DLA Piper’s NZ cybersecurity lead, Nick Valentine says keep your guard up.
It’s a sad fact of human nature that just as we’re all pulling together to defeat this coronavirus, others are waging
war against us online. Sophisticated hackers smell blood when society is wounded, and people trying to do business from
home are as vulnerable as recreational users of the internet. Law enforcement and cybersecurity agencies around the
world are reporting a surge in cybercrime related to COVID-19.
These are sophisticated ‘bad actors'. They can target individuals and companies after researching them (such as through
phishing or whaling attacks), or they hack conferencing apps, many of which have suddenly become to the ‘go to’ way of
keeping in touch with your colleagues or scheduling virtual consultations. Remote work programs that normally would be
designed, tested and implemented incrementally over an extended period are being operationalised for entire workforces
with no period of planning or adjustment.
This may be the fastest and most disruptive technological shift in global work conditions in history. But while these
apps are easy to access and generally low cost, they present unique cybersecurity challenges for everyone, including
businesses, employees, schools, universities and students.
Employees at home on laptops linked to organisational software is fine normally, but not when there has been a rush to
have everyone try and work this way, and an individual’s security and virus protection may be sub-optimal.
We are probably familiar with, and on the lookout for, the emails purporting often to be from big box retailers offering
rewards. Lately, messages (including SMS) that seem plausible at this time are arriving as well, relating to the
tracking of courier deliveries, Coronavirus tracking maps, or a genuine-looking communication from a retailer telling
you new stocks of hand sanitiser have arrived. What distinguishes them from the usual bogus arrivals is their sense of
urgency, aligned with the times and preying on the anxieties that exist in most homes at present.
And there is the question of who you can trust. People across the world are claiming they have been the victim of
hacking linked to their use of online networking and collaboration platforms. The platform providers generally deny this
can happen, but the alarm over what is safe and what is not is widespread. Definitely malign are the new Covid-19 map
apps, capitalising on the high interest in the virus’ spread.
Social distancing just isn’t possible when it comes to technology. The clickbait on offer will spread malware and steal
valuable commercial and personal information. Hackers have been open on their own forums about their intention to
decrypt files, steal data and sell it. The Maze cyber-extortionist group issued a 'press release' on March 18 advising
that they were (benevolently) offering discounts on their ransom demands for decrypting hacked systems and deleting
leaked data.
What can we do? Be careful on your conferencing platforms. Double check emails to make sure the senders have proper
addresses. Look for poor or odd wording in communications; thankfully the hacking world is not yet full of professional
writers. Don’t share personal or financial information via email unless you are sure of security. Be alert for
communications that seem official, but upon closer observation are not. Don’t be in a hurry to click on links. Where
possible, use secure VPNs and multi-factor authentication and only use software and applications that have been
authorised by your IT team (and make sure they are 'patched' to the highest available version). Back up your data,
refresh your passwords… and cross your fingers.