The world is experiencing an unexpected yet enormous crisis. The novel coronavirus (COVID-19) has disrupted the entire world from the service sector to information technologies. This unprecedented event forces every business and every employee to shift their work style. Currently, remote working has become the new normal business. But this work style comes with a price and that is cybersecurity.
Cybersecurity gained more importance than ever as COVID-19 continues to spread across the globe. Since employees started to work remotely, companies are trying to adjust their systems to new working conditions. In addition to business, even schools are using different tools to continue education.
Not only companies or schools, but also governments implement various methods related to remote work.
New COVID-19 Related Cybersecurity Threats
As COVID-19 continues to spread around the world, cyber security threats and cyber security issues related to this new pandemic are increasing. Different international organisations and institutions such as Interpol and the Council of Europe have published important documents to inform the users about these threats.
Giant companies like Google and Whatsapp announced new remote video conference systems.
Open source systems like Jitsi become more popular.
Debate about privacy have started due to usage of remote conferance systems.
For example, there has been an on-going debate about the video conference application called Zoom. There are claims that the program is collecting information, data, video recording and audio recording without the user consent. People all over the world are following the news about Covid-19 (corona). There are lots world covid-19 virus map websites on the Internet. And new mobile applications are publishing in every application markets about Covid-19.
And, as you can imagine, there are lots of fake websites, news and application to spread malware.
Some of the increasing COVID-19 related cybersecurity threats are as follows:
- Phishing: with the increasing demand to learn more about COVID-19, people are looking for more online information. Attackers are now using this desire to lure their victims. Attackers might use domain names similar to official COVID-19 websites to get hold of the user information.
- Ransomware: the increasing number of remote workers has led attackers to concentrate on ransomware. Employees can download a file with ransomware on their personal computer and the entire system might be encrypted.
- Mobile application: Noteworthy, remarkable harmful mobile applications such as corona virus test, covid-19 map have been published.
- Vulnerability Scans: Malicious people scan services such as RDP, SSH, VPN interface to detect the vulnerability of the companies.
Studies of National CERTs on Covid-19
During the Covid-19 period, companies, government agencies started to use systems (like, VPN, remote management protocols, conference system, etc) that they have never used before. These brought some risks, and national computer emegergency reponse teams - National Certs (National CERTs are generally responsible for cyber securiy issues in like coordination and sharing information in the country) published some reports to inform people and raise awareness.
We categorized these reports as below :
- Phishing: Report containing topics to be careful about phishing.
- Malware: Report containing issues to about malwares (fake zoom conference applications, mobile malware such as covid-19 maps etc.).
- Remote Working: Issues to be considered about cyber security during remote work.
- Online Communication: Issues to be considered when using conference systems.
Here are the links and published dates of cyber security reports about Covid-19 published by the National CERT's of the countries.
| Country | Phising | Malware | Remote Working | Online Comunication |
|---|---|---|---|---|
| USA | Defending Against Covid-19 Cyber Scams | COVID-19 Exploited by Malicious Cyber Actors | Defending Against Covid-19 Cyber Scams(same article) | FBI Releases Guidance on Defending Against VTC Hijacking and Zoom-bombing |
| Canada (they a web page for covid-19 ) | 5 Ways Protect Yourself Covid-19 Scams | Covid-19 And Malicious Websites | VPN | They have a lot of articles. The previous articles also cited. However, we could not find a topic related to online conferences. |
| China | - | - | - | - |
Check Your Vulnerabilities
The basic step to ensure protection and security is to check your system vulnerabilities. As more and more employees are working remotely, the systems are more compromised than ever. Since this seems to be the new normal for doing business, it is important to make sure there are no vulnerabilities against a hacker. Some of the things you can do to check your system security are as follows:
- Detect all vulnerabilities in your system before setting up a remote working environment.
- Handle these identified vulnerabilities.
- Try to make regular system checks (hardening) to minimise your risk exposure rate.
- Try to make regular system vulnerability scans. You can do this with using our vulnerability scanning tools.
- Make sure to download any apps or files from trusted sources.
- Increase your security measures to get full coverage across your system.
Information safety has always been important. But with changing work and education systems both companies and individuals need to pay attention to their system security. With regular security tests, penetration tests and vulnerability checks, it is possible to have a security system during COVID-19 times.
control security posture