Exploiting fear, uncertainty and doubt: cyber security and COVID-19

COVID-19 RESOURCE HUB  |  Financier Worldwide

CYBER SECURITY & DATA PRIVACY

The proliferation of electronic devices used for communications and data storage in recent years has massively increased the amount of data swilling around cyber space. Such data, including passwords, financial and other personal information, is a prime target for actors with nefarious intent.

According to analysis by KPMG – ‘Identifying & responding to COVID-19 themed cyber threats’, organised crime groups are exploiting the fear, uncertainty and doubt which COVID-19 is bringing to target individuals and businesses in a variety of ways. Indeed, since mid-February, KPMG has seen a rapid escalation in cyber criminals using COVID-19-themed cyber attacks to lure targets to fake websites to collect their data, such as Office 365 credentials.

Examples of campaigns identified by KPMG include: (i) COVID-19 themed phishing emails attaching malicious Microsoft documents which exploit a known Microsoft vulnerability to run malicious code; (ii) COVID-19 themed phishing emails attaching macro-enabled Microsoft Word documents containing health information which trigger the download of Emotet or Trickbot malware; (iii) multiple phishing emails luring target users to fake copies of the Centre for Disease Control (CDC) website which solicit user credentials and passwords; (iv) a selection of phony customer advisories purporting to provide customers with updates on service disruption due to COVID-19 and leading to malware download; (v) phishing emails purporting to come from various government ministries of health or the World Health Organization (WHO) directing precautionary measures, again embedding malware; and (vi) COVID-19 tax rebate phishing lures encouraging recipients to browse to a fake website that collects financial and tax information from unsuspecting users.

“The pandemic has increased the awareness of security while at the same time creating significant privacy risks,” says Mark McGovern, founder of Ravenwill. “When businesses closed their offices and remote working became a common mode, security issues in everyday applications such as Zoom became a common problem. These issues were no longer theoretical. They were real and the press, users and vendors all paid attention to them. That seems like a good thing.”

In contrast, Mr McGovern notes that the pandemic has also created some true privacy problems. “As the need to trace virus exposure grows, society is turning to technology for efficiency and accuracy,” he observes. “A mobile application is far less costly and effective than human interviews in identifying locations or interactions. But these solutions, regardless of the safeguards touted, have a price.

“They enable 24x7 monitoring of individuals, and some of them automatically classify or ‘label’ individuals in a manner that is used to judge their suitability for travel or access,” he continues. “Mitigating the pandemic using these surveillance technologies will have a long-term negative impact on society. It is ‘for the good of society’ is an argument many people use to justify their actions and that argument is harder to counter when the capability has already been deployed.”

KPMG also notes that many cyber attackers have changed their tactics to use COVID-19-related materials on health updates, fake cures, fiscal packages, emergency benefits and supply shortages. However, there are typical giveaways that an email may be suspect. The email may include poor grammar, punctuation and spelling, have an unusual or unexpected design and quality, and not be addressed to you by name (instead using terms such as ‘Dear colleague’, ‘Dear friend’ or ‘Dear customer’). It may also include a veiled threat or a false sense of urgency, and directly solicit your personal or financial information.

While COVID-19 will drive significant changes for individuals and businesses, taking appropriate steps to reduce risk will help ensure that cyber attacks are prevented, as far as possible, from exploiting the fear, uncertainty and doubt that the current pandemic brings.

“The cyber security and privacy sector was growing fast before COVID-19 and will grow as fast or faster after we conquer COVID-19,” believes Mr McGovern. “The pandemic forced instantaneous changes in how consumers and enterprises use technology. These changes will drive enterprises to augment or wholly redesign their systems to accommodate remote work, online B2B commerce, virtual social interactions and distributed teams. Security is a key element in all of these efforts. As a result, I see cyber security and privacy having even more opportunity than before COVID-19.”

© Financier Worldwide

BY

Fraser Tennant

©2001-2024 Financier Worldwide Ltd. All rights reserved. Any statements expressed on this website are understood to be general opinions and should not be relied upon as legal, financial or any other form of professional advice. Opinions expressed do not necessarily represent the views of the authors’ current or previous employers, or clients. The publisher, authors and authors' firms are not responsible for any loss third parties may suffer in connection with information or materials presented on this website, or use of any such information or materials by any third parties.