Blog

Blog

Beware of cyber criminals exploiting COVID-19 pandemic

By: C Spire on Apr 11, 2020 8:31:00 AM

shutterstock_680075008Cyber criminals are exploiting the COVID-19 pandemic for commercial gain using a variety of ransomware and phishing attacks. The CISA issued an activity alert titled COVID-19 Exploited by Malicious Cyber Actors. According to the alert, the most common threats include:

  • Phishing, using the subject of coronavirus or COVID-19 as a lure
  • Malware distribution, using coronavirus or coronavirus-themed lures
  • Registration of new domain names containing wording related to coronavirus or COVID-19
  • Attacks against deployed remote access and teleworking infrastructure.

These attacks rely on basic social engineering methods to entice a person to carry out a specific action. C Spire CISO Conrad Bell warns that the cyber criminals are taking advantage of curiosity and concern around the COVID-19 pandemic. He points to the CISA alert's warning, saying that the criminals want victims to:

  • Click on a link or download an app that may lead to a phishing website, or the downloading of malware, including ransomware.

For example, a seemingly informative Android app claims to provide a real-time coronavirus outbreak tracker but instead attempts to trick the user into providing administrative access to install "CovidLock" ransomware on their device. 

  • Open a file (such as an email attachment) that contains malware.

For example, email subject lines contain COVID-19 phrases such as “Coronavirus Update” or “2019-nCov: Coronavirus outbreak in your city (Emergency)”

The CISA alter says that, in order to create an impression of authenticity, cyber criminals may spoof sender information in an email to make it appear as if it came from a trustworthy source, such as the World Health Organization (WHO), an individual with “Dr.” in their title, or even an executive from within your company leadership team.   

Conrad says the first line of defense against phishing is to be aware and cautious. If you receive a suspected phishing email message, here’s what to do:

  • Do not respond to it, Report it to your IT Team, and delete it. 
  • Approach links in email messages with caution.
  • Approach images in e-mail with caution.
  • Approach attachments in email messages with caution
  • Don't trust offers that seem too good to be true.
  • Don't share personal or financial information

Get the latest news and IT tips from C Spire Business by following us on Facebook, Twitter and LinkedIn.

READ NEXT: Learn how to spot a phishing attack.

 

Topics: cybersecurity, Working Remotely


C Spire Business is a privately-held telecommunications and technology company driven to deliver the best experiences in wireless, fiber internet, and business IT solutions such as internet, VoIP, cloud and managed services. Read more news releases and announcements at cspire.com/news. For more information, visit cspire.com or find us on Facebook, Twitter or Instagram.

The information contained in this site is provided for informational purposes only, and should not be construed as legal advice on any subject matter.

Sign up for our monthly newsletter.

For the latest in technology trends, industry news, and C Spire updates.