Cybersecurity in the age of COVID-19
As the coronavirus pandemic sweeps across the globe there is a new kind of virus that has been picking up speed – cyber attacks. As with most trends out there, various hackers and criminals from around the world have taken drastic action to seize the moment and harness the fear and desperation that has infected our planet due to the spread of COVID-19.
Fake Websites & Posts
Over the weekend U.S. Justice department got an order closing a website selling what it claimed was a virus vaccine. Additionally, Twitter and Facebook as well as other popular social networks have been working hard to take down fake posts related to COVID-19.
Kaspersky has also found attackers using another method: They infect a smartphone with something unrelated, most likely through a link. However, this malware triggers a process that makes a pop-up claiming to be a “Coronavirus Finder”. For a small fee payable by credit card it will show people nearby you who are infected with the virus.
Scott Jones, head of the CSE’s Canadian Centre for Cyber Security, told CBC News in an interview, “We’ve taken down some COVID-related fake sites out there. We work with partners to do that type of thing. We’re taking action”.
It is evident that North America and the world alike are being shaken up by this cyber epidemic, which is a clear sign that a new trend in cyber crime has emerged.
Tugging on Heartstrings
Farhaan Ladhani, director of the Digital Public Square at the Munk School of Global Affairs, has been researching disinformation around the COVID-19 pandemic. “Online communities are seeing higher and higher levels of participation as people seek information. All of this can combine with the potential for malicious actors to capitalize on a situation,” Ladhani said.
New cases have recently emerged of swindlers trying to pitch miracle cures to treat or prevent coronavirus, and some private companies are offering faster testing when in fact only hospitals can perform these tests. In at least one case reported to the RCMP, criminals tried to sell a fake list of all the infected people in a neighbourhood.
Video Hacking and Phishing
Cyber criminals are also mimicking the government to send out coronavirus phishing emails with malicious attachments, the RCMP reported. The Canadian Anti-Fraud Centre (CACF) said Friday that it had received 75 reports since March 5, 2020 for coronavirus-related scams, with 13 of those reports resulting in a fallen victim. In one scam which was reported, fraudsters pretend to be processing EI claims, preying on Canadians who’ve recently lost their jobs.
Protection from these scams involves:
- Don’t respond to any requests for sensitive information
- Use reputable websites, such as the CDC or WHO, to rely on up-to-date on coronavirus information
- Hover over the sender’s email address to verify whether or not it’s a legitimate domain from a familiar organization
There has been a new trend of “Zoombombing” – crashing meeting with malicious, offensive, racist or pornographic content. In one case, Lance Gharavi, who is teaching his spring semester courses at Arizona State University online using the Zoom meeting platform, said one of the participants used a Zoom feature that lets a user display an image or a video in the background in order to show a pornographic video.
In addition to participants mis-using Zoom, there is also an increasing trend of hackers looking to exploit the popular conferencing platform. Researchers at cybersecurity company Check Point found that it was possible to exploit the way Zoom generated URLs for virtual conference rooms and use this to eavesdrop on meetings. By using automated tools to generate random meeting room IDs, researchers found that they could generate links to genuine Zoom meetings without password protection 4% of the time during tests.
Here are a few ways to protect yourself:
- Keep Invites Private
- Don’t Use Your Personal Meeting ID
- Require a Password
- Turn Off Screen Sharing
You may read this and say, “I would never fall for it!”. We all often say that, until someone comes along who happens to outsmart us and boom – mistake has happened and then we sit wondering, how did we fall for something like this?
To avoid the mere possibility of this happening, we recommend that you follow closely with the development of the latest threats, and follow us on social media and our blog in order to get the latest information.