Thanks to COVID-19, the biggest global work-from-home experiment is taking place. However, with more individuals working from home, there is an increased risk of cybersecurity breaches. Not to mention the additional flood of Coronavirus and COVID-19 related scams that advertise malware, ransomware, and password jacking.
In fact, a quick search of the words “Coronavirus scam” and “COVID-19 cybersecurity” reveals a number of recent scams related to the pandemic. As an IT outsourcing agency that specializes in cybersecurity, we’ve taken it upon ourselves to list some of the top COVID-19 related cyber threats available out there.
Disguising itself as a COVID-19 tracker, this Android app has a very malicious nature. In fact, research shows that the application is laced with ransomware - a type of malware that demands payment to give victims back access to their phones. Victims of CovidLock will allegedly have to pay US$100 (approx. S$143) in bitcoins to unlock their device. Payment will have to be made within 48 hours.
To ramp up the stakes, the CovidLock app also threatens to erase the victim’s contacts, photos, videos, as well as leak the victim’s social media accounts. Despite this, there are technical blogs out there who have claimed to have successfully obtained the password key for victims of the CovidLock scam.
Learn more about CovidLock and its implications here.
2. Coronavirus Phishing Email
Cybercriminals have been targeting unsuspecting victims by sending phishing emails. Designed to look like they’re sent from the United State’s Centres for Disease Control, the emails aim to extract information out of the receiver through a link.
Allegedly, there are three different types of Coronavirus Phishing Emails. They are:
CDC Alerts: Scammy emails sent by criminals pretending to be members of the CDC. The emails often contain a link sent claiming to be a list of all the known Coronavirus cases in your local area.
Health Advice Emails: Opportunistic phishers have also sent emails that claim to offer medical advice to help protect people from the dread coronavirus. Just like any other phishing email, the health advice emails often contain a compromised link.
Workplace Policy Emails: Workplace phishing emails are common even before the Coronavirus. However, cybercriminals have taken to targeting various workplace accounts. Just like the other phishing emails mentioned above, the email will often contain a spammy link that will ask visitors for their personal information.
With proper education, it is easy to avoid falling for phishing emails. Some tips to avoid getting tricked include:
Beware of online requests for personal information: Any email requesting for personal information such as Social Security numbers or login information is a phishing scam. Legitimate bodies won’t ask for such information. Try not to respond to any email that asks for your personal data.
Check the email address: Phishing emails often use falsified addresses. Take a good look at the sender’s email address. If you’ve determined that it is an email scam, delete it immediately.
Watch out for mistakes: Oftentimes, if an “official” email contains punctuation and grammatical errors. It is likely that it is an email scam.
Education is a foolproof way to avoid having employees fall for phishing and email scams. Instead of relying on unsolicited emails, create a channel for employees to gain insights and reputable information regarding the current COVID-19 climate in Hong Kong. Encourage your employees to gather information from government and health care websites and agencies.
Learn more about the resources that employers and HR executives in Hong Kong should provide for their employees during this COVID-19 here. Alternatively, click here to find out more about the different COVID-19 email scams here.
3. Vulnerable VPN
Hackers are targeting vulnerable VPNs to deploy ransomware onto unsuspecting victims. Sources claim that VPN websites made by Pulse Secure, Palo Alto Networks, Fortinet, and Citrix. Although hackers are looking to attack mainly hospitals, organizations that use a VPN server might also be more susceptible to cyberattacks.
The attacks have been pretty bad and according to some sources, tech giant Microsoft has allegedly been forced to alert several dozen hospitals about the threat.
Learn more about these COVID-19 VPN attacks here.
Cybersecurity Tips for #WFH Employees in Hong Kong
As an IT outsourcing agency, we’re aware of some of the threats that employees fall for during this work-from-home season. Below, is a short compilation of all the cybersecurity tips you should advise your employees to take note of:
Use 2-Factor Authentication: A multiple-factor authentication allows you to add an additional layer of security to your password manager protection. 2-Factor Authentication can be used for work emails as well.
Pro-Tip: Encourage your employees to create long, complicated passwords that are unique to different accounts. Learn more about password protection here.
Only Use Work Devices: There is a chance that your work computer might be compromised without your knowledge. With work devices, there is often a range of software in the background that keeps it secure from potential threats. The same does not ring true for your employees’ home computers.
Limit Access: Try to disallow employees from accessing areas where some of the organization’s most valuable data is stored. Keep in mind that without the right security, there is a higher risk of having liable information leaked. For now, try to limit access from employees who might not need it.
Create a Cybersecurity Policy: Update your organization’s cybersecurity policy to include remote working. Let your employees know about the use of personal devices, along with updated data privacy policies.
As an IT outsourcing agency with employees working remotely from home in Hong Kong. We have some advice or two about transitioning from an office environment to working from home here.
Treat Your Personal Device Like a Work Device: When working from home, try to treat your personal devices the same way you would your work device. Therefore, try to avoid downloading unless it's from a trusted source.
Use Common Sense: Common sense is a good form of cybersecurity practice. During this circuit breaker period, try to remember this golden rule; updates regarding Hong Kong's COVID-19 situation will come from official sources (i.e. manager, school principal, HR executives). Always double-check the email address of the sender as these can often be faked.
Phishing (A.K.A email scams) have been on the rise since the COVID-19 pandemic. A thorough scan of the email can reveal whether or not it is legitimate.
Are there any cybersecurity concerns that plague your HR team or organization? Learn more about the different cybersecurity threats that plague all companies with A Very Normal Company here.
*This article first appeared at BGC Singapore under the title, "3 COVID 19 Cybersecurity Threats to Take Note of in Singapore". Click here to view the original article.