There have recently been reported cyber crime incidents related to Coronavirus. Also, given that some organisations are choosing to take certain precautions, we believe it’s warranted to discuss a few potential cyber security considerations around some of those precautions.
Below we discuss some cyber threats, both reported and potential, related to COVID-19.
Increase in themed phishing attempts
Since February 2020, the National Fraud Intelligence Bureau (NFIB) has identified 21 reports of fraud where Coronavirus was mentioned, with victim losses totaling over £800k. NFIB have also received multiple reports about coronavirus-themed phishing emails attempting to trick people into opening malicious attachments or revealing sensitive personal and financial information.
One common tactic used by fraudsters is to contact potential victims over email purporting to be from research organisation’s affiliated with the Centers for Disease Control and Prevention (CDC) and the World Health Organisation (WHO).
They claim to be able to provide the recipient with a list of coronavirus infected people in their area. In order to access this information, the victim needs to click on a link, which leads to a malicious website, or is asked to make a payment in Bitcoin.
Reporting numbers are expected to rise as the virus continues to spread across the world.
It’s important that employees are aware that attackers are attempting to exploit people’s concern around the virus. To ensure that your organisation is employing all of the necessary steps it can do to reduce the impact of phishing, see the NCSC guide at https://www.ncsc.gov.uk/guidance/phishing
Increasingly some organisations are encouraging employees to work remotely, so if applicable it may be worth starting those conversations now (if they haven’t already) about reinforcing security advice around remote working.
Below are a few security resources/considerations around flexible/remote working:
It’s important that security is integrated with not only technical solutions but the communications being sent internally and externally. Where possible, any releases/bulletins/company blogs should mention the need to stay aware of security responsibilities.
Employees should be reminded about connecting to work resources securely. Communications should cover things like how to use Wi-Fi securely, tethering devices, which file-sharing services are permitted and how, use of corporate VPNs etc.
If you are likely to be affected by an uptake in remote working, consider reviewing your organisation’s resources, policies, and procedures to see that the relevant aspects are fit for purpose, and that they are clearly communicated to all staff members.
Removing work equipment from the work environment results in risk, including theft/loss of devices and damage. Ensure that employees are aware of the need to keep devices secure and protected for extended periods of time.
Remote Desktop Protocol (RDP)
RDP vulnerabilities are being commonly exploited in a large number of cases, so ensure that you are doing everything you can to secure against associated threats. This includes reviewing port security, access controls, defending against brute force attacks through strong authentication. More guidance can be found via NCSC at https://www.ncsc.gov.uk/section/advice-guidance/all-topics
If you have been a victim of a cyber crime, please report the incident to Action Fraud. For live incidents, you can make use of Action Fraud’s 24/7 reporting function through phone at 0300 123 2040. More information can be found at https://www.actionfraud.police.uk/campaign/24-7-live-cyber-reporting-for-businesses
Reporting is incredibly important, as it helps build intelligence for law enforcement which is vital to investigations, as well as informational campaigns.