Watch Yourself Online During Lockdown, Because Others Are Watching You More
DLA Piper’s NZ cybersecurity lead, Nick Valentine says keep your guard up.
It’s a sad fact of human nature that just as we’re all pulling together to defeat this coronavirus, others are waging war against us online. Sophisticated hackers smell blood when society is wounded, and people trying to do business from home are as vulnerable as recreational users of the internet. Law enforcement and cybersecurity agencies around the world are reporting a surge in cybercrime related to COVID-19.
These are sophisticated ‘bad actors'. They can target individuals and companies after researching them (such as through phishing or whaling attacks), or they hack conferencing apps, many of which have suddenly become to the ‘go to’ way of keeping in touch with your colleagues or scheduling virtual consultations. Remote work programs that normally would be designed, tested and implemented incrementally over an extended period are being operationalised for entire workforces with no period of planning or adjustment.
This may be the fastest and most disruptive technological shift in global work conditions in history. But while these apps are easy to access and generally low cost, they present unique cybersecurity challenges for everyone, including businesses, employees, schools, universities and students.
Employees at home on laptops linked to organisational software is fine normally, but not when there has been a rush to have everyone try and work this way, and an individual’s security and virus protection may be sub-optimal.
We are probably familiar with, and on the lookout for, the emails purporting often to be from big box retailers offering rewards. Lately, messages (including SMS) that seem plausible at this time are arriving as well, relating to the tracking of courier deliveries, Coronavirus tracking maps, or a genuine-looking communication from a retailer telling you new stocks of hand sanitiser have arrived. What distinguishes them from the usual bogus arrivals is their sense of urgency, aligned with the times and preying on the anxieties that exist in most homes at present.
And there is the question of who you can trust. People across the world are claiming they have been the victim of hacking linked to their use of online networking and collaboration platforms. The platform providers generally deny this can happen, but the alarm over what is safe and what is not is widespread. Definitely malign are the new Covid-19 map apps, capitalising on the high interest in the virus’ spread.
Social distancing just isn’t possible when it comes to technology. The clickbait on offer will spread malware and steal valuable commercial and personal information. Hackers have been open on their own forums about their intention to decrypt files, steal data and sell it. The Maze cyber-extortionist group issued a 'press release' on March 18 advising that they were (benevolently) offering discounts on their ransom demands for decrypting hacked systems and deleting leaked data.
What can we do? Be careful on your conferencing platforms. Double check emails to make sure the senders have proper addresses. Look for poor or odd wording in communications; thankfully the hacking world is not yet full of professional writers. Don’t share personal or financial information via email unless you are sure of security. Be alert for communications that seem official, but upon closer observation are not. Don’t be in a hurry to click on links. Where possible, use secure VPNs and multi-factor authentication and only use software and applications that have been authorised by your IT team (and make sure they are 'patched' to the highest available version). Back up your data, refresh your passwords… and cross your fingers.