People the world over have begun to fundamentally change how they live their lives due to the far-reaching effects of the Coronavirus. We have had to change how we learn, how we shop, and how we conduct business. As we adapt, so do cyber-criminals. Malicious actors online have begun preying on the public’s search for more information on the virus with destructive results. In the article below, I will outline how hackers may exploit the COVID-19 Pandemic to take advantage of you online, and how to identify the threats before they can harm you or your firm.
The general impact of the COVID-19 virus leaves many avenues for malicious actors to trick you into revealing information you otherwise would not. A November article by Trend Micro showed that Quarter 3 of 2020 produced over 3.8 million email threats specifically related to COVID-19. Criminals know what people are looking for online during the pandemic, and desperate people may be more likely to click on fraudulent emails during these hard times. Trend Micro specifically notes increases in phishing emails in 3 categories: employment, coronavirus relief/stimulus, and virus cures/vaccines. These three topics were all chosen to target people specifically struggling from the impact of the virus.
Another important metric that has grown during the pandemic is the surge in Ransomware attacks across 2020. Ransomware is a specific type of malware that infects your machine, encrypts the PC, and demands cash or compensation to provide the key to free your data. Ransomware is especially prevalent in the business sector, as a fast-moving threat actor can quickly lock up years of records and accounts, and extract a large sum from a needy business. An article by Security Magazine notes Ransomware attacks have jumped 72% since the start of the pandemic. Cybercriminals are looking to take advantage of the average remote worker, making it more and more important to protect yourself online.
It’s important to remember, if something seems to be too good, then it probably is. Emails promising extra COVID relief, or new employment offers, should always be double-checked before being clicked on. It is never advised to click any links directly from an email, instead see if the emailing group has an official site. Many phishing attempts also try to emulate legitimate organizations and businesses, including their email addresses. Comparing a fake email address from a threat actor online and a real organization email address can be a giveaway for fake emails. Phishing attacks are the primary way of delivering ransomware payloads to the end user. The best protection against attack is prevention, deleting or not interacting with compromised messages before they can infect your system. A good anti-virus/anti-malware solution, such as Endpoint Detection and Response (EDR), can also act as a stop-guard against ransomware and stop it before it installs on your system.
If you are interested in Plummer Slade Cybersecurity training or security services, please contact us at firstname.lastname@example.org, or dial us at 412-261-5600.