Working From Home: Cyber Security
In the past few weeks, we examined risks and recommendations for organizations caused by the Coronavirus as well as provided a few things to keep in mind when working from home during the COVID-19 pandemic.
Health officials are urging people to stay home and to exercise proper hygiene to stay safe and help prevent the virus spread.
But what about cyber hygiene?
Turns out you should apply the same level of care to your supportive technology.
And here’s why:
There has been a noted increase in cyber attacks due to the rising fear and concerns surrounding the COVID-19 pandemic.
Cybercriminals are leveraging information about the Coronavirus to spread banking trojans, ransomware, keyloggers and other types of malware infections through phishing emails, COVID-19 digital spread maps, and teleconferencing apps.
Although there are numerous defenses available that limit cyber risks, it is still important to keep cyber security in mind when working from home.
Main areas of concern
These emails (and particularly the subject lines) are designed to contain valuable information about the current status of the outbreak to lure victims into opening attachments or clicking malicious links.
Once the user downloads the attachment or clicks the malicious link, a code that deploys one of many malware families to the victim’s host network starts running in the background. Security researchers have observed that many cyber-attacks rely on leveraging trusted branding to increase the success of the cyber attack.
Sample email subject lines include:
- “COVID-19 – Now Airborne, Increased Community Transmission”
- “Attention: List Of Companies Affected With Coronavirus April 20, 2020”
In Canada, most of the scams are related to the Emergency Response Benefit program focused on providing financial support for Canadians. People have reported that they received texts that read: “Alert: The emergency response benefit of Canada relief fund has sent you a deposit of $1375.50.”
It is advised that users should look for reliable sources for information on the pandemic and relief efforts, such as government websites (e.g. Canada.ca).
Moreover, some users have received email messages supposedly from the WHO suggesting reviewing the attached file containing official information on how to protect yourself from the Coronavirus. Opening the attachment prompts the execution and installation of a malware variant on the victim’s computer that allows cybercriminals have access to your data.
As the Coronavirus spreads around the globe, thousands of organizations are forced to work remotely.
With people recommended to practice social distancing and self-quarantine, Zoom has become a new norm and somewhat of a synonym of “teleconferencing”. The telecommunication platform holds everything from work meetings to happy hours.
The rapid increase of Zoom usage has opened a new channel for criminals to exfiltrate personal information of its users.
The platform has been reported to have a number of flaws and vulnerabilities which potentially put trade secrets, state secrets, and privacy at risk of being compromised.
If Zoom is your organization’s preferred method of collaboration, it is highly recommended that all Zoom meetings be set to private where the host can share their screen and utilize features like host mute controls and ‘Waiting Room’, and not shared on social media. Moreover, it is essential to review the app settings and install regular software updates.
COVID-19 spread maps
As people are tracking the COVID-19 progress to see some hope in a flattening or declining curve, cybercriminals are setting up fake websites with an infected map of the world that imitates a real map from John Hopkins University showing countries hit by the outbreak.
Believe it or not, these fake maps tend to have the malware variants running that harvest credentials stored in the browser (saved passwords, credit card info).
Unfortunately, some users who come across such fake maps are sharing the link with friends and family which in turn generates the viral spread of the cyber threat.
Be cautious, and if you are looking to get the latest information about the virus, the official John Hopkins University COVID-19 map provides statistics about the Coronavirus spread around the globe.
Working From Home Cyber Security Best Practices
Unfortunately, cybercriminals use emergencies such as COVID-19 to get people to make decisions quickly.
Always take time to think about a request for your personal information, and whether the request is appropriate.
Here are a few recommendations to keep in mind:
- Avoid clicking on links in unsolicited emails and be wary of email attachments.
- Do not reveal personal or financial information in emails and do not respond to email solicitations for this information.
- Use trusted sources such as legitimate government websites for up-to-date, fact-based information about COVID-19.
- If you encounter a scam or suspicious email, do not hesitate to report it.
Stay safe and stay productive!