Many measures have been taken by governments and institutions to control the COVID-19 outbreak, also known as "coronavirus". Education at schools was interrupted, events and meetings were canceled, and home office system was introduced. Cyber security risks have increased as a result of precautions taken for public health. The European Central Bank recently issued a statement documenting that banks have increased their cyber crime initiatives. Coronavirus created an opportunity for malicious hackers. We will talk about cyber security risks and measures that can be taken during this process.
As of Monday, March 16, cyber-attacks on individuals and institutions have increased significantly. According to the officials, the increasing attacks with the outbreak can be grouped into 2 types: attacks targeting the individual, attacks targeting institutions.
E-mails that look like research is an example of individual attack. The personal information of thousands of people who responded to the mails sent in the form of COVID-19 outbreak investigations or only opened the mail was stolen by malicious hackers. The main targeted attacks are mainly in those five countries: Spain, Portugal, the Czech Republic, Malaysia and Germany. It was pointed out that victims of identity theft may increase even more; if necessary information and measures are not taken. Proofpoint, a cyber security company announced that the threat posed by COVID-19 outbreaks has unprecedented quality to date.
Another example of individual targeted attacks are seizing bank accounts of philanthropists. In addition to similar outbreaks, COVID-19 threatens not only our health but also our economy. Aware of this situation, attackers collect unrealistic donations to help victims of the pandemia. These mails are prepared to claim that they have received the support of well-known institutions such as Global Giving and UNICEF. Mails are sent with a QR code and people are able to make the payment online. With this method, thieves access the bank accounts, card information of philanthropists who want to help, and reveal unbelievable thefts.
Attack threats aren't just on our social media or emails. Mobile applications that we downloaded onto our phones without research have been a threat for a long time. The threat posed by apps is not only available today. However, there are also pirates attacking, using the curiosity of users who want to keep abreast of COVID-19 news around the world. Malicious cookies remain on your phone when you press the links in the applications you download to track the outbreak on your phones, and all your information will be in the hands of the gangs the next time you pay online. Johns Hopkins University is the first source of the application, which shows how many people the pandemia reached in the world map. Now, it is vital to use reliable sources for information, not only for the right information, but also for the protection of your personal data.
The WHO statement made recently to eliminate individual attack threats:
- Verify the sender by checking their email address.
- Check the link before you click.
- Be careful when providing personal information: Always consider why someone wants your information and if it is appropriate. There is no reason someone would need your username & password to access public information.
- Do not rush or feel under pressure: Cyber criminals use emergencies such as 2019-nCov to get people to make decisions quickly. Always take time to think about a request for your personal information, and whether the request is appropriate.
- If you gave sensitive information, don’t panic: If you believe you have given data such as your username or passwords to cyber criminals, immediately change your credentials on each site where you have used them.
- If you see a scam, report it.
In addition to attacks targeting individuals, there are also attacks targeting institutions. There are thousands of institutions that are not accustomed to their employees working from home, compared to companies that previously supported working from home. Today, more people work from home networks than ever before, usually there are fewer security defenses on home networks than in the office. In such a situation, it is a great burden both for IT employees responsible for information security
and for other employees who will conduct their business from home.Cyber security
measures for home office workers:
- PCI Pal research reveals that almost half (47%) of users use the same password on multiple applications, on the site. It is clear that this mistake made for convenience was a major cyber security threat. To create account reliability, you must keep your passwords up to date and create different passwords for different sites.
- Even if you have taken all your personal and corporate measures, be prepared to let your corporate information leak out if the network security you connect to is not provided. You must check that your internet connection at home is safe enough and take the necessary precautions. Creating a complex wireless network password, sharing the password only with the people you trust and changing the password periodically will strengthen your network security.
- In addition to network security, it is vital to use your business computer while working from home. Remember that the information security principles are taken into consideration and necessary precautions are taken while installing and managing the computers provided by your institution. Not doing your personal work on your work computer is also one of the measures that can be taken for cyber security while working remotely.
"This global crisis is the largest cyber security
vulnerability to date." says Lukasz Olejnik, an independent cyber security researcher and consultant who analyzed the digital security risks that result from the outbreak. One of the points that the internet world agrees is that security
measures should be managed more strictly than ever.
- IT employees should review and control remote access loggers, such as VPNs, of remote workers. Early detection of unexpected entries will prevent major damages that may occur.
- It is also vital to manage the meetings of the employees and the sharing of information between each other. Attention should be paid to the environments in which such information is shared. End-to-end encrypted systems should be preferred.
- Once the environments where information is shared are carefully selected and network security is stuck, one more thing remains to be considered: the capture of user accounts. For this reason, it is also important to monitor cyber security to see if an attack was made to crack the passwords, since the passwords of the user accounts have been changed.
Check out our cyber security trainings
to learn more about how to protect your organization's sensitive information from information thieves!
For further information contact us:
+90 212 282 7700