Be wary of emails, instant messages, and links related to COVID-19. Cyber criminals are leveraging this topic. Do not click on that garbage unless you know it is coming from a legitimate source!
Typically, cyber criminals leverage a hot news topic (like COVID-19), target a susceptible audience (like people who are worried about COVID-19), and let loose with multiple, massive campaigns. What this means for you is that you should expect emails, social media messages, phone calls, and texts with malicious content related to COVID-19. Please be very careful about opening those messages, clicking on links, answering these calls, or downloading attachments. Criminals will pose as your friends, your HR department, the CDC, etc.
From a cyber risk perspective, this means that the threat landscape is shifting dramatically. There is a wave of new teleworkers hitting internet infrastructure. Cyber criminals will actively look for ways to take advantage of these teleworkers in order to gain access to otherwise secure company networks. In addition, industry sectors which are disproportionately hit by COVID-19 will become softer targets for cyber criminals.
On the flip side I can assure you that the cybersecurity industry is actively working this problem. It is at the forefront of our concerns. Unfortunately, we are playing a numbers game. While cyber defenders may be able to block 99.99% of all the cyber crime campaigns related to COVID-19, the 0.01% that get through are still going to land on your laptops or smartphones. In other words, despite very impressive work by cyber defenders, there will be companies where the cyber criminals succeed. I suspect many of those “successes” will occur within industry sectors which are getting disproportionately hit by COVID-19.
As someone who works within a team that builds and evaluates cyber risk models, I am actively monitoring the industry sectors which are getting disproportionately hit by COVID-19: the Health Care, Financial, Government, Transportation, and Telecommunications sectors to name a few. Risk models, time series analysis, massive data sets, and hard core mathematics are the tools of our trade. Cyber criminals are the targets.
Ironically, I will now provide you with a COVID-19 related link. My colleague Frank Smith wrote a short blog article about working from home and increases in cyber risk.
Hijazi discusses Microsoft hack parallels with SolarWinds and how China and Russia likely execute their cyber campaigns.
See Prevailion CEO, Karim Hijazi, comment on how nation states use proxy groups to compromise organizations through weaker supply chain points.
See Prevailion CEO, Karim Hijazi, weigh in on a second solar winds hack and how elite hacker groups have likely already compromised many top companies around