Be wary of emails, instant messages, and links related to COVID-19. Cyber criminals are leveraging this topic. Do not click on that garbage unless you know it is coming from a legitimate source!
Typically, cyber criminals leverage a hot news topic (like COVID-19), target a susceptible audience (like people who are worried about COVID-19), and let loose with multiple, massive campaigns. What this means for you is that you should expect emails, social media messages, phone calls, and texts with malicious content related to COVID-19. Please be very careful about opening those messages, clicking on links, answering these calls, or downloading attachments. Criminals will pose as your friends, your HR department, the CDC, etc.
From a cyber risk perspective, this means that the threat landscape is shifting dramatically. There is a wave of new teleworkers hitting internet infrastructure. Cyber criminals will actively look for ways to take advantage of these teleworkers in order to gain access to otherwise secure company networks. In addition, industry sectors which are disproportionately hit by COVID-19 will become softer targets for cyber criminals.
On the flip side I can assure you that the cybersecurity industry is actively working this problem. It is at the forefront of our concerns. Unfortunately, we are playing a numbers game. While cyber defenders may be able to block 99.99% of all the cyber crime campaigns related to COVID-19, the 0.01% that get through are still going to land on your laptops or smartphones. In other words, despite very impressive work by cyber defenders, there will be companies where the cyber criminals succeed. I suspect many of those “successes” will occur within industry sectors which are getting disproportionately hit by COVID-19.
As someone who works within a team that builds and evaluates cyber risk models, I am actively monitoring the industry sectors which are getting disproportionately hit by COVID-19: the Health Care, Financial, Government, Transportation, and Telecommunications sectors to name a few. Risk models, time series analysis, massive data sets, and hard core mathematics are the tools of our trade. Cyber criminals are the targets.
Ironically, I will now provide you with a COVID-19 related link. My colleague Frank Smith wrote a short blog article about working from home and increases in cyber risk.
A member of the FCC renewed urgency calls on Apple and Google to remove TikTok from their app stores, raising concerns that TikTok’s Chinese-based parent company is collecting user data that is being accessed in China.
What Wicked Webs We Un-weave: Wizard Spider once again proving it isn’t you, it isn’t me; we search for things that you can’t see Authored by: Matt Stafford and Sherman Smith Executive summary: In late January 2022, Prevailion’s Adversarial Counterintelligence Team (PACT) identified extensive phishing activity designed to harvest credentials for Naver. Naver is a […]