The COVID-19 pandemic has brought massive disruption to the South African and global economy. How are cybercriminals taking advantage of the uncertainty and pressure facing businesses and consumers – and the fact that millions of employees are working remotely?
“Within the next six months, we’re going to see major data breaches and compromises in the corporate world.”
According to KPMG Cyber Security Leaders, there has been a pivot towards phishing scams and malware that use COVID-19 as a lure. Phishing emails capture personal data and financial information by masquerading as helpful offerings relevant to the pandemic, such as:
- Providers of information about vaccines, medical supplies such as masks and ventilators, and short-supply commodities like hand sanitisers
- Portals to apply for payment of government assistance during the economic shutdown
- Downloads for technology solutions in high demand, such as video conferencing platforms
- Crucial updates for enterprise collaboration solutions and consumer social media applications
- IT service providers that take payment to provide tech support services.
In a recent BizNews podcast episode, Alec Hogg interviewed Derek Wilcocks (Discovery’s Group Chief Information Officer) and Zaid Parak (Chief Information Security Officer at Discovery) about maintaining cybersecurity in Discovery.
Zaid echoed KPMG’s findings that phishing scams and malware attacks are on the rise: “With so much uncertainty and change in the business world, spam and phishing attacks have increased tremendously and are the predominant attack vector being used right now. Since January this year, cyberattacks have increased globally. In the South African context, we’ve seen literally a doubling in attacks of various sorts on a weekly basis – to the point where over April and May, these attacks were at the highest levels ever seen.”
“From a skills perspective, the attackers are changing their tactics, they’re taking full advantage of the potentially insecure networks used by remote employees and they often choose compromising the home network rather than going for the corporate networks. The denial of service generally used to be against websites and has now shifted to remote services infrastructure like your VPNs and so on. We also have a gut feeling that right now the attackers are sort of ‘spraying and praying,’ trying to get a foothold. Within the next six months, we’re going to see major data breaches and compromises in the corporate world.”
What form can cyberattacks take?
Interpol offers a report titled Global landscape on COVID-19 Cyberthreat in which they explain that cyberattacks can take various forms:
- Malicious domains registering the words “COVID” or “corona” to take advantage of people’s searches for information on COVID-19. (According to MarkMonitor, there have been more than 100 000 COVID-19 domains registered since January 2020)
- Online scams and phishing in which fake websites entice victims to open malicious attachments or click on phishing links, letting criminals perpetrate identity theft and access people’s accounts illegally
- Data harvesting malware which uses information related to COVID-19 as a lure to compromise networks, steal data, divert money and build botnets
- Disruptive malware such as ransomware (malware that blocks access to a business’s computer system until a sum of money is paid) and distributed denial-of-service attacks
The UNODC adds that “Senior citizens, who are often less sensitised to online risks, are explicitly profiled and targeted by cybercriminals to download and forward ransomware-infected links through COVID-19 spam emails and spread disinformation amongst friends and family.”