COVID-19 isn’t the only threat we have to prepare ourselves for at the moment. Unlike the virus going around, this particular threat is one we least expect and have no way to physically ward away.
That is, cybersecurity threats. With the spread of the virus in the Philippines, many companies have opted to have employees operate remotely to ensure safety. This works as a good way to avoid coming into contact with the virus, and for the most part, many people have adjusted to the new norm—fraudsters included.
Hackers and fraudsters now have greater opportunity to prey on unsuspecting victims, either for private information or company information. This is a real threat to companies that aren’t technologically prepared for the shift to working remotely, since it’s possible that employees don’t have secured systems at home capable of warding away hacking attempts.
1. Phishing – A common form of hacking, but this time, hackers are taking advantage of the opportunity COVID-19 provides. Phishing may take the form of hyperlinks promising information about the outbreak, or booby-trapped attachments. Many of these attacks are disguised as emails coming from trusted organisations such as the World Health Organisation (WHO) or local health orgs.
2. Brute forcing – This makes use of previously breached username/password combos which hackers run through automation software to try them across billions of websites and apps. Employees using Microsoft Teams, Slack, Zoom and other cloud platforms should be careful about the passwords and usernames in use, especially if they have a history of being hacked. A recent incident on the Zoom app has proved the tenacity hackers have in exploiting vulnerabilities. Educators in Singapore have expressed concerns about the security of the app after a class was interrupted by strangers hacking into the session and doing inappropriate things in front of the students.
3. Malicious smartphone apps – Some hackers are taking advantage of the COVID-19 situation by creating apps that pretend to provide information or track the development of COVID-19. However, in reality, these apps infect devices with ransomware, info-stealers or other malware. If the device is connected to a home network, the malware could infect other devices. One such app is Corona live 1.1, which is the fake version of the Corona Live app. Another app is the Corona Inform app, which places information-thieving malware onto the device to take login credentials, credit card data, cryptocurrency info and more.
4. Friends and family – Individuals with devices already infected with malware have the possibility of infecting other devices connected to the same network, which may spread to similarly connected corporate networks. This makes monitoring cybersecurity difficult because one never knows where the apps of other people come from—whether those apps are official or not. Monitoring the activity of people connected to the same network is a breach of privacy, so it becomes important to be armed with the means to protect private devices and networks. Children are especially vulnerable to downloading malware via unsecured remote learning platforms. It is important to educate others as well as the self about possible threats.
This article is part of the Banker’s Association of the Philippines’ (BAP) #CyberSafe campaign, where the BAP aims to promote awareness in cybersecurity. The campaign will upload new posts tackling common web security questions and issues, on Wednesdays and Sundays every week.
For more content on cybersecurity, visit the BAP Official YouTube channel.