Cybersecurity in a time of Coronavirus

Amidst the confusion, uncertainty, doubt, and fear arising from the very real, world-wide pandemic known as the coronavirus, or COVID-19, there is a certain level of sentiment of unification that helps bring out the best in people.  I’m referring to that good stuff that defines us as good humans by having positive thoughts and empathetic feelings towards ourselves, our family, and our fellow neighbor during times of crisis such as this.  We saw it during 9/11, we’ve seen it during major meteorological catastrophes, we’ve seen it during mass community shootings.  What about the cyber world?  We would think that at times like these, cybercriminals would take a break from crime given the sheer scale of this world emergency.  Well, as it turns out: NO!  That is certainly not the case, but rather quite the opposite!

It is quite unfortunate and reprehensible that even in times like these when the whole of humanity is searching for ways of dealing and coping with this terrible situation, cybercriminals continue to find ways of capitalizing on cybersecurity vulnerabilities and are weaponizing new threats that we now need to pay even closer attention to.  Entire cities, states, and countries all around the world are being urged to buckle down, stay home, and telework as much as possible.  Schools across the country are closed, and assignments for children are being administered and turned-in electronically.  This situation has turned into a very ripe recipe for cybercriminals to run wild, and it is up to all of us as good citizens of cyberspace to help prevent this from getting out of control.

No other global pandemic or humanitarian crisis of this magnitude in history has been subject to threats of cybercriminals and their underground organizations, and today we find ourselves living in a world where cybercriminals are carrying out brand-spanking new COVID-19 themed phishing attacks and delivering malicious payloads via email using bogus COVID-19 tracker map attachments3,4,5.  If that wasn’t bad enough, there are also new reports of COVID-19 themed ransomware attacks directed at the healthcare industry1,2,6 .  Yes, it is not a type-o, and to reiterate: the healthcare industry is currently under attack by COVID-19 themed ransomware attacks.  The healthcare industry was already under assault even before this pandemic, but now it has worsened.  Healthcare professionals all around the world on the frontline are laser-focused combating COVID-19 in real-time, are being kept away from their families and are putting themselves in serious health risk.  Now these same unsung heroes are being slammed with attacks where they are forced to pay up in order to continue handling real emergencies and continue saving people’s lives.  Just when I thought that the cyberattacks on school districts was bad, this latest wave of against the already vulnerable healthcare industry is a new low in my book.

In conclusion, please ask yourselves if you haven’t already:  What can we do about all this?  How can we sort out the mess in the world of cybersecurity, while also dealing with this serious health threat?  How can we protect ourselves, our loved ones and our society as a whole from this new manifestation of cybercrime?  This a prime moment for us to continue to be good humans by uniting and collectively defending ourselves from these cyberattacks through continued and increased vigilance of phishy emails, phishy phone calls, phishy texts, and phishy attachments from people we don’t know or that have been made to seem like they originated from people we know.  I suggest we step back, slow down a bit more and “think before we click”.  It’s tricky to do especially when sifting through thousands of emails each day as is the case with most folks I know, whom by the way are also unsung heroes.  But it is better (much lower risk and effort) to closely verify the contents of each email, phone call, text, and attachment received than fall victim to this latest (or quite frankly any) wave of cybersecurity threats.  Many will be working from home possibly for an indeterminate amount of time until this pandemic blows over, and we (ourselves and our loved ones) will be even more exposed to internet usage.  Therefore, we must also keep an even greater degree of cybersecurity awareness and maintain a stronger defensive stance as we weather this storm together.

I wish you all the very best during these trying times of our generation. Remain vigilant, stay healthy, and be safe out there.

 

References:

1 https://www.bloomberg.com/news/articles/2020-03-16/u-s-health-agency-suffers-cyber-attack-during-covid-19-response

2 https://www.modernhealthcare.com/cybersecurity/hackers-taking-advantage-covid-19-spread-malware

3 https://www.marketwatch.com/story/hackers-are-using-coronavirus-concerns-to-trick-you-cybersecurity-pros-warn-2020-03-12

4 https://www.infosecurity-magazine.com/news/infostealing-coronavirus-threat/

5 https://www.forbes.com/sites/thomasbrewster/2020/03/12/coronavirus-scam-alert-watch-out-for-these-risky-covid-19-websites-and-emails/#410f81841099

6 https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/coronavirus-used-in-spam-malware-file-names-and-malicious-domains