Hackers Exploiting Coronavirus Crisis
The COVID-19 pandemic has created new cybersecurity issues, including increased phishing schemes, new software security needs, and potential privacy concerns.
The COVID-19 pandemic and related economic crisis have thrown many businesses into a state of uncertainty. Along with the public health and financial uncertainties are the challenges faced to keep employees productive, data secure, and clients satisfied.
Unfortunately, hackers re also keenly aware of these issues, which has meant a rise in cyberattacks. Many of these attacks are targeting businesses and workers when they’re at their most vulnerable. The attacks prey on fears about the coronavirus and the desire for information about health, federal action, and potential loans and grants.
Here is a closer look at the incidents that have businesses paying closer attention to cybersecurity.
What COVID-19 Security Challenges Are Companies Facing?
One of the significant threats right now is the use of fraudulent websites with names related to COVID-19, coronavirus, or Zoom, the popular video conferencing platform that is now commonplace. Hackers use these websites to help launch malware attacks designed to infect computers and networks. Many of the schemes involve email campaigns that are purportedly from official health organizations or government agencies. These schemes encourage readers to click on an attachment or link to a website, which can trigger the malware download.
To combat this issue, in early April, the U.K.’s domain name registry Nominet suspended 600 suspicious websites with a coronavirus-related name.
What Is COVID-19 Malware Targeting?
Malware typically is used to steal data for profit or as ransomware, holding websites and systems hostage until a ransom is paid. However, in recent weeks, new types of malware have surfaced with a far more insidious purpose. In some cases, the malware rewrites the master boot record (MBR) that allows a computer to launch the operating system. Infected computers cannot boot unless advanced software solutions are used to restore the original MBR. Another strain, first identified in China in February, wipes the data completely.
What Are the Zoom Security Issues Related to the Pandemic?
Zoom has, in a matter of weeks, become one of the most common ways that employees working from home are remaining connected with coworkers and customers. However, many users are unfamiliar with the features and security settings intended to protect users from unwanted interruptions — zoombombing — that have caused disruptions. Unwanted visitors can also steal credentials and sensitive information shared in those virtual meetings.
Zoom has responded by changing many of the default settings on the platform, including the use of passwords for access and the “waiting room” feature, which requires the meeting host to admit participants manually. It’s also paused ongoing development work to focus on privacy and security issues.
However, there are still concerns, which has led government agencies to issue orders telling employees not to use the platform. Security issues prompted one investor to file a class-action lawsuit against the company, claiming it has not been honest in detailing its encryption, security issues, and sharing of personal information.
Zoom is not the only company facing privacy issues during the pandemic. Google announced it was rolling back a privacy feature it launched in February. SameSite cookies would prevent third-party websites from creating cookies when a user was not on their website.
What Privacy Issues Are Emerging Due to the Pandemic?
Technology can be a powerful tool in combatting the COVID-19 virus. Apple and Google announced they would release tools allowing software developers to build apps that could record other smartphones in the vicinity. The contact-tracing apps could then alert users if someone with those smartphones later contracted COVID-19.
In response to these and similar initiatives, a coalition of human rights groups, including Amnesty International and Human Rights Watch, warned that using phone location data was a threat to privacy, freedom of association, and freedom of expression and could be used by governments to surveil citizens.
At HRCT, we help enterprise businesses manage technology and keep data secure. Our comprehensive security solutions include:
- Data security, storage, and backups
- Government compliance
- Network security monitoring and alerts
- Security cameras and door access controls
- Email security to block malware, phishing attacks, and spam
- Password management and multifactor authentication
- Intrusion prevention and exploit prevention
- Data recovery and business continuity
Learn more about how to protect your business and its assets during these uncertain times. To learn more, contact us today.