Stay Safe From Coronavirus Scams: Q&A With Impact’s Director of MIT Security Services
Coronavirus scams have started appearing with increasing frequency recently.
There has been a significant number of website registrations related to COVID-19, and email campaigns from criminals.
Users beware; cybercriminals are taking advantage of the pandemic by duping users into handing over important information, whether it’s through new domains or phishing scams.
Scams related to the virus have become a profitable enterprise for criminals, with concerned users looking for information about the outbreak being targeted the most.
It’s more important than ever for people to remain vigilant in order to avoid falling victim to these attacks.
We sat down with Jeff Leder, Impact’s Director of MIT Security Services, to talk about the cybersecurity issues that have arisen and how best to deal with them.
Leder has overseen Impact’s Managed Cybersecurity department from the very beginning, vetting hundreds of solutions in order to build a best-in-class cybersecurity service for our clients.
So, what does he have to say about protecting yourself from the recent uptick in Coronavirus-related cyberattacks?
Why are hackers capitalizing on the outbreak?
We’ve seen similar attacks occur around other events, like natural disasters, economic concerns, and major political elections
JL: “Cybercriminals thrive on social engineering. That is to say, an attacker will use human interaction to their benefit to obtain valuable information.
“Current events, especially those with “scary” or unsettling underpinnings, are therefore often abused by attackers for exactly this purpose. Effective social engineering with regards to cyberattacks is designed to overcome people’s ability to recognize threats by leveraging things like fear and uncertainty.
“We’ve seen similar attacks occur around other events, like natural disasters, economic concerns, and major political elections.”
How are hackers taking advantage of the outbreak?
Attackers have even published malicious mobile apps which claim to be able to do impossible things like detect whether an individual is infected
JL: “There have been several recent cybersecurity attacks designed to prey on people’s fear regarding COVID-19. Several malware campaigns have been identified which wrap malicious software inside of seemingly “useful” applications which claim to inform or protect people from the virus.
“We’ve also seen countless phishing emails that have been sent to entice people into divulging sensitive information or installing malware. Fraudulent activity has also been observed with some malicious actors claiming to be able to send COVID-19 immunizations in exchange for untraceable cryptocurrency.
“Attackers have even published malicious mobile apps which claim to be able to do impossible things like detect whether an individual is infected.”
What does all this mean in an environment where businesses are already concerned about cyberattacks?
From a cybercriminal’s perspective, everything presents an attack surface
JL: “This sort of activity really highlights the fact that attackers are continuously adapting their methods to exploit whatever vulnerabilities they can for their own benefit.
“From a cybercriminal’s perspective, everything presents an attack surface, including people, so finding new ways to manipulate or abuse these attack surfaces is a constant effort. This is really exemplified by the fact attackers are willing to exploit a serious health concern for financial gain.
“Every organization on the planet is a target for cybercriminals and businesses that aren’t making an effort to continuously identify and mitigate risks are in a very dangerous position.”
What does people now having to work remotely mean for their organization’s security?
We can expect increased exploitation of remote access and client VPN deployments which may be rushed, untested, misconfigured, or insecurely implemented
JL: “Many businesses are not well prepared to manage and maintain a remote workforce. The technical challenges presented by an urgent need to provide remote access will likely lead to an increase in security risks for many.
“We can expect increased exploitation of remote access and client VPN deployments which may be rushed, untested, misconfigured, or insecurely implemented. We might also see an increase in internet-exposed and compromised services and systems due to the need for IT teams to provide access to resources which are typically stored behind approved firewalls.
“There will likely be other issues, too, like a rise in credential theft caused by attacks targeting public wireless connections, and potential issues associated with inadequate network security in private residences.”
What proactive measures can businesses take to ensure risks of a breach are kept to a minimum?
Ensure the proper utilization of network, server, and remote-access technologies for remote workers
JL: “Implement and enforce effective multi-factor authentication (MFA) for all systems, especially those containing sensitive data. Ensure the proper utilization of network, server, and remote-access technologies for remote workers.
“Review and verify the health and effectiveness of backup and disaster recovery (BDR) systems to guard against things like ransomware. Be sure to proactively monitor packets, event logs, system access, and service health for any signs of attacker activity.”
What can individuals do to best mitigate being a victim of a cyberattack?
Any unusual communication, whether it’s email, text message, or even a phone call, should be treated with suspicion
JL: “Be conscious of the fact that attackers are taking advantage of the current situation to exploit you, and be aware that they will take advantage of similar events in the future—understand that cybersecurity threats will only continue to rise even after COVID-19 has gone.
“I’d recommend that everyone remains vigilant and be mindful of how their actions could potentially endanger themselves and their organizations—remember that attacks can come from anywhere. Any unusual communication, whether it’s email, text message, or even a phone call, should be treated with suspicion.
“Avoid opening links, attachments, or applications from unconfirmed sources, and notify IT, security, or HR staff if you observe suspicious or threatening behavior which seems like it could have originated from an attacker. Finally, stick to trustworthy, legitimate organizations like the WHO and the CDC when looking for additional information related to COVID-19.”
Impact Networking’s Managed Security program provides vital cybersecurity protection for clients, keeping their minds at ease in the knowledge that their IT infrastructure is being monitored and maintained by our security experts.
We’ve vetted 100s of vendors to ensure that our program utilizes best-in-class solutions for our clients. In today’s landscape, a comprehensive cybersecurity program has never been more important. Learn more about Impact’s offering here.