Fear of the COVID-19 outbreak has caused workplace and industry upheaval, forcing organisations to consider the remote workforce option as the primary model of work.
There are a plethora of additional cybersecurity challenges stem from the necessity of having staff work remotely to cope with the pandemic.
Maintaining cyber integrity in the face a remote office presents significant risks for most organisations.
- Organisations will have to either create or strengthen cybersecurity policies that encompass remote working, specifically as it relates remote access management (cloud or other).
- Use of personal devices and equipment will obviously be necessitated by working remotely unless organisations are ready with company-owned devices that employees can take home. Personal devices must be empowered with the same degree of security as an official one.
- Networks that remote workforce will use must also be considered and accommodated with the security plan.
- Plans for cybersecurity support, crisis management and incident response for a remote workforce must be created as soon as possible.
- Disseminating information, updates and training to the workforce will be critical to a sustained remote workforce strategy.
Cybercriminals are now using malware, dressed up as a map that tracks Covid-19 cases, to infect the computers of those trying to keep updated on the pandemic.
Cybersecurity researchers have identified several fake COVID tracker maps that infect people’s computers with malware when opened.
The scheme is one of many ways hackers and scammers are capitalising on people’s fears about coronavirus to spread malware.
A recently discovered weaponized coronavirus map was found to infect victims with a variant of the information-stealing malware.
The malware used in this scam has been identified as AZORult, an information-stealing malicious software discovered back in 2016, which collects information stored in web browsers including passwords, user IDs, browsing histories, cookies and cryptocurrency keys.
A cybersecurity organisation issued a threat analysis report about how the malware was embedded in a file, usually named Corona-virus-Map.com.exe, around 3.26MB in size.
Double-clicking the file opens a map that displays the virus’ spread, similar to one hosted by US-based Johns Hopkins University, a recognised source for visualising and tracking coronavirus cases in real-time.
The data in the bogus map is picked up from the Johns Hopkins University one, though the original map hosted the university is not infected and safe to visit.
The acquired data allows cybercriminals to steal credit card numbers, login credentials and other sensitive information.
Cyber attackers are exploiting the massive (and often un-verified) demand for coronavirus-related resources on the web and continue to exploit the dire need for information surrounding the novel coronavirus.
In the desire to be updated and help others get timely information during the pandemic, unwary netizens must employ the caution not only offline but also online. Cybersecurity experts urge users to be cautious when downloading files online.
A senior member of the cybersecurity community said that the Coronavirus is a formidable and fairly unprecedented opportunity to trick panicking people amid the global havoc and mayhem. In light of the spiralling uncertainty and fake news, even experienced cybersecurity professionals may get scammed.
Organisations should urgently consider implement and promulgate a clear, centralised and consistent internal process to communicate all the events and precautions related to the coronavirus pandemic.
Corporate cybersecurity and security awareness should constitute an invaluable part of such communications, as cybercriminals are profiteering from obscurity and uncertainty.