Hackers always exploit fear, uncertainty, and doubt, and COVID-19 presents the perfect opportunity for them. It’s an unfortunate reality, but hackers can and will leverage our fear of a biological virus to infect us with a digital virus.
There is a significant amount of mistrust and misinformation already happening on a global scale, particularly concerning COVID-19. When people don’t know what’s going to happen next, hackers use that to their advantage to create malware or “scareware” that targets such anxiety.
Leveraging shock and fear
Hackers can exploit fear around the virus with links to content pretending to give fake information from the CDC, notices concerning quarantines, school closures, and more official-looking letters, links, texts, emails, and so forth. When people are scared and isolated, they become easier targets because they fail to use good cyberhygiene. It’s often the last thing they’re worried about in a panic.
Hackers don’t worry about the ethics of taking advantage of a crisis or confusion. Many may still remember that when Princess Diana died, hackers were creating content that pretended to share details of the crash and installed malware that infected those who downloaded the information.
The current pandemic represents an even wider, more digital audience that is highly susceptible and at risk of being taken advantage of. Imagine receiving an email with the title “Latest breaking news from the CDC in the state of New York.” Many people would inevitably click on it, and hackers would use sensational and breaking news statements to their advantage.
While social distancing is a reliable way to help slow or even stop the spread of a biological virus, it could have the opposite effect when it comes to cyberviruses. Working remotely means more people will be isolated from their peers, unable to make good cyberdecisions. In the quest for more information about the virus, they may click on links or download things that put them at risk. They will also be more distracted and more likely to use social media, which can be a hotbed of misinformation.
According to a Lookout report, the rate at which people fall for phishing attacks on mobile devices has increased by 85% every year since 2011. Malware and links can be easily masked as legitimate, so it’s crucial for people to be vigilant while working alone.
As more people work remotely, they will also be using their personal devices (computers, phones, etc.) to conduct more business. Employees must be very careful not to download sensitive information to their personal devices, but instead, use technology that enables them to access their work computer remotely. In an ideal situation, they should all use a work-issued laptop that is patched appropriately. The key to working remotely is to stay calm, use good judgment, and always do a gut check on what you are clicking on and opening.
Tapping the latest tech trends
Hackers are always using the latest trends to bait people in new ways, for example, through malware hidden in video and audio links. Recently, there has been chatter online that shows how hackers can create cloned news websites that look and sound just like the real thing. They are purporting to share critical information, but such a site actually includes malware when it is clicked and downloaded. During a time when misinformation is rampant, this tactic, in particular, could be incredibly successful.
Overall, it’s highly probable that cyberattacks will intensify. Hackers don’t pay attention to the ethical circumstances; they don’t feel bad stealing your information, even during a global crisis.
They know a lot of people are worried and anxious and looking for clear information on COVID-19 and will absolutely take advantage of people being in a panic and isolated from each other.
While it’s likely that hackers may initially target hard-hit countries such as China, Japan, Iran, South Korea, and Italy because of the heightened tensions, every global resident must stay vigilant. The pandemic goes far beyond borders, and it is only through practicing good hygiene–both biological and digital–that we can help stop the spread.
Aleksandr Yampolskiy, PhD, is the CEO and cofounder of SecurityScorecard.