LETTERS: TECH experts and security firms from all over the world are triggering the alarm over the growing threat of cybercriminals who are actively leveraging fake news, phishing scams and malicious malware under the coronavirus umbrella.
Data from Smart Protection Network shows more than 900,000 threats across email, URLs and files from January to March this year.
The United States, Japan and Germany are the top three countries where users have inadvertently accessed malicious URLs with “covid”, “covid-19”, “coronavirus” or “ncov” in its strings.
According to tech experts, it has been the largest attack they have ever seen set around a single theme.
Alexander Urbelis, a cybersecurity researcher at Blackstone Law Group, reported that a malicious site had been set up to mimic the internal email system of the World Health Organisation (WHO) to steal passwords from staffers to obtain sensitive information relating to the coronavirus.
Experts believe that those behind it are more interested in gathering such information as they would be priceless.
The hackers were unsuccessful but WHO chief information security officer Flavio Aggio warned that hacking attempts against WHO and its partners have increased dramatically over the past months.
Hackers exploit the situation by sending out email that purportedly offer health advice from governments and reputable organisations such as WHO. In reality, they are phishing attacks.
As people are hungry for up-to-date information about the virus, they are more likely to become eager to click on any link that promises them such information without realising the danger.
In a phishing attack, cybercriminals imitate a genuine and certified entity to steal sensitive information and instal malevolent malware on the user’s computer to cause damage.
If your device were to crash as a result, you would no longer be able to use it for browsing or remote working.
We can spot and deal with phishing attacks. A simple way is to check for obvious signs of fake or unofficial email such as poor spelling, grammatical errors and punctuation. This is because most of these emails are generated from outside the country they are sent to.
Also, the National Cyber Security Agency (NACSA) has given examples of the subject lines of phishing emails that cybercriminals use to fool people at this unprecedented time. So if you come across them, do not fall into the trap.
Another recent scam, also under the coronavirus umbrella, involves sextortion via email.
Previously, a sextortion email was sent to potential victims with scammers claiming that the victims have been recorded on video browsing adult sites.
But now, scammers attempt to extort money or get victims to do something against their will by threatening to infect the victim
and their family with Covid-19, besides revealing all of their “dirty secrets”.
The cybercriminals will claim to know the passwords, whereabouts and daily routines of the victim whereby they will be able to infect the whole family with the virus. Extortion demands include US$4,000 (about RM17,500) in bitcoins.
According to experts, a sextortion email often begins with a subject line like “your password is…”, followed by the victim’s password that the cybercriminal has obtained from a data breach. Do not panic. It is just a scare tactic to get you to pay up.
Mark such email as spam as soon as you receive them so that they are automatically blocked in the future before they can even land in your inbox.
Take your time to access the authenticity of all communication prior to following links, opening attachments or taking any action that could compromise the security of sensitive information.
Plus, as many companies adopt work-from-home policies in response to the pandemic, business leaders need to work with their security teams to identify the likely attack vectors. They should be particularly diligent when it comes to reminding the employees of information security issues and best practices.
While our health is now undoubtedly our top priority, maintaining our resilience to cyber-attacks is also vital to avoid unnecessary additional costs and disruptions when we can least afford them.
NURAFIFAH MOHAMMAD SUHAIMI
EMIR RESEARCH
The views expressed in this article are the author’s own and do not necessarily reflect those of the New Straits Times