Coronavirus attacks are on a roll – as the physical virus rages in the real world, its digital counterpart spreads through the Internet
The numbers are worrying: since the coronavirus took hold in the USA, the FBI has been fielding reports of about 3,000 additional cyber attacks every day. Cyber criminals have already launched more than 140 campaigns involving more than 500,000 e-mail attacks with 200,000 different various malicious attachments related to the pandemic.
Germany’s Federal Office for Information Security (BSI) is also observing a huge increase in “cyber attacks relating to coronavirus aimed at businesses and individuals”. It appears that many more cyber crime campaigns are still currently being prepared. One of the first steps is to establish an Internet presence, for which they need an appropriate domain name. That explains why “the BSI has observed exponential growth in domain name registrations including key words like ‘corona’ or ‘covid’”.
In a current report, European police authority Europol goes so far as to conclude that the criminal repercussions of the COVID-19 pandemic are more pronounced in the area of cyber crime than in any other field of criminal activity. “Phishing and ransomware campaigns are being launched to exploit the current crisis and are expected to continue to increase in scope and scale,” it warns.
Focus on healthcare services
According to Interpol, attackers are currently targeting hospitals, laboratories and other healthcare facilities in particular. They expect aspects of IT security to be neglected on account of the current situation, and are confident that these facilities will be prepared to pay large ransoms because of their vital nature. Attackers are also trying to install malware via phishing e-mails by posing as charity organizations, the WHO and national health authorities.
The fact many companies sent their employees home to work in a ‘home office’ at short notice has enabled cyber gangsters to identify new targets. Providing a secure IT infrastructure for these employees creates new challenges for the companies in question, especially with regard to access to critical company data. For example, employees are given access to customer databases, development plans and corporate knowledge via the Internet, at which point hackers prick up their ears.
At the same time, many employees were frantically issued with laptops so they could work from home. But the security shortcomings of video conferences described in the media are not the only problem: home offices often lack basic security precautions. And that means lucrative targets for hackers, who are increasing their efforts against DSL routers in home wi-fi systems. A current attack scenario exploits new vulnerabilities in routers: hackers manipulate the DNS settings on these devices to redirect users to sources of harmful code when visiting trusted websites. Malware affecting Windows systems is then installed, which steals information from the browser such as form entries, cookies, payment information, locally saved access data, and even text files. This malware can also take screenshots from the targeted computer. Whether other router models are similarly vulnerable is still unclear. Many employees in home offices are unaware that a compromised DSL router can provide control over the entire home network, including the Smart TV, company laptop, and even smartphones. Businesses are therefore well advised to ensure the company IT system can only be accessed via virtual private networks (VPNs).
You will also find news about all aspects of it-sa and the world of IT security in the it-sa Security Newsletter.