Cyber criminals could see the current COVID-19 pandemic as an opportunity to take advantage of fear, confusion and changes in workplace behaviour, such as more people working from home.
NZI Cyber Manager, Andrew Beven, says businesses need to be extra careful, particularly with all the communication and information flowing on a variety of emails and websites:
“While our mutual customers are dealing with the current crisis posed by COVID-19, they need to be extra vigilant in relation to their cyber security. With their employees working from home in such a great scale, they need to ensure that all processes are still adhered to when it comes to remote access to the network. Alongside this, they need to remain aware of unscrupulous people trying to scam the business”.
One of our reinsurers, Munich Re, has communicated some great examples of threats and potential issues for cyber security for businesses that you may wish to share:
- Online frauds related to the offer of medication, protective masks or dubious “services” around COVID-19 recently emerged. Scammers can also often ask for charity donations for studies, doctors, or victims that have been affected by COVID-19.
- Messages are being circulated by cyber criminals via e-mail or social platforms allegedly offering help and hints for dealing with the pandemic. Some already observed cases claim to originate from the Centres for Disease Control and Prevention (CDC), or the World Health Organization (WHO), and provide “new” or “updated” list of cases of COVID-19 infections in one’s area. The messages contain malicious phishing links or dangerous attachments.
- Computer attacks are being run through websites such as real-time pandemic cards that distribute malware. Visiting these malicious sites, especially with outdated web browsers, such as Edge, Firefox, or Chrome could be enough to infect a system.
- Text message scams: Texts containing a link that claims to direct people to testing facilities. This link is not legitimate, and it may install malicious software on your device that’s designed to steal your personal information, such as banking details.
- Fake coronavirus maps: There’s a new campaign where the attackers claim to have a ‘coronavirus map’ application that people can download onto their devices. Instead, the application is malware, designed to steal sensitive information from the device it is downloaded onto, such as passwords.
- Remote Access Protection: Security controls like access management systems or VPN gateways may be bypassed and that could decrease the company’s security level.
