Interpol has published an article COVID-19 Cyberthreats to discuss threats that have arisen due to the COVID-19 pandemic. Among the types of threats are:
- Malicious domains
- Malware
- and Ransomware
Cybercriminals are taking advantage of the thirst for information on COVID 19 by registering domains with the name COVID-19 and variations of the name. This type of attack is enhanced by the fact that there are many legitimate domains that contain the term COVID-19 with valuable information. The Criminals may even be putting up domains that contain valuable information with COVID-19 to encourage the public to return to the site and recommend the site to other internet users. The risks associated with visiting one of these sites include
The site may ask you to sign up to receive news and updates. When you do this, you are giving a cybercriminal your contact information to send you spam that may contain malicious attachments. You will receive an email from a service you signed up for, you then open the ‘trusted email’ open the attachment to read the latest alert and then you are infected with malware.
The site may ask you to create an account, you then enter your Name, Contact Information create a username and password. This creates a risk because people use the same username and password for multiple accounts. The hackers now have a username and password to try against internet services including but not limited to online banking and online email services. If the hacker has access to your online email service, they can send emails out to all your contacts telling your contact list about the site and recommending that people register for an account on the malicious website spreading the virus exponentially.
The site may have malicious malware embedded in the site and surfing the site may result in malware such as Ransomware being installed on your computer.
There are ways to combat this threat.
You could set up your office with a ‘allowed list’ of domains that users in your practice can visit. This is commonly done with the hardware firewall that comes with your router, and many of the newer routers you can purchase have this feature available. When you use an allowed list, then people inside your organization can ONLY visit domains that are on the allowed list. If the domain is not on your allowed list, people in your office simply can not get to the website. This can be cumbersome to set up and manage but it is a highly effective method of preventing people in your practice from visiting malicious domains.
You could install an antimalware service that integrates with your web browsers and provides a warning when somebody attempts to visit a known malicious domain. This is dependent upon the service you are subscribing to being aware that the domain is malicious. This method is less secure than using an allowed list, but it is much easier to manage.
You can make sure your antimalware is integrated with your email solution to detect malicious attachments and remove them before a user of your network is able to click on the attachment.
Make sure you keep your anti-malware software up to date with new definitions as they are published and that there are regular scans of your systems for any signs of malware.
Finally, one of the best things you can do is make sure all members of your staff are aware that some websites that contain the term COVID-19 are malicious and to avoid visiting web sites that have that in the name, but only visit pages on trusted websites that contain that term. Trusted websites may be from academic institutions that have research information, these will typically end in .edu. Other trusted websites may be government information websites, these will typically end in .gov. In addition, there may be other websites that you know and trust, tell your staff that it is not appropriate to simply surf the web from office computers, but only visit known and trusted websites.
Make sure you have regular backups of all vital systems and that those backups are stored off site. If your backup is attached to your network, then the malware will be able to find the devices that store your backup data and infect those devices also.
Hackers are always looking for new opportunities to infect your computers, and either hold your data for ransom or steal your data. We need to remain vigilant and keep our defenses up to protect the integrity and privacy of all data we may have on our computers.
Read Comments