The COVID-19 pandemic has unleashed an array of cyberattacks that threaten the health of our virtual systems, including but not exclusive to those in healthcare, banking and government agencies. Cyber criminals are capitalizing on widespread weaknesses with attack vectors in the form of spam, phishing scams, ransomware and malicious URLs. As the number of infected persons soars, so does the number of cyberattacks, but despite the short-term effects of combating threat actors, in the long term, the world will emerge more secure and better prepared, armed with lessons learned from strategies implemented and tested during the pandemic.
Malicious actors target victims through various tactics and ploys
Hot zones of cyber vulnerability have typically been localized or within a specific organization. While such attacks have disastrous ramifications in their own right, never before has the number of threat vectors been so far-reaching. As the COVID-19 pandemic forces the majority of the global workforce to stay home, employees have had to create makeshift ways of working while longer-term solutions are devised. The surge in the number of individuals working remotely and the strain that places on existing infrastructures is an underlying cause for a large majority of these attacks.
Many corporations and individuals are turning to user-friendly and feature-forward solutions. In particular, Zoom has seen a rampant surge in daily users, from 10 million in December to 200 million in March, as what was once meant for use by businesses is now also being used for daily work life and personal communication. Unfortunately, the company did not have the adequate levels of security infrastructure to support this surge, resulting in self-proclaimed “Zoombombers” infiltrating private corporate meetings, Alcoholics Anonymous meetings, online learning environments and more. The company was quick to issue a statement and plan to address these issues, with Zoom CEO Eric Yuan stating in a blog post, “We did not design the product with the foresight that, in a matter of weeks, every person in the world would suddenly be working, studying, and socializing from home.” Yuan added that over the next 90 days the company will “[enact] a feature freeze … shifting all of our engineering resources to focus on our bigger trust, safety and privacy issues” and release a transparency report, similar to reports shared by tech giants such as Facebook, Google and Twitter.
In addition to hacking into and taking command of private meetings, threat actors are masquerading as legitimate organizations with the intention of collecting highly personal information, such as a COVID-19 safety portal allegedly from the World Health Organization and a fake disease prevention waitlist portal. Additionally, a Venmo-like interface was recently discovered in the form of an emergency fund to generate relief dollars for those in need, and the Better Business Bureau has received numerous reports of individuals acting as U.S. Department of Health and Human Services and other government department employees, instructing text message recipients to click on a link for a so-called mandatory online COVID-19 test.