Hackers are preying on fears of Covid-19, say cyber security experts
Even as Covid-19 pandemic has affected more than 300,000 people around the world, cyber criminals are looking to prey on fears and access users' private information. Since the outbreak of the pandemic, security firms have discovered various Covid-19 related scams.
Scamsters are also impersonating organizations such as World Health Organization to scam individuals and even enterprises. Saurabh Saxena, Country Director - India, Micro Focus revealed a well-known organization in India last week received an email in the name of WHO that was apparently a ransomware variant - Locky.
"Another malware, LokiBot was widely distributed through phishing emails on COVID-19 across Indonesia. It may sound disturbing, but hackers have also invented a technique to steal data by tweaking the brightness of the system. In a recent paper published by the researchers from the Ben-Gurion University of the Negrev, Israel has demonstrated how Air-gapped computers can be exploited to retrieve data by simply meddling with the brightness of the monitor by a percentage that will usually go unnoticed," he said.
The trend of work from home or remotely has also become a big pain point for the organisations. Home Wi-Fi networks are generally easy targets for cyber criminals compared to more secure internet infrastructure in offices.
"Without a private internet connection, remote users requiring access to critical systems must rely on a combination of VPNs, MFA and remote access control solutions in order to authenticate and access what they need. Traditional enterprise identity management systems and access control solutions, for example, are typically designed to authenticate company employees and corporate-owned devices in controlled environments. Unfortunately, they are no longer well suited for securing third-party staff and external devices, particularly those that are still running on Windows 7, which are likely to be more vulnerable to security risks after Microsoft ended its support for the system earlier this year," Rohan Vaidya, Director of Sales, CyberArk India said.
"Businesses must consider privileged access security, which provides greater visibility of - and control over - remote access to enterprise networks, as more and more employees work remotely. Privileged access management employs biometrics, zero trust and just-in-time provisioning to reliably authenticate remote vendor access to the most sensitive parts of the corporate network. In the current environment, where endpoint devices have disparate levels of security and the office environment can be a café, car or home office, cyber security needs to match the flexibility of modern working to best ensure business continuity," he added.
In the last few weeks, security research firms have discovered some unique ways hackers have figured to target users. Earlier this month, security researcher from Reason Labs, Shai Alfasi discovered hackers are using coronavirus tracker maps to steal users' information. The trackers have become quite popular on the web with increasing number of coronavirus affected people across the world. For instance, Microsoft also offers a coronavirus tracker powered by Bing.
Security research firm Check Point last week revealed hackers were using "COVID-19"discount codes to sell malware and hacking tools on the dark net.