Life in 2020 can feel like a minefield. It seems like everything is fraught with risk, from shopping for groceries to sending kids to school to enjoying a meal in a restaurant. That risk doesn’t stop with your online life, either. While you can’t contract the coronavirus online, there are plenty of cyber criminals who have turned the pandemic into an opportunity to launch malicious attacks on small businesses.
The fact is, the changes that the pandemic has brought to our lives, including working remotely from home and the ongoing thirst for new information about the virus and its effects on our lives, have created new opportunities for criminals to launch attacks on businesses. In fact, one study found that about a third of businesses have been the target of more cyber attacks than usual since the start of the pandemic.
As it appears that COVID-19 won’t be going anywhere anytime soon, it’s more important than ever that businesses increase their security efforts (the same survey revealed that 66 percent of businesses plan to improve their security structure in light of the changes brought on by the pandemic) and implement advanced threat protection capabilities. It’s also become important to learn to recognize pandemic-related attacks on your business, and take steps toward stopping them before they lead significant breaches.
The Most Common Pandemic-Related Cyber Attacks.
Cybercriminals are opportunists, and COVID-19 has created a plethora of opportunities for them to attack businesses. Some of the most common attacks include:
Email Phishing Scams. Attackers are using email to steal credentials, preying on coronavirus fears and the fact that many companies had to make quick adjustments to their security structures to allow for remote work. Despite often looking less professional than phishing messages in the past, many of the newer messages designed to tap into concerns about the virus. And where employees might have been more cautious about clicking on unfamiliar emails in the past, research shows that since the pandemic began, they are three times as likely to click on a phishing email in the past, especially if it contains hot-button words like coronavirus, COVID-19, masks, vaccine, or restriction.
Other common email scams related to the pandemic include:
- Fraudulent termination or layoff notices
- Fraudulent emails related to unemployment benefits, insurance coverage, or assistance programs
- Fraudulent emails, texts, or phone calls claiming to be from contact tracers, notifying individuals of positive test results or contact with a COVID-19 case
- Fraudulent links to the Small Business Association loan program
In any case, these scams are designed to collect information, inject malware, or both.
Phishing Websites. Phishing emails aren’t the only ways hackers are trying to steal information from unsuspecting victims. In the early days of the pandemic, as many as 90 percent of websites that claimed to be related to COVID-19 were fact, and were in fact phishing sites designed to collect information or spread malware. People desperate for information were more likely to click on these suspicious sites, unaware that they were spoofed or malicious.
Fake Contract Tracing Apps. Contact tracing is a legitimate and important aspect of controlling the pandemic, but as yet, there are no official apps available in the U.S. to notify individuals of contact with positive cases. Yet scammers have released these so-called apps, tricking individuals into downloading them in the interest of safety.
Ransomware. Although there’s no specific evidence linking COVID-19 to an increase in ransomware, researchers have determined that the number of ransomware files found online since the pandemic began has increased anywhere from 72 to 105 percent. There’s suspicion that the increase in people working from home and the more lax security arrangements to allow that to happen have contributed to this significant increase.
Brute Force Attacks. With more people working from home, that means more endpoints accessing corporate networks. And that has led to an increase in hackers attempting brute force attacks, especially on remote desktop protocols.
How to Protect Against These Attacks.
With the increase in pandemic related malware and attacks on business, how can you protect yourself?
For starters, education and training are more important than ever. Employees need to be reminded about best practices when it comes to email, and learn to recognize potential phishing scams. Remind employees of the signs of a phishing email, and ask them to confirm anything that looks suspicious. By the same token, remind employees how to evaluate websites, and avoid suspicious domains.
As far as stopping ransomware and brute force attacks, advanced threat detection and protection, up-to-date antivirus software, and committing to using VPNs and secure internet connections is the best way to keep your network safe. Even if you have already made changes to your security protocols over the last six months, recommitting to basic security practices is key to keeping your business safe during these challenging times.