, never click on any suspicious links embedded in the body of the email, nor open any attachments with suspicious file names. Especially if these suspicious links and attachments are being sent with emails matching the above malicious criteria.
We understand that in a situation like this, emotions are running high. As the appetite for accessible information continues to grow, attackers will do all that they can to leverage COVID-19 for malicious activity, which is why it’s important to be hypervigilant now, more than ever.
Working from home
The growing trend for large numbers of people to work from home in an effort to avoid viral infection is also providing opportunity for cybercriminals.
Where previously they would have been working from behind corporate security at HQ, many staff will now be working remotely using a domestic internet connection. Some may have taken a work-issued laptop while others are now using their own private devices.
These factors increase the potential for a successful cyberattack. Emails and attachments that previously would have been automatically scanned and blocked may now get through to users. URLs tempting staff to visit dubious websites that would have triggered alerts could now be readily available.
Faced with these remote security challenges, IT teams have two options to ensure workers remain safe and protected.
The first is to route all traffic from home workers via the existing corporate network. This means users will be protected by the existing security stack and be able to operate as though they are still sitting at their office desks.
The downside of this approach, however, is that latency levels are likely to increase. Depending on the bandwidth of the home internet connections being used, this could result in frustrating delays and a drop in productivity.
A second option is to route traffic via a cloud-based security service that can provide the checks and protections usually afforded by the on-premise stack. This removes the need to funnel all traffic via the corporate network and reduces latency.
This approach makes particular sense when employees are already predominantly using cloud-based applications such as Salesforce, Office 365 and Zoom to get their work done. Application performance can be maintained alongside proper security.
COVID-19 may have changed the way many people work, but this doesn’t have to mean companies must accept lower levels of security. Take steps today to ensure your remote employees have the tools and services they require to be protected against the constantly evolving cyberthreat landscape in the months ahead.