COVID-19 Related Cybersecurity Risks on the Rise
As a result of the coronavirus outbreak, many companies are instituting work-from-home policies – and creating a new outlet for cybercriminals to prey on employees’ weaker security, as well as their pandemic fears.
A recent Europol report warns that hackers are shifting tactics to target remote workers, responding to their decreased mobility, increase in telework, and pandemic anxieties. This includes attacks on more vulnerable home routers, hacking DNS IP settings to direct unsuspecting users to websites the attackers control.
Other cybercriminals are posing as the World Health Organization’s COVID-19 app to install malware – a strategy that has increased five-fold from February to March, so far claiming about 1,193 victims. There was also a 350% increase in phishing websites over the last three months, with researchers finding more than 300,000 suspicious coronavirus-themed websites.
Meanwhile, Alexander Urbelis, the hacker turned information security lawyer and founder of Blackstone Law Group, discovered a breach on the WHO’s designed to replicate portals used by remote employees, and has warned of similar sophisticated attacks to come, particularly for those working from home.
“There have been so many data breaches with all of our passwords for so many years now that there’s always a password that you can associate with an individual,” he told NPR. “And so what the bad guys, the threat actors, will try is password spraying — just taking your username with your password and variations on a theme of your password and trying to brute force their way into your office systems.”
As employees shift to telework, they need to understand that the organization’s safety increasingly rests on their ability to observe healthy cybersecurity practices.