Lakeside House, Quarry Lane, Chichester PO19 8NY
hello@lms.group

How hackers are exploiting the coronavirus

As with any serious national or international news, hackers have already started trying to exploit the coronavirus in order to make a ‘quick buck’, distribute malware and instil a false sense of fear in the general public.

While businesses all across the UK have started working from home, many of them have not implemented a good level of security prior to sending their staff home. Never ones to miss out on such a great opportunity, hackers have scaled-up their efforts to spread malicious software through COVID-19 themed emails, apps, websites and social medias.

Here are 5 of the ways that cyber criminals are exploiting the COVID-19 outbreak and how you can avoid falling victim to their attempted crimes:

1. Phishing emails

Emails have always been, and will most likely continue being, the largest threat to modern businesses. Cyber criminals have long used serious world events to increase their hit rate on phishing campaigns.

A report from Digital Shadows has shown that dark web markets are selling COVID-19 phishing kits of varying complexity for between $200 and $700. These include malicious email attachments disguised as a map that shows the spread of coronavirus, as well as website templates to capture user details.

To avoid falling victim to one of these attacks, there are a few steps that you should follow. At the very least, you need to implement inbound email filtering software, this scans any emails coming into the business for malicious content. The next thing you need to roll out is a reliable antivirus system. We highly recommend Webroot EDR.

The most important step you can take is staff training. As your staff are the last line of defence between your business and any malicious files, it is imperative that they are able to spot the difference between legitimate mail and ‘dodgy’ emails.

The use of Multi-Factor Authentication (MFA) will also prevent any third party from logging into your accounts. MFA is the process of approving a device to log in to one of your accounts by entering a unique, one-time passcode after entering your password. Which means that if a hacker extracts your username and password, you will still be protected as they will not be permitted to login without your code.

Here at LMS Group, we have the tools and experience to protect your users from attempted cyber attacks that come in via email. We also offer industry leading user awareness training that will help your team recognise the many signs of a malicious email.

For more information, feel free to contact us.

2. Malicious apps

Although Apple and Google have heavily limited and started removing any applications from their respective app stores, there is still a chance that malicious COVID-19 applications are still available.

DomainTools uncovers one such software that when installed, infects the device with android-targeting ransomware known as COVIDLock. This ransomware demands $100 in bitcoin within 48 hours of infections or threatens to erase all contacts, pictures, videos and your phones memory.

DomainTools also found out that websites spreading the COVIDLock application were previously used to distribute malicious files relating to ‘adult content’.

To prevent the applications from impacting your business, you should look into Microsoft EMS to implement Mobile Device Management (MDM). This will help to keep your business data secure on personally owned devices.

Once again, user training will play a massive part in preventing the spread of this kind of attack.

3. Bad domains

Popular with any event or news around the world, a large quantity of new websites have been created in relation to COVID-19. Many of which are not malicious and are created to raise awareness around the severity of the outbreak. BUT, there is a vast number of websites created to trick employees into thinking they belong to trustworthy news outlets or organisations.

Some of the more popular ones impersonate the World Health Organisation (WHO) and create similar looking domains, websites and logos in order to put the website visitor at ease. Once you are on one of these websites, they often ask for a username and password for Gmail, Microsoft, AOL, Apple, Facebook etc.

If this data in input, they keep a record of it and the website will not do anything except tell the domain owner that you have submit a form and they can then steal your account information.

Some websites also ask for bitcoin donations to fund the development of a cure, it should come as no surprise that these donations are stolen and do not go towards finding a cure for coronavirus.

I’ve said it before, and I’ll say it again. User training is the most important security measure you can put in place to prevent your employees from falling victim to this kind of attack. As with phishing emails, MFA can be your best friend if you fall victim to a bad domain.

You can also implement a reliable antivirus that pre-scans web pages and blocks access to malicious or untrustworthy domains.

4. Insecure endpoints and end users

An unprecedented amount of businesses are now working remotely, the risk of having insecure endpoints and users have increased exponentially.

With the risk of employees not keeping devices up to date over prolonged periods of time when working from home, comes a higher level of vulnerability to cyber attacks.

There is also a chance that employees will begin to install applications without you knowing because they think office working policies do not apply when working from home.

Needless to say, this can be extremely damaging for your business as a malicious application could be installed without knowing. If your business doesn’t have a robust endpoint detection and response system installed, it is highly likely that any malware or other viruses could go undetected.

5. Vulnerabilities at vendors and third parties

Every partner, customer and service provider in your business’ ecosystem is highly likely to face the same challenges and threats as you. Which in turn, leaves you and your business at risk of cyber attacks.

For example, Dave, your outsourced graphic designer has been working from home and not implemented the recommended security measures he was told about by an IT provider. He is sent a phishing email from ‘Microsoft’ and has been asked to log in. As Dave is untrained and hasn’t got the recommended security measures in place, he falls for it and enters his details.

Now, the hackers have access to his emails, documents and any other files they can get their hands on. From there, the hacker decides to email everyone that Dave is currently doing work for.

He sends your business a fake invoice for £997.42 from Dave’s email address and attaches a document entitled ‘Invoice details’.

This attachment is malicious and installs software on your device, leaving you with a back door into your business’ IT infrastructure. If you are even more unlucky, you haven’t noticed the invoice is fake and you pay it without question.

Now, you have lost £997.42 and also have a security vulnerability, which means the hacker can access your data, without an issue.

To try and avoid this from happening to you, we recommend that you liaise with your third party connections to ensure that, if they are working from home, their security has been taken into account and they have taken steps to remain secure during this time.

Do you need help with your IT security?

Although some of the above recommendations may sound a little difficult to set up, they are actually quite straight forward and can be done without causing interruption to your operations. LMS Group are industry leaders in cyber security and IT support, which means we can implement your new cyber security measures and also provide ongoing support to ensure up-time and minimal interruption to you and your business.

To find out how LMS Group can help your business Thrive Through Technology, please get in contact with us on 0330 088 2565 or by emailing hello@lms.group