With the daily increase of COVID19 cases, and more organizations resolving to work from home, COVID19 cybersecurity threats/cases are also on the raise causing major worries and fear across the world. Apart from the COVID19 war that we are currently fighting, another war that is spreading much faster than Covid19 is the cyber related criminal activities. Most countries are not thinking about going to war at this time, countries are dedicated to the fight against the dreadful Corona Virus. Currently the war that is on upsurge is the cyber war! Cyber security is the current security of the world that must be looked into. Since covid19 took a storm in the whole world, cyber-criminal activities have gone up tremendously. Cyber criminals have launched several cyber-crimes related to Corona Virus. These kind of crimes are spreading faster than corona virus with little or no knowledge of it to most IT experts. This has made cybersecurity to be the most widely debated topic in small to large organizations both in private and public.
Threat actor groups are launching Trojans and ransomware under the corona virus scams exploiting the fears around the COVID-19 outbreak supported by disinformation and fake news to distribute malware through malicious links on fake sites trying to sell counterfeit face masks, fake testing kits, fake drugs fake advertisement in the name of compacting the covid19 pandemic which turn out to be traps for phishing and smishing. Cyber attackers are using every opportunity in the pandemic to exploit several vulnerabilities. The most recent cyberattack list range from mobile malware with a number of fake apps claiming to give information about Covid19 containing malware, email phishing, SMS phishing, malicious software, face masks and hand sanitizer scams, covi19 related ad redirects all the way to ransomware attacks. This shows that the most targeted threat vectors are email, cloud applications, the web and social media.
With most of the employees under the order to work from home, this is the most dangerous moment to be online!! It’s a time that individuals and organizations should remain alert to the increased activity relating to COVID-19 cyber threats and take proactive steps to protect themselves.
The threat level caused by these actors has elevated in all industries; Government and media outlets, Medical supplies and manufacturing, Financial services, Healthcare, critical infrastructure, telecommunications, commercial business, supply chain and many more, technically there is no single sector that is left out even at a personal level. We are likely going to see a widespread of disruption on several industries. These attacks are going to increase the already immense pressure on these organizations and services.
An example of the most recent widely known exploitation is on the teleworking infrastructure. With many organizations shifting to work from home using teleconferencing, malicious cyber actors launched an attack on the popular communication platform – ZOOM. Its reported that a number of fake zoom domain sites have been registered impersonating genuine zoom domains leading to a massive number of phishing incidents. There have been an increased number of video conferencing hijacking. With Zoom acknowledging of designing zoom without security thoughts – no end to end encryption, and an increased users for the last few months, reports show that more than half a million zoom accounts are up for sale in the dark web raising a lot of concerns. With most users using the same login credentials everywhere, you can imagine the damage that is impending.
Several companies are rushing to implement several Information technologies by providing laptops to employees, deploying collaborative software to implement VPN in order to access internal tools to allow their employees work from home. These employees are plugged in over private, insecure machines with user accounts that have recently been set up for remote access in their homes making remote login credentials an easy target for attackers which creates a massively large vulnerable pool for exploit. There are going to be issues whereby home infected computers infecting work computers which could cause massive problems to the operational continuity. Several exploits are going to be released into systems without the knowledge of the IT personnel. If organizations are not going to take key considerations in cybersecurity and the dangers that they are exposing their organizational operations, the cyber-criminals are going to cause some substantive damage across all sectors. These criminals can take a whole organization down. They can really break and destroy things. Organizations need to lay down cybersecurity measures rather than relying on trust that don’t verify that their security solutions are working as they should.
With the underfunding of the IT departments and the failure of major sectors both government and corporate to invest in cyber-security department, Many IT personnel are into task to support a number of systems with little or no knowledge on cyber-security. These people are being overwhelmed by a number of issues ranging from simple configurations like DNS which could cause problems with VPN connections used by people working from home. There is a big need of cybersecurity that is always overlooked by several organizations; both private and public. The kind of work done by some IT experts now should be handled with great care and expertise by cybersecurity experts or in collaboration of IT experts and Cybersecurity intellectuals.
Although major Organizations are undergoing tough economic moments, it is advisable to grab the available limited cyber-security personnel who can handle the rising tide of cyber threats for the benefit of their business continuity. The same way health professionals are in high demand is the same way cyber-security personnel is on a very high demand.
In the meantime all sectors are advised to segment vulnerable systems off the internet, deploy firewalls and put their services behind web application firewalls and proxies. IT Individuals should also up their game in securing their own data and devices. They should also follow simple cyber hygiene by making sure their PCs, Macs, Phones are patched and up to date and with healthy malware protection. Home routers and home networks as well must be secure with the help of ISPs.
With most of the employees under the order to work from home, this is the most dangerous moment to be online!! It’s a time that individuals and organizations should remain alert to the increased activity relating to COVID-19 cyber threats and take proactive steps to protect themselves. The actions that are going to be taken now are going to have a great impact or consequence for any organization or sector’s future continuity, growth and progress. Therefore the first step to getting any cyber-security help is to admit that you need help. After admitting that you need help, seek that help and you will surely find it.
Think Cyber Security. Plan cyber security. Implement cybersecurity.
Shadrack is a network engineer and cyber security enthusiast and consultant currently at Jamii Telecommunications Limited (JTL).He is a qualified Cisco Instructor and finds pride in cybersecurity research, optimizing, improving and preventing network security breaches.
As the women of this generation, we are faced with a lot of challenges as…
Earlier today following a twitter update by NTV's regional correspondent Bill Otieno, regarding the fire…
Today (5/29/2020) , fire erupted in the Tsavo East national park. The cause is still…