According to the website of the World Health Organisation (WHO), it has witnessed a dramatic increase in the number of cyber-attacks directed at its staff. It has also reported an increase in email scams targeting the public at large since the beginning of the Covid-19 pandemic. Scammers impersonating WHO in emails have also increasingly targeted the general public in order to channel donations to fictitious funds and not the authentic ‘Covid-19 Solidary Response Fund’. The latest security intelligence report by RiskIQ which is titled ‘Evil Internet Minute 2020’ has put together an interesting overview of the malicious consequences that may occur online in just 60 seconds.
According to a Forbes report by Davey Winder, an astounding number of 375 new cyber security threats may emerge in 60 seconds as suggested by RiskIQ. He wrote, “Primarily, it would appear, as a result of the Covid-19 threat, which has seen a surge in attacks that leverage the pandemic in one way or the other.”
A survey by the cybersecurity firm Check Point in April stated that most organisations have seen a rise in security threats and attacks during the Covid-19 pandemic. An increase in security threats and attacks were reported by about 71% of those IT and security professionals who were surveyed. Additionally, 61% of the respondents said they were concerned about security risks of the changes made to enable remote work.
Reacting to the different types of cyber threats, Zakir Hussain, Director, BD Software Distribution, told BE, “Security procedures were not in place when people suddenly started working from home. Starting from weak passwords to multiple devices connected on the home Wi-Fi network, the threats to their digital lifestyle are constant. Only education and awareness of the threats can help. Secondly, a lot of people who earlier had nothing to do with digital working were suddenly doing payment transfers via smart devices, video calls, and using the internet for entertainment. All these developments were actually a gold mine for the bad actors.” He further added, “From losing data to ransomware to losing money from banks there will be various common security issues which will surface in the coming days.”
In an article titled, ‘Cyber security risks during a pandemic’, Joanne Cracknell and Shauna McAuley wrote that phishing and smishing are the common ways for cyber criminals - using emails and SMS messages - to obtain personal information or gain access to an organisation’s computer system, seeking out valuable personal and financial information. The emails and SMSs appear to be from a genuine source but are in fact fraudsters impersonating a genuine organisation.
The respondents of the Check Point survey also informed that phishing attempts (55%) and websites claiming helpful information on coronavirus (32%) have emerged as the leading threats to organisations. In phishing attacks, a bad actor steals sensitive information by tricking people to open an email, instant message, or text message containing malicious links or attachments. A staff must be trained in order to prevent phishing and smishing successfully. Additionally, the use of technology to block suspicious emails and prevent penetration in the event of a fraudulent link being clicked is also of utmost importance.
Experts are of the opinion that fraud also takes place during an online payment when a hacker intercepts the email communication between a business and its clients, compromising online transfers. Video conferences also have increased because of the pandemic and these applications can collect a wealth of information, including locations and IP addresses. In order to minimise the risk of privacy and data breaches, remote workers should only use applications which offer long standing IT support and have effective security in place and ensure that their staff receive the necessary training. Also, in case of online transfers, bank account details and invoices should never be sent in an open email.
Talking about technologies to prevent the threats to cyber security, Hussain said, “There are many technologies which are already available in the market for the user to keep the threats away. But earlier, they were not used in homes, as no one thought that work would shift to homes. It is up to the user to be aware, learn and understand the threats and accordingly prepare to combat the threats with the help of all the cyber security products available.”