Where we see a global crisis, cyber criminals see dollar signs

Data & Tech
6 min

With the global pandemic sparking fear and uncertainty the world over, cyber criminals are rubbing their palms together. Now more than ever, we need to know how to protect ourselves.

There’s a popular quote that is frequently attributed to Sir Winston Churchill: “Never let a good crisis go to waste.” While any substantiated connections between this quote and Churchill are shaky at best, the sentiment is one that has existed in the public consciousness for some time now.

But no matter who the quote is attributed to, whether it’s Churchill in reference to forging an alliance with the Soviets and Americans to usher in an end to WWII, or more recently to Rahm Emanuel, President Obama’s Chief-of-Staff, in reference to the 2008 global financial crisis, the subtext is the same: Never waste the opportunities created by a crisis to take bold measures and project strong, effective leadership for the people who depend on you. 

This sentiment, however, is a double-edged sword. Not only does it apply to leaders looking to make the best of a bad situation, but it also applies to criminals who see an opportunity to take advantage of fear, panic, and scarcity of resources for their own personal gain. With the global pandemic eclipsing nearly every other issue, cyber criminals have had a particularly broad range of ways that they can exploit the crisis. And frankly, no one is safe. Individuals, large corporations, small companies, medical providers, non-profit organizations… Everyone is a target.  

The phrase “knowledge is power” is a cliché for a reason. In today’s context, understanding how cyber criminals are targeting their victims during this world-altering pandemic will help you defend yourself, your loved ones, and your business.

keyboard

Phishing

Phishing is always one of the most common attack vectors for cyber criminals.  To summarize, the process goes like this: 

  1. An attacker sends a fraudulent email while impersonating a legitimate person or organization.
  2. The email contains a malicious file or URL that, when opened on the target’s computer, begins to download and install malware (malicious software).  
  3. Once the malware is installed, attackers secretly gain control of the system and carry out all sorts of nefarious actions.

The difference in today’s climate is not the process, but rather that attackers are preying on the widespread fear and confusion of the pandemic to make their phishing attempts more effective and successful. For example, attackers are impersonating health officials and disguising malicious files as important coronavirus safety information.  

Hospital ransomware

If phishing is the insidious method for gaining unauthorized control over a targeted system, the actions that cyber criminals take next can be much more direct and harmful.  For example, attackers are attacking hospitals and other medical providers with ransomware.  The ransomware process goes like this:

  1. An attacker delivers malware to a target system (e.g. through phishing).
  2. The malware spreads throughout the internal network.
  3. The malware encrypts all of the files on the infected systems, bringing all functionality to a standstill.
  4. The attacker demands a ransom in the form of cryptocurrency in exchange for decrypting the files on the infected systems (hence the term “ransomware”).

The impetus for why criminals are targeting hospitals and other medical providers is particularly cruel. They believe that because functionality of hospitals’ IT networks carries immediate life-or-death consequences, the victims are more likely to quickly pay the ransom so they can return to their normal operations.  

Counterfeit medicines, prevention, & treatment for COVID-19

Cyber criminals are not only taking advantage of unsuspecting victims through purely technical methods like malware. They are also taking advantage of the fear and intense desire among the public to prevent and treat the coronavirus as a means to sell counterfeit medicines and products. These items include everything from counterfeit surgical masks to fake self-testing kits to illicit pharmaceuticals (marketed by the criminals as effective cures or treatment without any basis). 

And the list goes on… 

These are just a handful of the various tactics that cyber criminals are using to prey on unsuspecting victims during the coronavirus pandemic. For example, cyber criminals don’t just need phishing to spread malware; they are able to infect new computers through malicious, fully functional, live coronavirus maps. The many vulnerabilities introduced by countless businesses switching to a work-from-home structure create numerous new opportunities for attackers.  

covid map

What can we do to protect ourselves?

A good start to start was simply reading this article and learning about some of the cyber threats that we face. Knowledge is indeed power, so read on for specific actions you can take to protect yourself. 

Learn to identify phishing

When it comes to protecting ourselves and our companies, the human factor is critical. And that human factor is exactly what attackers are targeting with phishing campaigns. Try this fun yet informative quiz to test your ability to identify phishing emails.

Get information from legitimate, trusted sources

Fake news is clearly a problem in today’s world. And it doesn’t stop just because of the coronavirus pandemic. That’s why it’s so crucial to arm ourselves with the most accurate information. Some of the most reputable and legitimate organizations for coronavirus information include the World Health Organization and the Bill & Melinda Gates Foundation.  

And when it comes to offers of free coronavirus treatments, if it seems too good to be true, it probably is.  

Stay calm

Obviously this is easier said than done, considering all of the completely legitimate reasons to feel scared and anxious. But panic can lead to impulsivity and poor decisions. Keeping a level head throughout all of the coronavirus madness is key to remaining safe both online and in the physical world.  

In the spirit of (maybe, but probably not) Winston Churchill… let’s not waste this crisis. Let’s seize this opportunity to learn how to protect ourselves, our loved ones, and the organizations we’re a part of. 

 

Born and raised in sunny Los Angeles, California, Rob Maxey studied audio engineering and business in his undergrad before ultimately taking a leap of faith and moving halfway across the world to teach English in Madrid, Spain. He is now studying the Master in Cybersecurity at IE School of Human Sciences & Technology.  Beyond being an addictive learner and cybersecurity student, Rob is also a lifelong musician and an enthusiastic world traveler. Connect with him via email at rob.maxey@student.ie.edu or on LinkedIn.