The COVID-19 pandemic has disrupted the world in ways never seen before. It has resulted in recessions in different countries that are expected to last longer than previous economic downturns. On the tech side, it is pushing companies to adopt digitalization on a larger scale and faster rate.
Expedited digitalization is by all means a welcome development. However, businesses need to be mindful of possible pitfalls. In particular, there is a need to watch out for new and more aggressive cyber threats. The coronavirus pandemic has had an effect on cybercriminals’ activities. However, instead of retreating, cyber crooks have become more active in their felonious attacks. The unholy pandemic-recession duo has not only resulted in health and economic problems. It appears to have heightened concerns involving cybersecurity.
Table of Contents
The FBI noted how cybercrime increased by four times since the onset of the COVID-19 outbreak. In an online conference initiated by the Aspen Institute, FBI Deputy Assistant Director Tonya Ugoretz reported that the agency’s Internet Crime Complaint Center (IC3) has been receiving up to 4,000 complaints per day, a massive jump from the previous daily average of around 1,000.
Ugoretz did not expect the dramatic rise, thinking that “criminals are human beings too, and maybe they would think that targeting or taking advantage of this pandemic for personal profit might be beyond the pale.” Unfortunately, the reality is totally different from the expectations.
Digitally-adept criminals are sinisterly ingenious. They find creative ways to target, lure in, and attack their victims. “We’ve seen people set up fraudulent COVID charities, promise delivery of masks and other equipment, and then deliver fraudulent loans, extortion, etc. So pretty much, sadly, anything you can think of. Cyber-criminals are quite creative,” Ugoretz said.
Similarly, the United Nations rang the alarm on the rise of cybercrime. Izumi Nakamitsu, UN Disarmament Chief, highlighted the spike in cybercrime as the world moves toward greater technological innovation and collaboration in response to the pandemic. Nakamitsu said there had been a 600% increase in the volume of malicious emails reported.
Vulnerabilities to Watch Out For
Essentially, the vulnerabilities identified as COVID-19 wreaked havoc globally are similar to the security issues already known before. The difference is in their focus. Security experts see a pattern of bad players taking advantage of the chaos created by the pandemic.
For one, Trend Micro identified a scheme that sought to deceive internet users into installing a malware-laced COVID-19 information tracker. The malicious software, which has “Coronavirus Installer” in the description, is capable of overriding a systems master boot record (MBR). Once the malware runs, what it does is to forcibly restart a device and show a window you cannot exit from that supposedly shows COVID-19 information. It cannot be closed through its X button. Closing it through the Task Manager is not possible because the malware disables the Task Manager.
On the other hand, there are reports of hackers working doubly hard to access COVID-19 research databases. These attacks reportedly target universities, healthcare firms, and pharmaceutical companies.
Moreover, cases of phishing and spam have increased, leading Google to issue a warning. “We’ve been seeing COVID-19-related malware, phishing, and spam emails rising in India, Brazil, and the UK. These attacks and scams use regionally relevant lures, financial incentives, and fear to create urgency and entice users to respond,” wrote Google’s Neil Kumaran and Sam Lugani.
How Businesses Can Get Protected
On the software side, nothing much has to change. Businesses that already have sound cybersecurity systems can expect adequate protection from the solutions they already have in place. However, businesses that are not sure of their security need to undertake a thorough evaluation of their security practices.
It is not enough to rely on bare minimum security such as antivirus software or other low-cost security tips. Most antiviruses nowadays already come with a ton of useful tools such as link checking, password management, account security, firewalls, and browser control. However, they do not guarantee sufficient protection.
Comprehensive security validation is necessary for organizations that have not availed of enterprise-grade security systems. This validation involves simulations to test possible vulnerabilities with the most recent threats and security weaknesses taken into account. It scans for security gaps and generates actionable insights for improving cybersecurity. Through multi-vector, internal, and external threat testing, companies can be sure that there are no lapses that can be exploited by bad players.
Security validation covers not only the software side, but also the human aspect of security weaknesses. As an IBM and Cyber Security Intelligence Index study found, 95% of successful security breaches were attributable to human error or negligence. Security validation attempts to plug all vulnerabilities that allow cyber thieves to manipulate people into weakening their security systems unwittingly.
Still, validation does not provide a foolproof defense. As such, regular orientation, education, training, and reminders are a must for everyone working in an organization. This is particularly essential as many companies adopt work-from-home arrangements. The new setup can open various opportunities for hackers. The use of new software can expose businesses to novel threats.
Zoombombings in the Zoom teleconferencing platform, for example, has shown how easy it is for bad players to launch attacks. Zoom is so easy to use, that it successfully attracted many users. With this intuitiveness, however, most users fail to undertake security checks such as the changing of default settings to make meetings more secure.
Greater Caution Is a Must
It is inevitable for businesses to accelerate their digitalization efforts to facilitate their shift to online ways of doing business. However, prudence is vital in rapidly going online and digital. Companies that are unfamiliar with the new setup they are adopting can become sitting ducks for cybercriminals. It’s easy to commit security missteps when an organization focuses on acclimatizing with a new system while worrying about the state of their businesses in the midst of a pandemic and recession.