The world is now facing a global health challenge—the COVID-19 pandemic. International travel has halted, global supply chains have been disrupted, schools have closed, millions are under lockdown, and most employees are now compelled to work from home. Emergent and even insecure technologies are being pushed into service, because the risks of doing nothing are bigger.
As part of efforts to managing the situation, many organizations are encouraging their staff to work from home. Although working from home may not be completely new to some organizations and employees, the coronavirus is forcing them to consider working from home on a greater scale, and for a longer period of time. This presents a range of cyber security challenges, such as: use of insecure personal devices, coronavirus-themed phishing and hacking campaigns, COVID-19 malware sites and scams, increased fake news campaign on COVID-19, surveillance and privacy issues, amongst others.
As more organizations roll out work-from-home policies, implementing processes and technologies to secure employees at home become more challenging for the unprepared organization. Employees working from their home networks and home computers are more susceptible to attack because their systems may not be as secure as the ones protected by the corporate network. Sensitive organizational data will likely find their way to those insecure personal devices. This makes the data more likely to be hacked and stolen. If employees have need to access the office network, they may likely do so insecurely unless off course they have a VPN already set up for remote access.
Fraudsters on the other hand are seizing the opportunity to exploit fears surrounding the spread of the coronavirus in new cyberattacks such as phishing, ransomware campaigns, credential theft, bitcoin and financial fraud, amongst others. In many cases, attacks are based around phishing emails containing links or attachments that claim to contain important information about the virus. Once opened, these infect the PC with malware that can be used to exploit the infected victim. Tricks like business email compromise, where an employee gets a fake email from a senior executive asking him to transfer money to some account, will be more successful especially as everyone is distracted, and so many other things are being done differently.
According to reports, cybercriminals are now creating and putting out thousands of coronavirus-related websites on a daily basis. Malware syndicates are now regularly using coronavirus email lures to trick users into downloading malware, and even state-sponsored hacking groups have jumped on the trend and adopted similar tactics. Most of these sites are being used to sell counterfeit surgical masks; fake self-testing kits, bogus antiviral drugs, host phishing attacks, distribute malware-laced files, or for financial fraud.
Fake news and misinformation peddlers are also having a field day in the heat of the COVID-19 pandemic. An avalanche of fake news, misinformation and hoaxes are being shared widely online as people seek reliable information on the coronavirus crisis. WhatsApp, Facebook, Twitter are some of their favorite tools.
Those social networks and many other big names have recently issued a joint statement on the coronavirus COVID-19 outbreak, promising to fight fraud and curb misinformation shared on their platforms. Signatories include Facebook, Google, LinkedIn, Microsoft, Reddit, Twitter, and YouTube.
Facebook and Twitter have already introduced fact-checking services, WhatsApp recently launched a coronavirus data hub, and is currently testing a crucial feature that will enable people to see whether the forwarded message in their inbox is true or misinformation.
The governments are not left behind. Some governments are now using mass surveillance technologies to track people who may have COVID-19. China, Iran, and Israel are currently leading the way. As the virus rages, pressure will increase to leverage existing corporate surveillance infrastructure for these purposes in other countries.
By deploying a range of intrusive mobile apps and facial recognition cameras, the Chinese authorities were able to identify and track the movement of suspected coronavirus carriers and anyone they come in contact with. Israeli Security Agency have also been authorized to deploy surveillance technology normally reserved for battling terrorists to track coronavirus patients.
All those efforts may seem right in the prevailing circumstance. “Yet if we are not careful, the pandemic might nevertheless mark an important watershed in the history of surveillance. Not only because it might normalize the deployment of mass surveillance tools in countries that have so far rejected them, but even more so because it signifies a dramatic transition from “over the skin” to “under the skin” surveillance”, says Yuval Harari. The decisions people, organizations, and governments take today will undoubtedly shape the world for years to come. The storm will pass, humankind will survive, but until then stay safe, and help keep your network and the cyberspace safe for everyone.