A Quick Guide to the Most Common Coronavirus Cyber Threats
The COVID-19 pandemic and its highly contagious nature have forced businesses to adopt stringent precautionary measures. With social distancing and quarantining becoming a way of life, most businesses, including Amazon, Microsoft and Facebook have embraced the remote work culture.
While this may seem like a convenient temporary arrangement, the remote work culture poses a new set of challenges from a security standpoint. If neglected, these vulnerabilities can prove to be fatal for a company’s goodwill and destroy it in no time. So, we decided to discuss some of the most common coronavirus cyber threats that continue to haunt the virtual world. We shall also discuss viable solutions that can help control these security risks.
Avoid Websites without SSL Certificate
While working remotely, you must make it a point to access secure websites that make use of an SSL certificate. You can identify such sites by looking for a green padlock in the URL bar, which indicates that the website makes use of the HTTPS protocol. This implies that the server-client communication is encrypted with cryptographic keys, which prevents in-transit data interception. Using unsecured websites could result in the loss of sensitive corporate data.
According to Google, over 240 million daily spam messages are detected by Google’s AI filters, which are exclusively linked to the COVID-19 pandemic. This is a 667% increase in phishing campaigns since the end of January 2020. Phishing attacks are launched by cybercriminals to scam users, introduce malware into the system, or steal sensitive information. This not only endangers your privacy but could also pave the way for cybercriminals to break into your company’s private network. As a result, it could lead to ransomware or supply chain attacks.
Although Google’s AI technology eliminates over 99.9% spam emails, you may still find one in your inbox. So, if you receive an email containing critical information about the novel virus or potential cure, then you can be sure that it is a phishing attack. The WHO or the CDC does not send notifications or alerts to the public via email, social media, or text messages. Instead, they post notifications on their official websites or use the mainstream media to disseminate critical information.
Clone Phishing via Replication of WFH Applications
There has been a sharp increase in the number of domain names registered, which resemble some of the most popular applications used by WFH employees such as Zoom, WebEx, and Microsoft Teams.
Cybercriminals do this to launch clone phishing attacks, in which they impersonate an authentic application and reach out to users via email. In the email, the miscreants create a message that’s pretty much similar to what the authentic application sends out. They use it to trick unsuspecting users into clicking on a malicious link, under the pretext of a missed meeting.
However, a closer look at the domain name in the link would show something like ‘z_oom.us’ or ‘zoom/.com’ which is deceptively similar to the official application ‘zoom’. The same goes for other web conferencing and collaboration applications like Microsoft Teams, WebEx, TeamViewer, and other applications.
While working remotely, you probably make use of Remote Desk Protocol (RDP) to access corporate data from your home. However, it would help if you were extremely cautious about it because cyberattacks on RDP servers have almost tripled since coronavirus lockdowns.
At present, over 4.5 million RDP Ports remain exposed and unless companies implement strong security measures. Cybercriminals may deploy malware and carry out successful ransomware attacks. As RDP credentials are usually stolen through Bruteforce attacks, companies must compel employees to set strong passwords and use Multi-Factor Authentication.
Also, limiting the number of login attempt per IP can help stop cybercriminals in their tracks. Another way to minimize RDP related security breaches is by not allowing its access through the open internet.
Quite a few companies rely on VPN tunneling to add an extra layer of security by camouflaging the internet activities of their employees. While VPNs do provide the user with a certain degree of privacy, they also come with more massive risk. To minimize the security risks that come with VPNs, start by choosing a reliable and reputed service provider who won’t leak your private data. Also, ask for encryption details from the VPN service provider to confirm that your activities won’t be intercepted.
From SSL certificates to VPN, we have covered it all up, but the fact remains that there is a lot more you need to watch out for a while working from home. At all times, avoid using public WiFi networks, insecure websites without an SSL certificate, and weak passwords. Also, make it a point to use an updated Operating System, Antivirus, and Firewall to keep your computer safe. With these measures in place, you can prevent security breaches while working from home and keep your company’s private network secure.