Unfortunately criminals are now using the chaos created by the coronavirus to launch incessant cyber-attacks, phishing, ransomware and scams.
According to multiple reports, cybercriminals are now creating and putting out thousands of coronavirus-related websites on a daily basis.
Most of these sites are being used to host phishing attacks, distribute malware-laced files, or for financial fraud, for tricking users into paying for fake COVID-19 cures, supplements, or vaccines.
While some sheepish coronavirus email scam campaigns started making their presence felt online in early February, things have now reached their peak.
Malware gangs are now regularly using coronavirus email lures to trick users into downloading malware, and even state-sponsored hacking groups have jumped on the trend and adopted similar tactics.
But as the coronavirus pandemic slowly spreads from the few countries it initially affected, the entire world is also becoming more entranced with the topic.
This gives cybercriminals more ample opportunities to trick users into either downloading and installing malware or purchasing fake products.
Over the course of the last week, several security researchers have noted a spike in the number of coronavirus-related domains, with attacks growing in conjunction with the disease's spread.
From tens a day in February, there are now thousands of new domains popping up daily, containing terms like coronavirus, covid, pandemic, virus, or vaccine.
RIiskIQ company is now publishing new lists of coronavirus-related malicious domains on a daily basis, and the numbers are absolutely staggering.
For example, RiskIQ saw more than 13,500 suspicious domains on Sunday, March 15; more than 35,000 domains the next day; and more than 17,000 domains the day after that.
But the coronavirus malware and scam campaigns aren't only targeting desktop users. Mobile users are just as affected.
The most notable of all campaigns targeting Android users is a ransomware strain that locks user devices after users install a Coronavirus tracker app.
So what can you do to protect yourself ?
1. Use a VPN to connect yourself to internet while working remotely, if not already provided by your company. Ensure you use WPA2 encryption on your private wifi.
2. Don't open email links or attached files from someone you don’t know
3. Report incident to your CISO and to the Canadian Center for Cyber Security
4. Verify your sources, don’t risk to download a malicious app
5. Do not participate in telephone surveys
6. Do not give out personal information, computer or network information
7. Do not follow any instructions from unverified personnel
8. Always confirm sensitive operations through second layer of authorization
9. Use only approved and procured software, don’t surf on doubtful websites, Don’t allow your children on your professional laptop.
10. Stay grounded.
Comentários