Threat actors are using COVID-19 to exploit victims through malicious acts such as malware scams, compromised credentials, phishing campaigns, and other methods. As a result, cyber-attacks that prey on pandemic concerns are increasing with 57% of Canadians reporting that they have been victims of cybercrime. This key finding is from an online survey of 2000 Canadians conducted by Ryerson University in May. These sophisticated and well thought out COVID-19 theme threats have not only disrupted individuals’ lives, but organizations as well. The health sector, for example, has not been immune to cyber-attacks at a time when it is under severe pressure.
3 COVID-19 theme cyberattacks targeting Canadians
Ransomware attacks on the health sector
The health sector has been a prime target for ransomware threats, with increased attacks on patient records and medical research. These attacks are intended to hijack computers, capture and steal data, and defraud hospitals, labs, and clinics of funds.
Credential stuffing to steal relief payments
Hackers targeted the Canadian Government through an online portal (GCKey) and stole COVID-19 relief payments using credential stuffing. This attack occurs when hackers use stolen usernames and passwords on various sites and eventually finds an account that uses the same log-in credentials. The site was also compromised because there was no two-factor authentication (2FA) in place.
Malware distributed through fake COVID-19 contact-tracing app
One of the most sophisticated attacks is creating a fake COVID-19 contact-tracing app, which is a ransomware trap. People are tricked into downloading the app because it is designed to appear like an official government of Canada tool. When downloaded, ransomware encrypts the user’s data, locks them out of the system, and the only way to regain access is by paying a ransom.
These cyber-attacks call for individuals and organizations to be more vigilant and put in place proper hygiene measures to protect their privacy, data, and funds.
5 helpful tips for individuals and organizations to increase protection
Establish a backup infrastructure
Organizations should have a backup policy in place to avoid being victims of a ransomware incident. Backups allow a company to bypass a cybercriminal’s ransom demands by restoring files from an offline backup infrastructure. Backups should be performed often to ensure the most current information is stored securely.
Use a VPN
Connecting to the internet, whether at home or work, makes you vulnerable when online. A Virtual Private Network (VPN) allows you to protect your privacy and hide your online activity from prying eyes. If you’re working from home due to COVID-19, using a VPN is a smart way to help prevent hackers from intercepting sensitive information.
Use a different password for each account
This next tip might seem tedious, but one of the best ways to evade a malicious attack, such as credential stuffing, is by creating a unique password for each account. Passwords should not be shared across multiple accounts. And each password should be hard to crack by using a passphrase or a combination of letters, numbers, and symbols. For help to keep track of the multiple passwords, consider using a secure password manager.
Activate two-factor authentication
Another recommendation for avoiding credential stuffing is enabling two-factor authentication. This security measure adds a second layer of protection as additional security information is required to access your device or account, such as a pin or answer to a security question. Whenever possible, organizations should implement this security feature.
Update operating systems and applications
If hackers are aware of vulnerabilities, they can exploit them and gain access to your device. One way to remove those vulnerabilities is by keeping your operating system or other applications patched with the latest updates. Patching also includes making sure that anti-malware and anti-virus tools are up to date.