Coronavirus: Cyber crimes to look out for

How cyber criminals are exploiting the Coronavirus crisis

Malware and spam attacks

European countries have already come under sustained attack from cyber criminals sending out malicious Coronavirus-related emails, many containing malware in documents and other files supposedly connected to Coronavirus. The UK has been the hardest hit European country, receiving almost a third of these malicious emails, according to a report by cyber security company Trend Micro.

Cyber threats to look out for:

Here are two examples of malicious emails, variants of which many organisations have received. Clicking on the linked or attached documents results in the recipients’ computers becoming infected with malware which may include key loggers, software which steals login credentials or ransomware.

• Fake health advice:

Dear sir or madam,

The NHS continues to monitor an outbreak of a 2019 novel coronavirus ("019-nCoV) in Wuhan City, Hubei Province, China that began in December 2019. The NHS has established an Incident Management System to coordinate a domestic and international public health response

Updated list of new cases around your city are available at [malicious link]

You are advised to go through the cases immediately for safety hazard

• Fake company directives:

All,

Due to the coronavirus outbreak, [company or charity name] is actively taking safety precautions by instituting a Communicable Disease Management Policy. We require all employees to download, read and acknowledge before [date].

[Malicious link]

What you can do to protect yourself:

• Ensure that your computer has effective anti-malware software from a reputable vendor installed. This will be able to detect many, but not all, malicious attachments or malicious links in emails.

Examples of highly rated anti-malware software include Symantec Endpoint Protection, Avast Free Antivirus, Bitdefender Internet Security, and Eset NOD32 Antivirus

• Never click on a link, open an attachment, or download anything based on information your receive from an unexpected email.

Social engineering and phishing attacks

Social engineering usually involves calling members of an organisation’s staff and tricking them into revealing information such as a username and password. They often do this by pretending to be "someone from IT."

In the current circumstances, it is likely that social engineering attacks will be more successful than normal because so many parts of working life have changed. That means that an unexpected call from the IT department asking for your password "so that they can make your network connection faster" may not arouse suspicion.

Phishing attacks follow similar lines but they are communicated by email. A typical Coronavirus phishing email may purport to come from IT staff and ask the user to submit their username and passwords for email or other systems on a linked web page. Some spurious reason will likely be given, such as that with so many people working from home the IT department needs a complete list of usernames and passwords to facilitate the introduction of some new cyber security software.

Another phishing email currently doing the rounds purports to be from John Hopkins University, offering a free Coronavirus threat map to download. The map, which is based on a genuine one made by the university, contains malware which will infect the computer of anyone who downloads it.

What you can do to protect yourself:

• Never act on instructions from an unexpected phone call without verifying that the person is who they claim to be.
  
  
• Be suspicious of any emails which contain:
  
  
• Requests for personal info
• Odd email addresses or links
• Spelling mistakes or bad grammar
• Generic greetings like dear sir or madam
• Messages that have a sense of urgency and require you to act quickly rather than think rationally

Malicious logins

With staff working from home, many organisations are seeing people logging in to the company systems in far higher numbers than normal, from locations and devices that have never done so before. That means that cyber security systems which flag when new users or new devices log on to these systems from previously unknown IP addresses are no longer effective, especially for the first few days or weeks.

That makes it far easier for a cyber criminal who has guessed a staff member’s login credentials, or who has managed to acquire them through social engineering or phishing, to log on to the network undetected.

What you can do to protect yourself:

• Ensure that your passwords are long and not easily guessable
• Change any that you think you may have revealed it to someone after a malicious email, phishing, or social engineering attack.

Perhaps the best advice in these difficult times comes from Tom Pendergast, Chief Learning Officer at cyber security training company MediaPro, in a Security Magazine report. "That sceptical turn of thought is one we all need to apply with special urgency these days: if you can’t be absolutely sure a request for help or even a request to click a link is legitimate, the best thing to do is to keep scrolling, turn away, or delete it."