Covid-19 – the cybersecurity wave Organisations have adapted quickly to lockdown and physical distancing measures with remote working technologies, but in the rush to pandemic resilience are we softening our cyber resilience? Covid-19 has provided malicious cyber actors with the opportunity to exploit our fears, with phishing campaigns and ransomware attacks using websites or emails referencing Covid-19 skyrocketing since the start of the pandemic.
Joanna Mathers is a freelance feature writer with years of experience in publishing. She has a particular focus on business and innovation, and also regular writes for New Zealand Herald’s Canvas magazine.
30
Interpol reports that since January, over 2,000 malicious and 40,261 high-risk domains with the words “Covid” or “corona” have been registered. In the same period, over 1,000,000 spam messages linked to Covid-19 have been sent. Opportunistic online criminals thrive in times of panic. While the world is focused on staying alive and protecting families and jobs, cyber criminals are finding ways to twist the situation to their advantage. A click on the wrong email can be devastating. Cyber security practitioners are at the coal face of such threats. Charged with protecting their clients or organisations from attack, they need to be agile. It’s a challenging time, and one likely to hone the skills of practitioners who make their livings preventing cybercrime. A number of active phishing and malware threats are doing the rounds in New Zealand currently. CERT NZ reports that these include: • fake emails urging people to donate to a WHO Covid-19 response fund
• malware embedded into Covid-19 maps • phishing websites that ask for people’s information in exchange for fake Covid-19 updates. Awareness of such threats can mitigate the risks they pose. Phishing filters and anti-spyware should pick up most of the problem emails, but users need to be made aware of the current threats so they can spot trouble before they click. Adrian van Hest is cyber leader for financial services firm PwC. He says that the phrase “Covid-19” is obvious clickbait for malicious actors luring prey. “If you send a lot of these emails out, you are pretty much guaranteed to get a few people affected by your ransomware,” he says. These threats are the most immediate and obvious ways in which online criminals are exploiting the pandemic. But van Hest says that there is a longer-term threat that may play out over the coming weeks and month, and it’s caused by the speed with which we have had to change the way we work. “Organisations have been faced with the challenge of having their entire workforce become remote,” he says. Such companies may have had long-term strategies in place around remote work, but the speed with which the lockdown happened means
June / July 2020
