IMPORTANT INFORMATION FOR ALL WORKING ON-LINE
With the lock-down still in effect, here is some information relating to the COVID-19 pandemic and cyber-crime, and a few pointers to be aware of.
The COVID-19 global pandemic, forcing millions of office workers to become remote workers, has created a “perfect tsunami” for cybercriminals seeking to exploit the crisis and penetrate corporate defenses via unsecured home networks.
Unprecedented digital dependency has created unprecedented vulnerability, and an increase in malicious attempts to exploit the mass shift to online platforms for remote working, with South Africa experiencing a ten-fold spike in network attacks in mid-March when much of the country moved to work from home.
According to these statistics from Kaspersky, affected devices increased from 20,000-30,000 to about 310,000 in the period spanning from 15 – 21 March.
“Southern Africa is seeing an increase in attempts to break into the organizations’ systems to establish control over them, sabotage their work, or access sensitive information,” said Maher Yamout, Senior Security Researcher for the Global Research and Analysis Team at Kaspersky.
A security researcher at Kaspersky, Tatyana Scherbakova, has elaborated on the mechanics of such scams: “We were detecting emails offering products such as masks leading to phishing websites or fake offerings of vaccines since the COVID-16 epidemic started. Yet lately we saw more elaborate spam campaigns that mimic the World Health Organization (WHO). Cyber-criminals recognize the important role WHO has in providing trustworthy information about the corona-virus. Users receive emails allegedly from WHO, which supposedly offer information about safety measures to be taken to avoid infection. Once a user clicks on the link embedded in the email, they are redirected to a phishing website and prompted to share personal information, which ends up in the hands of cyber-criminals. This scam looks more realistic than other examples we have seen lately”.
Some spam emails contain fake information about wondrous vaccines developed for the corona-virus.
The World Economic Forum (WEF) said last week (1 April 2020) that the rise in cyber-criminal activity seeking to exploit the COVID-19 crisis made cybersecurity “critical to collective resilience” in the face of the pandemic’s impact on the global economy.
Inadvertently, risky internet behavior increases with more time spent online. There could be hidden risks in requests for credit card information or the installation of specialized viewing applications. Remember, clicking on the wrong link or expanding your surfing habits, can be extremely dangerous, and costly.
Supposedly “free access” to websites could open the door to attacks and likely malware.
What can you do to stay safe online?
1. Step up your cyber standards (use a Virtual Private Network [VPN] Create a long complex password [min 21 characters] do not reuse an old password)
2. Be Vigilant on verification (Don’t click on links in emails unless you are sure it comes from a reputable source, when installing software, be careful when giving out personal information, verify the source of a URL before you click on it)
3. Update your software (Official updates are essential in patching any weaknesses that may be exploited. Make sure your applications and Microsoft/Mac OS is updated to the latest version)
In addition to using encrypted communication such as a VPN, remote workers should take precautions including:
• Not replying to or clicking on links in phishing emails or messages.
• Be on the alert for COVID-19 scam emails.
• Ignore and delete WhatsApp messages with unknown links (especially from unknown senders).
• Use multi-factor authentication wherever possible.
• Ensure all corporate devices – including mobiles, laptops, and tablets are protected with adequate security software.
• Segregate your devices/life from corporate computers.
• Practice basic cybersecurity rules.
To stay safe, users are advised to:
• carefully study the content of the emails they receive and only trust reliable sources. If you are promised a vaccine for the virus or some magic protective measures, or content of the email is making you worried, it has most likely come from cyber-criminals.
• When downloading files, pay attention to the file extension. Even if you download TV show episodes from a source you consider trusted and legitimate, the file should have a .avi, .mkv or mp4 extension. Do not download the file if it is a .exe.
• Use a reliable security solution for comprehensive protection from a wide range of threats
At this time of unprecedented digital dependency, safe and secure access to online infrastructure is critical. There is a rise in cyber-criminal activity seeking to exploit the current crises. In the first six months of 2019, data breaches exposed 4.1 billion records. What is remarkable, is the fact that 3.2 billion records were exposed by just eight breaches. Emails and passwords were on top of the pile of exposed data.
The average cost of a breach is about USD 3.9 million. The estimated cost of cyber-crime in 2021 is USD .1 trillion worldwide before we were hit with the COVIT-19 pandemic.
A closer examination of major breaches reveals a common theme: In every ‘major headline’ breach, the attack vector has been the common password. The reason is simple: The password is by far the weakest link in cybersecurity today.
In the words of Victor Hugo, (renowned novelist and poet) “No army can withstand the strength of an idea whose time has come.”