Cyber Threats Rise in Times of Uncertainty, Fear
By Keith Morelli
TAMPA (March 26, 2020) -- The dark threat of someone intruding into your cyberspace is ever present. It’s no secret that hackers have a variety of ways to infiltrate your computer systems, steal your identity, your Social Security, bank account and credit card numbers. And with millions of employees now working from home, new portals are opened for cyber thieves to enter, not only personal, but corporate computer systems.
Such scammers are always a threat, but now, as the COVID-19 pandemic grips the world, the panic and fear is bringing out the worst in these bad actors, said Sagar Samtani, an assistant professor in the USF Muma College of Business’ Information Systems and Decision Sciences Department. Samtani is an expert on the dark web and the nefarious types who pilfer personal information to sell to the highest bidder on the cyber black market.
In times of stress, when uncertainty rules a population, these hackers are quick to exploit the situation. Increases in the waves of bogus emails are now crashing over unsuspecting employees remoting in for their work and cybersecurity researchers knew it was coming.
“Over the past few years, we have seen a significant increase in the amount of hackers trying to take advantage of societal tragedies,” Samtani said. “They often prey on the fear, angst and panic of the general public to illicit an emotional response that they wouldn’t necessarily give in normal circumstances.
“Common examples of cyber thefts and scams that increase during these times,” he said, “are fraudulent websites.”
And a perfect way to get people to go to fraudulent websites is through bogus emails. This is called phishing and these fake emails can appear to be from friends or acquaintances or other trusted sources.
Working from Home Provides a New Portal
A new pathway for hackers to infiltrate systems is now more prevalent than ever, as many employees are working remotely, or from their homes on their personal computers. This has the potential for cyber thieves to make their way, not only into personal computers of workers, but into large, usually well protected systems of the organizations that employ them.
“Often times, employees working from home may not have the same enterprise-level protections that they may have when they are at their workplace,” Samtani said. “Many organizations will aim to update software, especially anti-virus, on a regular basis. However, when employees work from home, they may not consistently employ these same safeguards.
“Therefore, the security risk for an organization can be more diversified when employees work from home.”
It is critical for people to make sure they maintain good cyber-hygiene during these times, he said, including the use of a VPN service, being aware of scam or phishing emails and websites, updating software and anti-virus regularly and keeping offsite and cloud-based backups.
Additionally, Samtani said, people working remotely should closely manage who has access to personal systems, ensure Wi-Fi security, create complex and easily remembered passwords.
Remote Workers: Expect More Phishing
KnowBe4, a Clearwater-based worldwide provider of security awareness training, reported earlier this month that it has noticed an influx of COVID-19-related phishing scams.
These scams came in three successive waves, KnowBe4 officials said in a statement released this week. The first wave of phishing attacks offered basic information about the pandemic as well as spam/scam emails pushing questionable products and services. Many of these seemed to come – but weren’t – from places like the World Health Organization and the Centers for Disease Control and Prevention, said the statement.
The second phishing wave brought cyber criminals trying new approaches to trick users into clicking through to malicious content. And now, in the third wave, researchers report seeing repurposed standard phishing templates turned into coronavirus-related phishing scams.
“I’ve never seen anything remotely like this,” said Eric Howes, principal lab researcher with KnowBe4, which entered into a partnership with the Muma College of Business last year to train students in cyber hygiene and how to detect cyber threats. “The cyber criminals who weren’t running coronavirus-related phishing scams have now gotten in on these types of scams.
“With the majority of the global workforce now working from home, everyone needs to be extra vigilant when clicking on links and downloading attachments from emails, especially if the email is related to the coronavirus.”