Cyber threats are on the rise as more people work from home during pandemic
Attackers take advantage of new work trends during Covid-19 with phishing scams and authentic-looking emails spreading malware
Cyber threats are growing amid the coronavirus pandemic, with online security experts warning that phishing scams are exploiting heightened fears among consumers and organizations.
Last month, amid rapidly rising Covid-19 infections in Italy, an email that had the appearance of being from the World Health Organisation was sent to more than 10% of Italian organisations. The email, which bore the signature of a fictitious Italian doctor, claimed to have an attached document with guideline precautions against the infection.
In fact, clicking on the document downloaded a Trojan Horse – a type of malware program – that was designed to infiltrate banks.
In February, Japanese organisations suffered a similar attack from emails claiming to offer remedies and health advice for Covid-19.
These are examples of the type of cyberattacks that have been launched in the wake of the global pandemic, according to Check Point, a global cybersecurity firm. More than 16,000 domain names related to Covid-19 have been registered since January, with almost 10% of them of suspicious intent.
“Compared to other domain name registrations, this is double the normal amount,” said Kevin Hau, a Hong Kong-based security specialist at Check Point. “Hackers are definitely trying to leverage on this opportunity.”
A report by IBM in 2019 found that the average cost of a data breach was nearly US$4 million and that the cost was highest in the health care industry. The annual Cost of Data Breach Report reported that the single biggest factor in overall losses was loss of customer trust.
In July 2019, the internet Society’s Online Trust Alliance reported that cyber criminals were getting better at monetizing their activities, with an estimated 2 million cyber incidents in 2018 resulting in US$45 billion in losses.
While phishing – fake emails that lure people into clicking on links which lead to malware – has been a popular method of hacking over the past decade, hackers are getting more sophisticated and better, especially at mimicking emails from health authorities in the current environment, said Davin Teo, a digital forensic expert and Hong Kong managing director of Alvarez & Marsal.
Hackers have even targeted the World Health Organisation by hitting a Covid-19 vaccine-testing facility with ransomware, and baited health care workers with Covid-19 files with malware, according to Ricky Woo, convenor of the cybersecurity Specialist Group of the Hong Kong Computer Society.
The situation is made worse by the volume of people working remotely, said Woo, as employees currently working from home inadvertently create a new layer of vulnerability by switching on compromised devices and applications.
“Cybercriminals are seeking to exploit the pandemic by targeting companies and individuals,” Woo said in an emailed statement.
They recently broke remote services websites such as video conferencing service Zoom, though the scale of financial losses is not immediately available.
The number of Zoom users has climbed to more than 200 million a day, from about 10 million in the US before the pandemic, according to the US-based National Law Review. The company has pledged to tighten security and privacy loopholes after being sued by a shareholder.
The growth of online lending platforms and virtual banks across the region meant that a lot of these companies were forced to increase their cybersecurity hiring in an already tight market, according to Woo.
The range of targets may also grow in this time of remote work and public health fears.
“Unlike traditional attacks, which focused mainly on financial institutions, there is no obvious focus or target in this wave of attacks, and it covers almost all industries,” said Woo.