Just when we thought the disruption from COVID-19 was waning, the world is still experiencing a rash of pandemic-related cyber threats. The findings from a recent report by Bugcrowd called Inside the Mind of a Hacker ’21 Reportreveals that 74 percent of ethical hackers have seen cyber vulnerabilities increase since the onset of COVID-19, and 80 percent have found new vulnerabilities they had not encountered before the pandemic. It’s becoming clear that bad actors are still exploiting COVID-19 as a means to propagate scams, malware, phishing attacks, and other serious threats to individuals and organizations.
Exploiting COVID-19: Cyber Attacks on Vaccine Makers
A recent incident saw hackers from North Korea attempt to steal information from vaccine makers AstraZeneca form the UK, from Johnson & Johnson and Novavax in the U.S., and from South Korean drugmakers working on vaccines or therapeutics, including Celltrion, Genexine, and Shin Poong Pharmaceutical. Some of the hackers used classic phishing attacks, pretending to be colleagues or acquaintances of the target, and sending direct messages to them under fake email accounts with malicious attachments or links that could give hackers access to the individual’s computer.
In other cases, suspected cybercriminals disguised themselves as recruiters from the World Health Organization with fake job descriptions, targeting AstraZeneca employees to gain access to internal computer systems. Yet a third round of hacking campaigns used phishing emails to request quotations from Gavi, a vaccine alliance cold chain equipment optimization platform. The emails contained malicious attachments that once clicked gave access to the hackers to steal user credentials.
Bad Actors Using COVID Domain Names
Other hackers are attempting to exploit web domain names to sell a wide range of fake or illicit pandemic-related goods online. More than 478,000 domain names related to pandemic keywords have been created, and many are believed to be illicit as hackers take advantage of the growth in awareness of COVID to attract web traffic and generate revenue. Some domains have exploited well-known brands in the COVID space, such as Pfizer, Moderna, and Johnson & Johnson to drive traffic to potentially harmful websites or generate revenue from pay-per-click or other ad schemes.
Even more concerning is the appearance of COVID marketplaces being used to sell counterfeit or low-quality medications and products, responding to skyrocketing consumer demand. Other hackers have created phishing campaigns that solicited financial donations to harvest personal information from unsuspecting recipients using malicious software. Yet another cyber scam impersonated health authorities to get people to click on fake coronavirus tracker maps that could infect the user’s computers with malicious code. There seems to be no end to the lengths hackers will go to in order to exploit COVID-19 fears and concerns.
Putting Steps in Place to Mitigate Risk
It may seem like an insurmountable task to manage so many potential threats, especially for healthcare organizations, but many are putting protections in place to mitigate their risk. Four key steps to prevent hackers from exploiting COVID-19 include:
1. Using Good Cyber Hygiene
Much like we remind people to do common sense things like washing hands frequently to reduce the spread of COVID-19, companies can also practice good cyber hygiene. Organizations should make cyber security best practices part of their regular regimen, including having disaster recovery plans in place, backing up critical data, keeping software patches up to date, and using multifactor authentication for all end users on a network.
2. Educating Employees on Cyber Risks
Employees must be shown how to identify and defend against potential social engineering attacks. They should use extreme caution handling emails that show a COVID-19 related subject line, attachment, or hyperlink, and watch out social media or text-based requests for information or donations.
3. Going With Zero Trust
This security concept is particularly relevant in the pandemic era, with so many unexpected threats emerging. Organizations should verify anyone or anything attempting to connect with internal systems before granting access.
4. Covering Every Base
Some organizations may choose to set up makeshift entry points to the network that could short circuit normal security policies, just because it’s the path of least resistance. But it’s never a one-and-done proposition. Every new endpoint should be hardened over time to ensure it is secure after initial implementation.
Build your network security skill-set and beat hackers at their own game with the Certified Ethical Hacking Course. Enroll now!
Skills Are the Still Key to Protecting Against COVID Threats
Of course, cyber security all starts with the IT and security professionals whose job it is to protect networks and information assets from hackers who are exploiting COVID-19. Master’s Programs for Cyber Security Experts are designed to give the most comprehensive cyber security training, from CISSP and CISM qualifications to Certified Ethical Hacker upskilling that reveals exactly how today’s hackers exploit corporate vulnerabilities. No matter what path your organization takes, stay proactive and ensure your cyber security teams are up the never-ending task of keeping your networks secure.