Alert for Cyber Risk and COVID-19

Alert for Cyber Risk and COVID-19 - featured image

Be wary of emails, instant messages, and links related to COVID-19. Cyber criminals are leveraging this topic. Do not click on that garbage unless you know it is coming from a legitimate source!

Typically, cyber criminals leverage a hot news topic (like COVID-19), target a susceptible audience (like people who are worried about COVID-19), and let loose with multiple, massive campaigns. What this means for you is that you should expect emails, social media messages, phone calls, and texts with malicious content related to COVID-19. Please be very careful about opening those messages, clicking on links, answering these calls, or downloading attachments. Criminals will pose as your friends, your HR department, the CDC, etc.

From a cyber risk perspective, this means that the threat landscape is shifting dramatically. There is a wave of new teleworkers hitting internet infrastructure. Cyber criminals will actively look for ways to take advantage of these teleworkers in order to gain access to otherwise secure company networks. In addition, industry sectors which are disproportionately hit by COVID-19 will become softer targets for cyber criminals.

On the flip side I can assure you that the cybersecurity industry is actively working this problem. It is at the forefront of our concerns. Unfortunately, we are playing a numbers game. While cyber defenders may be able to block 99.99% of all the cyber crime campaigns related to COVID-19, the 0.01% that get through are still going to land on your laptops or smartphones. In other words, despite very impressive work by cyber defenders, there will be companies where the cyber criminals succeed. I suspect many of those “successes” will occur within industry sectors which are getting disproportionately hit by COVID-19.

As someone who works within a team that builds and evaluates cyber risk models, I am actively monitoring the industry sectors which are getting disproportionately hit by COVID-19: the Health Care, Financial, Government, Transportation, and Telecommunications sectors to name a few. Risk models, time series analysis, massive data sets, and hard core mathematics are the tools of our trade. Cyber criminals are the targets.

Ironically, I will now provide you with a COVID-19 related link. My colleague Frank Smith wrote a short blog article about working from home and increases in cyber risk.

The Latest

Prevailion CEO, Karim Hijazi, discusses China hacking Microsoft Exchange

Hijazi discusses Microsoft hack parallels with SolarWinds and how China and Russia likely execute their cyber campaigns.

Prevailion CEO, Karim Hijazi, discusses China’s attack on Microsoft

See Prevailion CEO, Karim Hijazi, comment on how nation states use proxy groups to compromise organizations through weaker supply chain points.

Prevailion CEO, Karim Hijazi, discusses second Solar Wind hack

See Prevailion CEO, Karim Hijazi, weigh in on a second solar winds hack and how elite hacker groups have likely already compromised many top companies around

Copyright 2021 Prevailion, Inc. All rights reserved.    

Disclaimer: Gartner “Cool Vendors in Security Operations and Threat Intelligence,” Mitchell Schneider, Ruggero Contu, John Watts, Craig Lawson, October 13, 2020. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. Gartner Disclaimer: The GARTNER COOL VENDOR badge is a trademark and service mark of Gartner, Inc. and/or its affiliates and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s Research & Advisory organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.