Probably I’m the only person thinking more about how to protect her computer instead of her health right now. I don’t know anything about epidemiology or how to slow the spread of the coronavirus, but I do have a lot of ideas about how to take good care of your digital ecosystem at a moment when we’re all increasingly relying on our home devices and networks for work and school.
Obviously, virtual viruses are not our biggest concern at the moment. But the shift to remote work and education, alongside the uncertainty about official guidance and data on the spread of COVID-19, has created a lot of new opportunities for cybercrime at all levels of sophistication and seriousness. Here are some threat vectors to look out for online as you work on washing your hands more and not touching your face.
Already, the spread of the coronavirus has proved to be a fertile opportunity for phishing emails. For instance, in January, Check Point reported on spam campaigns that targeted Japanese and Indonesian recipients, spreading Emotet and Lokibot malware through malicious attachments that claimed to provide information on where the coronavirus was spreading and how to protect against it. Many other related phishing campaigns purport to be critical updates on the coronavirus from senders like the World Health Organization. For instance, Check Point also reported that Italian businesses had been targeted with emails that included infected attachment files and contained the following text (translated from Italian):
Due to the number of cases of coronavirus infection that have been documented in your area, the World Health Organization has prepared a document that includes all the necessary precautions against coronavirus infection.
We strongly recommend that you read the document attached to this message.
With best regards,
Dr. Penelope Marchetti (World Health Organization – Italy)
When people are particularly desperate for information and expert advice, they may be less careful than usual (which was already not terribly careful to begin with!). Emails purporting to distribute that guidance from sources like WHO and the CDC may be especially effective at tricking people to download malware onto their computers. Simply put, you will not be getting WHO or CDC information about the coronavirus via email—and absolutely not, under any circumstances, from email attachments.
You can (and should) visit the websites of organizations like WHO directly to see what guidance they are giving. If your employer or school is sending out updates, you should be careful with those too—don’t automatically assume those emails are coming from legitimate senders. Be especially wary of opening any attachments you were not expecting. Remote work makes it even harder than usual to confirm with people whether they actually sent you a message or attachment, but that’s all the more reason to be especially vigilant.
Emails are not the only risk right now. Reason Labs reported that applications purporting to show the spread of coronavirus were being used to distribute AZORult malware. The malware creates new accounts on infected machines to allow for remote desktop connections that can then be used to steal victims’ browsing history, cookies, passwords and other credentials, and cryptocurrencies. Check Point also found a spike in registrations of domain names linked to COVID-19, with a total of more than 4,000 coronavirus-related domains registered since January. Of those, 3 percent were malicious sites, designed to distribute malware to visitors or support phishing schemes and trick users into making fraudulent purchases (e.g., masks or home tests or hand sanitizer that will never actually arrive). Beyond those clearly malicious websites, another 5 percent of the coronavirus-related domains were deemed “suspicious” by Check Point. In other words, criminals are already building up online infrastructure to take advantage of this crisis. You should expect to see lots of pseudo-legitimate-looking websites and domains that are merely trying to steal your money or infect your computer.
Computer infections right now could lead to many different bad outcomes, especially since many of us are at greater distance from our IT staff than usual. If your computer is infected with ransomware, for instance, you may find yourself unable to continue working remotely.
And if you work for a company with a lot of proprietary information, sensitive customer data, or confidential intellectual property, this is a moment to be on high alert for attempts at corporate espionage.
The influx in the number of remote connections to company servers and networks will make it even more challenging than usual for those firms to identify and flag intruders in their systems. Employees bringing home work devices, data, and prototypes, and connecting them to their residential wireless networks, will only add to those challenges. Ideally, all of that corporate traffic will be run through secure virtual private networks, but it’s unclear whether those VPNs will be able to handle the influx in traffic they are about to face. Other organizations that are less well prepared to conduct operations remotely may find themselves forced to make quick decisions and overlook important security protocols. This appears to have been the case at the interior ministry of Bavaria in Germany, which reportedly started using an insecure online video conference system that did not require any authentication, allowing anyone with the URL to join private government meetings.
The coronavirus pandemic is a stark reminder that our physical hygiene and health measures are tied to those of others—one person not washing their hands, choosing to fly, or going in to work sick can have massive consequences for thousands of other people. That is just as true online, where any individual’s carelessness about what email attachments they download, what links they click on, or whether they bother to connect to a VPN can cause far-reaching damage.