Crimes in all forms exploit the vulnerability of another individual, be it towards a person, towards an organization, the government, or the specialized service provider. Thousands of members of the medical industry are racing to create the vaccine to ease the suffering it continuously brings around the world. We can then conclude that the attention to strengthening the cyber defense systems and networks of different global organizations might not be the current focus of major companies as the world shift towards coping and carrying out daily operations during the Covid19 pandemic.
We at iZOOlogic had identified the types of prevalent cyber-attacks that malicious threat actors continuously leverage on the Covid19 period:
Malicious Domains and Phishing
Through the previous months of 2020, there had been a rise of newly registered Covid19 related domains. While some are legitimate, it is easy for cybercriminals to create thousands of new domain names to be used to send emails containing phishing links, malicious scripts, or infected attachments.
The rise of Phishing cases leads Microsoft to proactively took down domains that have been used by fraudsters to conduct fraudulent online schemes.
Malware, Trojans, and Spywares had been detected embedded on Covid19 information websites and maps. The people looking for the latest information on the pandemic can unnoticedly run malicious scripts on the site they visit while the fake web pages mask their cybercriminal activities. The clickable links can lead to downloading malware scripts on their workstations or mobile phones.
Interpol had warned the Health Care and Medical Industry recently as they observe the increase of ransomware cyber threats during the initial months of the pandemic. Hence, hackers and threat actors are sending out ransomware attacks to health care industry companies that have been overwhelmed by the cases and transactions related to the coronavirus.
We have observed that cyber criminals continuously scan well-known global brand’s systems for opportunities to exfiltrate data and encrypt databases and files which they would later use to threaten and demand monetary payment.
Preventive Measures and Recommendations
- Protect your Data – keep an independent backup copy of the crucial files in secured cloud storage or a separate external drive.
- Ensure that Systems and Network components are up to date – it is recommended to perform a regular software update and improvement to patch up the latest discovered vulnerabilities that hackers can exploit. Setting up an anti-spam, anti-phishing, and anti-malware solutions provides another layer of security that is only available with a specialized service provider. The expertise and experience of managing rampant cyber threats can help you address vulnerabilities and enforce policies that can avoid losses and protect your brand.
- Always be vigilant – regularly check your privacy settings on a mobile, workstation, and social media accounts. Periodically update and practice using strong password combinations. Enable Multi-factor Authentication whenever possible. Do not click the attachments from emails that you are not expecting to receive or from an unknown sender.