Shane Chambers No Comments

These are undoubtedly strange times we are living in, with unprecedented changes taking place in our lives all over the globe in order to fight the pandemic that is Covid19. Suddenly, a sizeable chunk of the workforce is working from home, in many cases for the first time. Companies are scrambling to put in place plans to accommodate this, working out whether to allow users to use their own devices, or provide company laptops or desktops for any displaced staff. Moreover, many people are out of work altogether and confined to their homes, spending significantly more time than usual browsing the internet, looking for the next clue online that will bring some certainty to their lives around the crisis they are living through.

With such a shift in online activity comes great challenges for technology companies and IT teams in ensuring their users are safe and their precious company data is secure – meanwhile cyber criminals have seen crisis as opportunity; the misfortune of others is a chance for them to take advantage of the confusion and make some extra money.

Ransomware has crippled various hospitals in the past, including many NHS Trust hospitals which were caught out by the infamous 2017 WannaCry attack.

The Covid19 pandemic is the perfect storm for cyber criminals to up the ante. Confusion reigns among users and misinformation is rife. Users who would normally be at work are now accessing the internet from home devices, which typically are not sitting behind the advanced firewalls, email filters and policies put in place by their organisations to protect them against malicious activity.

An ‘anti-virus’ that can protect against Covid19?

One thing that cyber criminals know very well is how to play the numbers game. They don’t need to craft a phishing scam so convincing that even the most wary of us would fall for it, they simply need to reach as many people as possible and pick up those who are not tech-savvy, the ‘low hanging fruit’.

One such scam that has recently appeared is “Corona Antivirus”, a piece of software that its creators claim is developed by Harvard scientists, and utilises “special AI development to combat the virus using a Windows app”. That’s right, an antivirus software that prevents the user from contracting Covid19, but only while your PC is powered on and the app is running.

We would advise you all to steer clear of this one, as what the app actually does is infect your PC with malware and allows cyber criminals to remotely control it, for use in Botnet attacks. The ‘antivirus’ software can also steal your passwords if they’re saved in browsers like Chrome or Firefox, take screenshots of your screen, and log every key you press to further steal credentials from you.

Phishing, phishing and more phishing

Another trend that is unlikely to change any time soon is how much cyber criminals love phishing. Over the last decade we’ve seen phishing rise to become consistently one of the largest attack vectors used by cyber criminals. These hackers will always try to take advantage of current events in order to trick users, and Covid19 is no exception, with a wide range of coronavirus-based scam emails already hitting the inboxes of users around the world.

We’ve seen phishing emails pretending to be from the CDC, advising users that Covid19 cases have been discovered in their area. We’ve seen emails with the latest health advice that the news hasn’t reported yet, which could be ‘crucial’ to keeping you safe. We’ve seen attempts to imitate official workplace emails, advising staff of new policies that are in place. We’ve even seen emails advertising a cure for the virus, but only if you act fast and buy now!

As with any email that you’re not expecting, you should always be vigilant and think before you click. Check for typos in the sender address and in the body of the email, as they can be a giveaway that an email is not legitimate. Hover over (but don’t click) any links to see if they take you to a genuine website, or something phishy. Requests for personal data, or emails that require you to log in to any of your work accounts should also be a red flag, as should any email that insists you need to act now. Creating a sense of urgency is one of the oldest tricks in the book to get users to click a malicious email.

Remember, if in doubt, throw it out! If it’s an email claiming to be from your IT team – give them a call or email them on an address you have used before. Never reply to a suspicious email or call any numbers listed in the email itself.

Some cyber criminals promise not to attack healthcare, is it true?

It’s fair to say that for many people, the Covid19 crisis has turned their world upside down, but in yet another twist, some cyber criminal organisations have shown a more altruistic side, and claimed that they will not attack healthcare facilities during the pandemic. Laurence Abrams, the founder of BleepingComputer, contacted some of the most infamous cybercrime groups to ask them a simple question – would they continue to target healthcare organisations while the world is facing the coronavirus?

The first to respond were the group behind the DoppelPaymer ransomware. They said that they always try to avoid hospitals, nursing homes and 911, although acknowledged that sometimes misconfigured networks lead to unintended targets getting infected with the file-encrypting malware anyway. They even went on to say that if hospitals are hit by mistake, “we’ll decrypt for free”, but added that they would continue to target pharmaceutical companies.

Another group, who are believed to be responsible for Maze ransomware, stated that they would stop attacking healthcare and medical organisations until “the stabilisation of the situation with the virus”. However, they declined to mention whether they would decrypt for free if targets were accidentally hit.

Unfortunately, these are only two out of countless criminal enterprises that will be seeking to profit from the crisis, and it’s believed that even if they all attempted to avoid healthcare, it would be impossible to do without completely shutting down their criminal operations. The definition of an ‘essential service’ has changed of late, with huge importance now placed on supermarkets, haulage and logistics companies, labs testing for cures and vaccines and much more. To further complicate things, companies such as BrewDog and Louis Vuitton are now using their facilities to produce hand sanitiser, and clothing companies such as O’Neill’s are moving to produce scrubs for medical staff – it’s difficult if not impossible for any criminals to know whether they are attacking infrastructure that is helping to combat the spread of Covid19.

So what do we do now?

Broadly, people need to do the same as always. Be vigilant of phishing emails and fake websites, don’t spread information that is not from a verified source, ensure you are using a good antivirus software (not Corona Antivirus) and always exercise caution when browsing online.

If you are suddenly working from home for the first time, consult with your IT team to ensure your PC is secure and you are accessing company files in a safe manner.

Cyber criminals are ever-evolving in their attempts to gain our hard-earned cash, and this is just the latest event that they are attempting to use to their advantage!