With nearly everyone relying on the Internet for some or all of their information, shopping, entertainment, and work these days, it should come as no surprise that cybercrime is projected to cause six trillion dollars of damage worldwide by 2021. Currently, hackers are preying on COVID-19 fears while people try to work and stay in touch using email, text, and apps like Zoom. This blog reviews both of these highly targeted areas and provides you with ways to drastically reduce your risk.
Eighty percent of all cybersecurity risks can be mitigated by adopting sound practices rather than deploying expensive security tools. It is critical that organizations adopt a proactive approach. In 2019 it took the average business seven months to identify a breach and another four months to contain it. Their average total loss was nearly four million dollars.
We have all been receiving a flood of legitimate coronavirus notifications. However, since our original PSA was shared in-house some of our team members have already reported malicious text messages, some of which claimed to have been sent by their banks! Here are some guidelines to follow to make sure we don't become victims of bad actors. We can’t afford to have our lifelines to the world compromised during this challenging time.
As with other high-profile events, attackers are taking advantage of the COVID-19 pandemic by luring victims into opening attachments in malicious emails or clicking phishing links in texts. This is an ongoing worldwide campaign of malicious emails, texts, and phone calls designed to infect your electronic device, steal your money, and/or compromise your identity. New variations are emerging daily, and these will likely continue for months.
Watch carefully for emails and texts that contain the following words and file extensions below. Don’t open (or view) anything that you are not expecting. Instead, contact the sender to confirm the contents, and if they can’t - delete the file without viewing it.
Examples of malicious subject lines:
Coronavirus (COVID-19) Update//Business Continuity Plan Announcement Starting March 2020
POEA Health Advisory Re-2020 Novel Corona Virus
Latest Corona-Virus Updates
UNICEF COVID-19 Tips App
Warning! Corona Virus
Examples of malicious file attachment types:
AWARENESS NOTICE ON CORONAVIRUS COVID-19 DOCUMENT_pdf.exe
CORONA VIRUS AFFECTED CREW AND VESSEL.xlsm
Coronavirus COVID-19 upadte.xlsx
CORONA VIRUS1.uue
covid19.ZIP
Do not install any apps for COVID-19 information from WHO (the World Health Organization) or anyone else - even if you recognize their name. Attackers are using redirection exploits to trick people into installing fraudulent applications that will take over your machine. This time around small and medium-sized businesses and their employees are also being targeted. Be very skeptical of any investment ‘opportunities’ tied to this pandemic.
Working safely with Zoom
With about 200 million daily PC and Mac users, video-teleconferencing (VTC) leader Zoom has become a favorite easy-to-use platform for people working from home during the pandemic. It has also become a huge target for hackers, especially as users have quickly adopted new apps and technologies without fully understanding their risks.
Cybersecurity experts have warned that multiple vulnerabilities and a lack of true end-to-end encryption make Zoom unsuitable for high security commercial and government users. According to the FBI, businesses and individuals have been subjected to “Zoom-bombing” during which their hijacked screens displayed pornography, hate images, and threatening language. In 2019, Apple had to push three silent security updates to Mac users in order to remove a hidden local web server (even after the app had been uninstalled) before Zoom fully acknowledged and finally killed the vulnerability. Admitting his failures, Zoom CEO Eric Yuan has now responded by redeploying his entire workforce to immediately meet the privacy and security needs of his customers. In fact, we were just informed that starting April 5, 2020 Zoom will enable meeting passwords and "virtual waiting room" by default.
Bear in mind that all VTC software has become a prime target in recent years. Fortunately, you can significantly reduce your risk if you properly download, set-up, and maintain Zoom or alternative apps. Please learn how to use your apps in order to keep your company, team members, family, and yourself safer. As with many popular apps, expect new vulnerabilities to arise. Consult your IT team leader or service provider for advice. Meanwhile, here are some crucial tips redacted from an advisory issued by CERT-India cybersecurity experts to get you started.
-
Download Zoom only from https://zoom.us/ and keep it up-to-date.
-
Set strong and unique passwords for all meetings.
-
Block the "allow record" feature or allow recording by permission only.
-
Disable “join before host” to prevent anyone from joining before the host and hijacking the meeting.
-
Designate a team member to host the meeting on your behalf using the “scheduling privilege” feature.
-
Enable “waiting room” and approve all participants before allowing them access.
-
The host should “lock the session” after all participants have been screened.
- Do not check email or conduct other background tasks.
-
Disable all file transfers during meetings.
-
Only the host should share a screen.
- Do not click or share links.
The employee-owners at Sun Light & Power want you all to be productive and stay in touch with your family and friends regardless of the circumstances. We urge you to do so safely. Be well.
Nancy Summers is the Director of Sales & Marketing and Seamas Brennan is the Marketing Coordinator for Sun Light & Power