With over 550 cases identified in the US and 22 deaths as of 3/9/2020, the coronavirus is one of the most dangerous and deadliest infections that have swiped the country and the world in recent decades. Health organizations are struggling all over to address the current crisis and their ability to do so is being tested on an almost hourly basis. Because no cure or vaccine has been identified, the primary method of defense is information, and that has created a second threat, a Cyber-Coronavirus epidemic.
Cybercriminals are using the worldwide concerns about the coronavirus (Covid-19) as an opportunity to launch email-based cyberattacks on unsuspected victims looking for information about the crisis. On their latest iteration they are forging emails mentioning the outbreak that appear to be from business partners or public institutions in an effort to get users to open the messages, unleashing malware. Researchers with IBM X-Force and Kasperky have discovered that hackers are sending spam emails to people in the hopes of infecting smartphones and computers with malicious software.
While the attacks initially targeted people in the United States and Japan, Proofpoint noted recent examples are targeted at Australia and Italy, where Italian-language lures are being used. One of the major challenges that organizations are encountering is that the new attacks are happening across operating systems and devices, making it harder to enable a comprehensive safety policy.According to the security company, malware and email viruses that use Coronavirus-themed lures to trick people have spread to over a dozen countries, and attackers are beginning to register lookalike URLS and creating fake "Coronavirus" web sites in order to carry out their criminal activities.
What can you do to protect your company (or yourself).
- Always exercise caution. Validate that any email or web site you access are the ones you intended to reach, watch out for "versions" of the original site you were trying to connect to. Don't open sketchy links sent to you via text or email. Don't answer suspicious phone calls and don't download attachments that you didn't ask for.
- Be sure to only install official updates and if possible from the original vendor site. In 2019, millions of Android phones were reportedly infected with malware through a fake Samsung app. The same can happen for "updates" to operating system applications, "new" apps/drivers, etc.
- If you think you have been infected, stop immediately, close all of your applications, inform your IT support team, and wait for their instructions. You can also follow your operating system or security/antivirus vendor recommendations about how to deal with a computer virus infection.
If you are not sure about what you can do to protect your company, you can contact us for a FREE, No-Obligation, CyberSecurity Vulnerability Assessment for your company.