Cyber criminals are taking advantage of the COVID-19 pandemic. Now companies and governments are urged to take action.
The COVID-19 epidemic is wreaking havoc on the global economy. Businesses are shutting down or encouraging their staff to work from home, governments are closing parts of their transport infrastructure, hospitals are being overrun and events are either being cancelled or postponed indefinitely. As a result of factors like these, the markets are in turmoil.
Cyber criminals are taking advantage of the chaos. Some hackers are attempting to steel people’s credit card details by sharing compromised files posing as digital maps and dashboards of the spread of the coronavirus outbreak. Others have set up websites impersonating organisations such as the U.S. Center for Disease Control and the World Health Organization. These phishing attacks have proliferated since the start of the year.
In response to schemes like these, the UK National Cyber Security Center (NCSC) issued a warning earlier in March for people to be extra vigilant in these trying times.
“We know that cyber criminals are opportunistic and will look to exploit people’s fears, and this has undoubtedly been the case with the coronavirus outbreak,” said Paul Chichester, director of operations at the NCSC. “Our advice to the public is to follow our guidance, which includes everything from password advice to spotting suspect emails.”
Many employers – including several European challenger banks – have encouraged their staff to work from home during the crisis. However, this could worsen the risk of malware authors succeeding to infect people’s devices.
Crane Hassold, senior director of threat research at the email security firm Agari, told Wired that employees may be more likely to fall victim to phishing emails because it is not as easy to ask their colleagues whether they have really initiated that payroll payment reroute. “All of this is a perfect storm,” he said.
Similarly, the European Central Bank (ECB) warned the banks in the Eurozone to be extra vigilant as the risk of cybercrime is on the rise because of the pandemic. With more people doing their banking remotely, the ECB warned that it could put the banks’ IT systems under increased strain, the Independent reported. The ECB also urged banks to ensure that their operational capabilities would not be impaired because people worked from home or were otherwise absent.
Governments are also gearing up to protect their country’s infrastructure from assaults. The US government is one example.
In early March, the bipartisan Cyberspace Solarium Commission appointed by the US congress published its report on how the nation should strengthen its digital defences. The 75 recommendations outlined in the report included giving more training to military personnel and to encouraged private actors to beef up their cybersecurity.
Now, these recommendations have become front and centre as experts warn that the COVID-19 outbreak has made the country even more vulnerable to digital assaults.
“There are actors out there in cyberspace that think we’re vulnerable,” Mike Gallagher, representative of Wisconsin and recent co-chair of the Cyber Solarium Commission into the future of US cybersecurity, told The Washington Post. “At a minimum, we need to impose costs on whoever did this. We don’t want the signal to that now is a good time to take advantage of the US.”
Similarly, his commission co-chair Angus King, senator of Maine, said that the pandemic “underlines our overall vulnerabilities [to cyberattacks] and the absolute unscrupulousness of our adversaries.”
There is already reason for these concerns. Earlier this week the U.S. Health and Human Services Department (HHS) suffered a cyber attack. People familiar with the incident told Bloomberg that the digital assault was part of a disruption and disinformation campaign designed to weaken the country’s response to the coronavirus.
Another wave of attacks saw the spread of misleading text messages claiming that President Trump was going to announce a national quarantine buzzed into cellphones across the nation, The Washington Post reported.
The attack seemed designed to make people overrun stores to buy supplies before any restrictions were introduced.
Attorney General William Barr later warned that if the HHS attack was linked to a foreign power, then it should be prepared to suffer “severe” consequences.
In the past, the US has responded to cyber aggression with sanctions and indictments.
Copyright © 2018 RegTech Analyst