The coronavirus pandemic continues to sweep the globe, and cities and states impose social-distancing measures, businesses are sending their users home to work. And this massive, unprecedented shift to distance working brings with it a whole new set of cybersecurity challenges.

For instance, a lack of IT resources can bite many organizations as they move to enable remote strategies. And when workers and students are sent outside the normal perimeter, managing device sprawl, and patching and securing hundreds of thousands of endpoints, becomes a much a bigger challenge.

After extensive analysis of past ransomware attacks during global epidemics and current phishing campaigns leveraging the coronavirus, threat actors will eventually begin using ransomware against victims they infect with the varieties of malware. The cybercrime groups behind two of the most prolific ransomware threats have issued statements that they will not attack healthcare and medical targets during the COVID-19 crisis.

Large corporations at risk:

These attacks will focus primarily on large corporations, which rely on markets and supply chains originating in China and other coronavirus-affected regions.

Personnel at these organizations have heightened interest in news and developments related to the virus, potentially making them more susceptible to social engineering that tricks them into clicking on malicious links.

Clicking on malicious links is necessary to execute the attacker’s malware, which opens the door for ransomware infection. Ransomware takes over and blocks access to computer systems until victims pay a sum of money.

The campaign ultimately gives attackers total access to the target machine. The threat actors behind this campaign are posting malware embedded inside various hacking tools and cracks for those tools on several websites. Once the files are downloaded and opened, the attackers are able to completely take over the victim’s machine.

• The COVID-19 pandemic poses the risk of increased cyberattacks.
• Hackers are targeting people’s increased dependence on digital tools.
• Strategies to maintain cybersecurity include maintaining good cyber hygiene, verifying sources and staying up-to-date on official updates.

As the coronavirus pandemic continues to disrupt global health, economic, political and social systems, there’s another unseen threat rising in the digital space: the risk of cyberattacks that prey on our increased reliance on digital tools and the uncertainty of the crisis.

Some cybersecurity measures matter more than ever.

1. Digital infrastructure raises the cost of failure due to dependency. Businesses and public-sector organizations are increasingly offering or enforcing “work from home” policies and social interactions are rapidly becoming confined to video calls, social media posts and chat programs. A cyberattack that deprives organizations or families of access to their devices, data or the internet could be devastating and even deadly: In a worst-case scenario, broad-based cyberattacks could cause widespread infrastructure failures that take entire communities or cities offline, obstructing healthcare providers, public systems and networks.
2. Cybercriminals exploit human weakness to penetrate systemic defenses. In a crisis situation, particularly if prolonged, people tend to make mistakes they would not have made otherwise. Online, making a mistake in terms of which link you click on or who you trust with your data can cost you dearly. Cybercriminals are extremely creative in devising new ways to exploit users and technology to access passwords, networks, and data, often capitalizing on popular topics and trends to tempt users into unsafe online behavior.

How to Mitigate Cybersecurity Risks?

COVID-19 pandemic requires changing our social habits and routines to impede infection rates, a change in our online behavior can help maintain high levels of cybersecurity.

• Step up your cyber hygiene standards with time to review your digital hygiene habits. Check that you have a long, complex router password for your home Wi-Fi and that system firewalls are active on your router. Ensure you’re not reusing passwords across the web (a password manager is a great investment), and use a reliable VPN for internet access wherever possible.
• We have to be more careful than usual when installing software and giving out any personal information. Don’t click on suspicious links from email. When signing up for new services, verify the source of every URL and ensure the programs or apps you install from a trusted source. Digital viruses spread much like physical ones, our potential mistakes online could very well contaminate others in your organization, an address book or the wider community.
• It’s time to pay more attention to trusted sources of data while on the spread and impact of COVID-19, be sure to update your system software and applications regularly to patch any weaknesses that may be exploited.
• Employers should launch targeted internal communications campaigns to increase employee awareness around COVID-19 phishing and reporting of suspicious emails. Security teams should investigate threats and offer support to employees who have received emails.

Standard anti-phishing and malware advice should be followed such as the use of up-to-date antivirus to quarantine suspicious files, restrictions on web-based content, and network intrusion prevention systems to remove attachments and block activity.