1. How has cybercrime changed as a result of Covid-19?
COVID-19 hasn't necessarily changed the way cybercriminals work, but it has radically changed where and when we see spikes in cybersecurity attacks. As the pandemic unfolded and moved around the world, the cyber threat ecosystem of related attacks closely followed. Coronavirus attacks first appeared in Asia before similar attacks occurred in Eastern Europe and then Western Europe.
About the Author Dr. Alex Tarter is a Cyber Consultant and Chief Technology Officer at Thales. What is clear is that the pirates hope to capitalize on public fear. As a global population, we have proactively sought out as much information as we can to brighten our daily lives, but also to make us feel safe. Many post-COVID-19 cybercrime cases have been designed with this fear in mind, making it more important than ever that we address cybercrime as a global problem affecting healthcare organizations, individuals, and businesses.
2. What attacks do hackers launch?
Whether for financial gain, hoarding data, or spying, hackers target individuals and institutions through a wide range of COVID-19-related attack methods to satisfy these motivations. From the beginning of 2020 to the end of March, around 16,000 COVID-19 related domains were created worldwide. Some of them were created to provide genuine information or advice about the virus, while others were designed under the guise of more altruistic platforms. It appears that 50% of the COVID-19 related domain names created since December have the ability to inject malware, with some malware masked by duplicating websites with authentic information. This includes attracting users to websites that allow them to track the progress of the virus on an interactive map. We have also seen an increase in scams and spam attacks. Scam campaigns or compensation emails (BECs) do not necessarily distribute malware, but require users to pay a certain amount of money, either under the guise of scarcity or under the cover of a charitable donation. Clearly, in many of the COVID-19 attacks we see hope to tap into the worry and fear we all feel. In addition, we have seen the development of new Android applications that allow users to track the spread of the virus around the world, such as CovidLock. Many of them are corrupted and contain ransomware or ask for bank information. At the same time, major spam campaigns have also been launched, deploying ransomware, crooks (data stealers) or banking malware (eg TrickBot, Agent Tesla, etc.). It is also understandable that much of the cybercrime in recent months has tried to divert many aspects of the government response, from government advice to self-seeking support. finances or advice from healthcare providers on how we can keep ourselves and our families safe. On top of this, there has been a significant increase in attacks by state-funded hacking groups (Advanced Persistent Threat), who have used COVID-19 as a pretext for broader spying campaigns. If we refer to mid-February, the Hades group, which is supposed to operate from Russia and is linked to APT28 and APT41, was one of the first state-funded groups to coordinate such an attack. The group hid a C# Trojan horse in emails ostensibly from the public health center of the Ukrainian Ministry of Health and containing the latest news on COVID-19.
4. Has cybercrime increased because more people are working from home?
As the world struggles to combat COVID-19 and mitigate its impact, large numbers of us have started working at home. With an increasing number of people opting for remote work, often with little notice or preparation, the government has implemented travel bans or lockdowns, the risk associated with Shadow IT has increased dramatically. Businesses are working hard to ensure their desktop IT systems are safe and secure, but with some employees now relying on unknown personal devices or unsecured networks, known as Shadow IT, they could effectively become a stolen gateway from your largest company's computer network. This makes it an important target for those with malicious intent.
5. What can companies and workers do to better protect themselves? What are the basic rules?
Businesses and workers can take many steps to protect themselves as much as possible. At the outset, it's essential that employees use only your company's IT tools, software, and devices as much as possible. These devices must have built-in secure VPNs. Workers must also take their own responsibility to protect themselves and the data they work with, primarily by not downloading any unknown applications or software. It is always possible that any additional software downloaded, which is not integrated into the larger corporate security system, is not secure enough, is downloaded too quickly, or is itself malicious. Finally, it's the old saying, but employees should also be careful to only use USB sticks or connected devices of known origin, and make sure to keep their devices regularly updated with the latest security software.
6. When the world returns to "normal", what lessons should companies learn from this crisis?
In the end, the past few months have been a stark reminder of the importance of cybersecurity preparedness, for businesses and employees alike. Part of this is education, making sure we all know how cybercriminals work, how they work to take advantage of what's going on in the world, and how we as individuals fit into it. However, the second, and potentially even more crucial, aspect of this preparation is built-in protection. For the future, it is essential that our computer systems, devices and users are equipped with the security they need, such as encryption and multi-factor authentication, not only to protect us from cyber harm, but also for ourselves. It gives us the peace of mind we need. to continue our daily life with a bit of normality.