Criminals are exploiting the fear and uncertainty created by COVID-19 to prey on innocent citizens who are only looking to protect their health and that of their loved ones.
Jürgen Stock, Interpol Secretary General
UNICC’s Cyber Threat Intelligence (CTI) team is working closely with UN Agencies, other international organizations, the private sector, academia as well as law enforcement and intelligence agencies to share information on the cyber impact of the Coronavirus outbreak and to have a broader understanding of the active cyber threat ecosystem.
Threat actors are taking advantage of the fear of Coronavirus disease (COVID-19) to carry out their malicious activities, such as the spread of malware, access to confidential information or to financial assets.
The current situation makes all of us vulnerable for malicious exploitation, either intentional or opportunistically. Cyber criminals are misusing this crisis to deploy malware and make money. For instance, there is a rise in COVID-19-themed Ransomware campaigns.
Tima Soni, Chief, Cyber Security Section, UNICC
In order to be able to take advantage of the current situation, threat actors will heavily invest in disinformation, where its primary mission is to increase uncertainty with the purpose of creating fear, anxiety and uncertainty. To get into a favorable position, threat actors will mimic legitimate services.
Moreover, the imposition of unplanned 100% work from home status for millions of people has introduced a huge risk. Increasing vigilance is now more important than ever to stay safe online.
Here are some tips to help you stay safe through the current crisis:
- Use trusted sources such as legitimate, government websites for up-to-date, fact-based information about COVID-19. An example of how threat actors can use non-official sites to spread malware is the abuse of the Coronavirus COVID-19 map from John Hopkins University of Medicine.
- If you are trying to buy medical supplies online, take the time to verify that you are in fact dealing with a legitimate and reputable company, otherwise your money could end up in the hands of cyber criminals. Check online reviews of any company offering COVID-19 products or supplies. Avoid companies whose customers have complained about not receiving items.
- Independently verify the identity of any company, charity or individual that contacts you regarding COVID-19. Do not click on links or open attachments which you were not expecting to receive or come from an unknown sender. There are phishing emails claiming to be from national or global health authorities, with the aim of tricking victims to provide personal credentials or payment details, or to open an attachment containing malware. Scammers use subject lines related to Coronavirus, and these emails appeare to look legitimate, sometimes spoofing WHO or other government organizations dealing with the outbreak.
- Be wary of unsolicited emails offering information, supplies or treatment for COVID-19 or requesting your personal information for medical purposes. Legitimate health authorities will not contact the general public this way. Remember, if a vaccine becomes available, you won’t hear about it for the first time through an email, online ad, or unsolicited sales pitch.
- Don’t fall for telephone fraud. Criminals call or send text messages to victims pretending to be hospital officials, who claim that a relative of the victim has fallen sick with the virus and request payments for medical treatment.
- Be cautious of “investment opportunities” tied to COVID-19, especially those based on claims that a company’s products or services can stop the virus. If you decide to invest, carefully research the investment beforehand.
- Make sure your home PC or laptop is up-to-date with security patches and an updated antivirus before accessing infrastructure resources remotely. Don’t forget to update your Wi-Fi router and printer with firmware patches too.
- Make sure your home Wi-Fi is secured (not “open”) so that connections are encrypted. Don’t use open or public Wi-Fi.
- Enable Multi-Factor Authentication where this option is available.
- Check the websites and email addresses offering information, products or services related to COVID-19. Be aware that scammers often employ addresses that differ only slightly from those belonging to the entities they are impersonating. For example, they might use “cdc.com” or “cdc.org” instead of “cdc.gov.”
- Spread the word at home and specially children who will be spending more time online.
With a flood of Coronavirus-themed malicious campaigns, UNICC’s Information Security services team will continue to identify dangerous players capable of jeopardizing our Partners’ missions, and to ensure the United Nations can continue delivering its mission uninterruptedly, now when this is more critical than ever.