An overwhelming majority of reports are indicating that cyber crime is increasing at an alarming rate. INTERPOL’s COVID-19 Cybercrime Analysis Report shows that cyber criminals are taking advantage of the COVID-19 pandemic to switch their target from small businesses to large corporate and major organisations, as well as government entities. Due to the pandemic, cyber security is as important now more than ever.
With organisations having to install remote working in their companies and with more staff now working from home, the risk of a cyber attack is ever increasing.
Working from Home is Increasing the Risk
With remote working increasing in this pandemic cyber security should be high on every organisations to do list. With the increased vulnerabilities of more employees working from home, employers need to ensure their cyber security systems are both up to date and doing the intended job.
Since COVID-19 made it’s ugly appearance at the start of the year, cyber criminals have taken advantage of the situation and of staff members who are working remotely, perhaps not thinking about cyber security in the same way as they would do in their corporate office jobs.
PwC’s 2021 Global Digital Trust Insights survey of large businesses, reported a 65% increase in cyber security attacks from April to June this year. According to a Webroot study, there has been a 40% increase in devices running unsecured remote desktop protocol (RDP). These insecure machines only make it easier for cyber criminals to take control over the entire device. And according to a report released by cyber security firm Kaspersky, the increase in these brute force attacks have risen by 400% in just March and April this year.
Individual users are similarly being targeted too, with pandemic related cyber security incidents on the rise in the general public. WHO reports more scammers impersonating them, in order to get people to donate funds for COVID-19 donations into a fake account. Phishing scams trying to trick users into giving away personal or secure information have likewise been growing since March. Individuals could be even more likely to click on a phishing link now than before the pandemic, with clickbait words such as ‘covid vaccine’, ‘testing’, and ‘quarantining’.
Claroty recently released a report from 1100 information technology (IT) and operational technology (OT) security professionals, who stated an average rise of 56% in cyber security threats since the pandemic began. As well as this, 70% of organisations reported cyber criminals are using new tactics to target their company. Hacking, identity theft, ransomware, and web application threats are just some that have been most common.
The threats from working from home during this pandemic means cyber security is more vulnerable due to unsecure or weak Wi-Fi networks, more secure data being transferred across unsecure networks and a lack of digital infrastructure.
Organisations are having to quickly react to the changing situation, creating temporary and fast solutions to staff working remotely and often compromising security in the process.
Pandemic Cyber Security Attacks
COVID-19 has given risen to new cyber threats, as well as an increase in malware and ransomware attacks. Here are some of the way’s criminal are taking advantage of poor cyber security in the pandemic:
Spammy coronavirus domains
Since the pandemic began, there has been a huge rise in false domains and spammy accounts related the COVID-19 virus, 90% of which are completely fake. Scam sites have propped up here, there, and everywhere, with everything from fake coronavirus news, vaccines, fake cures, fraudulent donation websites and fake shopping stores selling masks and other medical supplies. These domains will use words with COVID related terms to trick users into giving away details from phishing attacks, malware threats and C2 servers.
Online ‘zoom’ related scams
Webroot reported a staggering 2000% rise in malicious attacks containing the word ‘zoom’. With more and more companies resorting to online video Zoom calls, this is a tempting target for cyber attackers. Zoom login details are being sold over the internet with over 530,000 accounts being sold on the dark web.
Skybox Security 2020 Vulnerability and Threat Trends Report says a 72% rise in ransomware attacks have been documented. Healthcare institutions and other large organisations are being targeted in exchange for ransom. These attacks can be completely disruptive to enterprises.
Phishing attacks have always been a popular method amongst cyber criminals and that has been no exception during the pandemic. Cyber security phishing attacks have been COVID-19 themed, convincing users to part with their personal data. Criminals will impersonate government agencies or health organisations to be even more convincing.
Using pandemic associated wording in order to entice users, cyber criminals will then use disruptive malware to compromise secure networks, using spyware, banking trojans and remote access trojans. Data and money are then able to be stolen.
How Companies Can Protect Themselves
Government and large corporations can help protect themselves from new threats by building secure internal platforms and increasing their cyber security structures.
Review current cyber security
Now’s the time for organisations to really take an in-depth look at their cyber security protection and continuity plans. Do you know what you would do in a cyber attack? Do you have a plan and procedure to follow such an attack? It is a good idea to go over everything, ensure you are fulfilling privacy, government and compliance guidelines and keeping up to date with the latest guidelines for businesses. We all know the saying ‘fail to prepare, then prepare to fail’. Do not let this statement ring true.
Educate staff on procedures
Use this time to educate your staff on your security procedures and on cyber security awareness. This can ensure the opportunity for employees to be tricked into giving away secure information is massively reduced. Make sure they are using two-factor authentication, keeping strong passwords, and updating them regularly.
Use a VPN
Try and implicate employee access to a VPN (Virtual Private Network) which will help safeguard sensitive information when using remote connections. Make sure staff devices have end-point security installed to keep important information safe.
Install cyber protection
Having an extensive and managed cyber protection is the best thing you can do for your organisation. Using an expert cybersecurity firm such as Cube Cyber, can break down the complicated problems for organisations and ensure your company is in the best hands.
For more information on Cube Cyber and how we can help your organisation, please get in contact with us today. We have a wealth of experience and knowledge and help companies of all sizes.