Coronavirus crisis

How to protect remote workers from the coronavirus crime wave

As predicted, the coronavirus crisis is bringing out the worst in cybercriminals. But the attacks are really just old exploits modified to exploit the new coronavirus context. Here’s how to beat them.

security threats and vulnerabilities

Coronavirus crisis

Show More

The biological coronavirus is being accompanied by the digital virus of rising cybercrime.

This was easy to predict for these two reasons:

  1. Millions of white-collar workers were allowed or ordered to work from home without proper warning, planning or provisioning.
  1. The Covid-19 pandemic has made people fearful, which is a state of mind that makes them easy to trick or manipulate.

The enterprise cybersecurity company Cynet published data recently showing that the coronavirus crisis is being actively exploited by threat actors and is impacting enterprise information security. These attacks so far are coming in two forms: 1) attempts to steal remote user credentials; and 2) "weaponized" email-based attacks (phishing attacks).

The report also found that attackers are concentrating their efforts on the countries most affected, with twice as much attention in recent weeks on Italy. That suggests, now that the United States has more coronavirus cases than any other country and is entering a period of runaway contagion, that U.S. companies will now get the overwhelming majority of attack attempts.

The security firm Zscaler reported similar trends. They said that hacking threats have increased 15 percent each in January and February and 20 percent in March. Many of these attacks involve social engineering attacks that exploit user fears of the coronavirus. Zscaler sees the new energy behind coronavirus-related attacks falling into four broad categories:

  1. phishing attacks
  2. ransomware
  3. pharmacy scams
  4. remote access vulnerabilities

Those phishing attacks involve fake-charity scams, miracle cures, shut-down related rebates or tax breaks, fake news links and fake apps downloads.

An example a fear-exploiting phishing attempt

One example of how fears are being exploited: A phishing email is being sent to users working from home offering a free app that shows where coronavirus infections are occuring. The map is based on a real map produced by Johns Hopkins University. Once the app is installed, it executes a classic ransomware attack, encrypting files and demanding bitcoin for their de-encryption.

Crooks are also socially engineering IT helpdesk people. With a rush to remote work, hackers are tricking support into giving them VPN credentials, which grants them employee-level access to the company network.

Another risk is that slow networks could incentivize employees to turn off VPN connections. Consumer networks being used by remote workers at home are slowing because of suddenly heavy use. Enterprises are routing traffic through the data center for inspection before turning it loose on the Internet. All these slowdowns may inspire employees to skip VPN access to the internet.

Researchers at Bitdefender found that searches on the Android app stores for coronavirus-related apps, especially medical apps, is exploding. Cybercriminals have noticed, too, and have been packing apps with malicious payloads. Many of these have been removed from the Play Store by Google after thousands of downloads. Third-party marketplaces still offer them.

Some malicious actors are brute-forcing and the remote management credentials of Linksys and D-Link routers and changing DNS addresses to divert people to websites offering fake cures and malicious coronavirus-information apps, according to Bitdefender and Bleeping Computer.

The security firm Forcepoint published information about a host of new scams that exploit the coronavirus crisis. One scam in their report involves an email that claims to link to a coronavirus update voicemail. The "link," which is actually an embedded HTML file, connects victims to a fake Microsoft Outlook login page that harvests passwords.

The most laughable scam to date, discovered by Malwarebytes researchers, is a software antivirus product that promises to protect you from the coronavirus. If anyone is duped into running the update.exe executable, the victim's PC is turned into a DDOS bot that can also steal personal information from the user.

In case you didn't already know, cybercriminals are jerks

Part of some hackers' agenda appears to be to magnify the harm caused by the virus. One group of hackers called DarkHotel posted a website in mid-March that fraudulently presented itself as an email login portal for World Health Organization employees, so they could steal passwords.

A cybersecurity expert and attorney with the Blackstone Law Group said that around 2,000 malicious coronavirus-themed websites are being set up every day.

A British company called Hammersmith Medicines Research, which is preparing to test coronavirus vaccines, was hit by a ransomware attack on March 14. The ransomware part of the attack was thwarted, but not before the attackers stole and publicly published some patient records of volunteers who participated in previous trials.

And a database of coronavirus patients in the Indian state of Kerala, and everyone they came in contact with, along with addresses and other personal information, was reportedly hacked.

10 tips to fend off the attacks

The way to understand these new attacks is that they're really old attacks that have been modified to exploit the new coronavirus context of unprepared remote workers who are nervous about the effects of the pandemic on their health and wellbeing.

The best way forward is through aggressive policies, communication and practices:

  1. Communicate on phishing attacks that exploit coronavirus concerns
  1. Communicate on best practices for keeping confidential information confidential
  1. Remind work-from-home employees to not use personal laptops or unencrypted connections
  1. Explain the need to use VPN, no matter how slow
  1. Enable non-SMS multi-factor authentication on as many products and services as possible
  1. Use a password manager and change all passwords to strong passwords
  1. Encourage users to never use third-party Android marketplaces for downloading apps.
  1. Make sure you update and communicate your policies, including your work-from-home policy. Specify which applications and cloud resources are approved for use.
  1. Establish clear and alternative lines of communication. Be able to reach all employees both via the internet and also the phone networks. Make sure employees know how who to contact for security-related emergencies, both online and by phone.
  1. And finally, try to turn adversity into opportunity. Many workers are working harder and more than ever; others may have additional downtime because of business slowdowns or other reasons. Any paid downtime should be filled with training, education, the completion of certifications and other projects that benefit the company and the employee.

The coronavirus crisis will prove to be a major test of organizational survival and business continuity. But the most pressing and immediate concern is the new crimewave that seeks to exploit all those remote workers.