There are new threats that you may have already been exposed to. Here are some of the new threats and advice on how to protect yourself.

During this pandemic, Zoom has emerged as a very popular teleconferencing choice for companies and educational institutions, but a new weakness for Zoom was also discovered. Some online conferences and classes that had not password protected their sessions fell victim to eavesdroppers using the screen sharing feature to “Zoom Bomb” those sessions with graphic images. zWarDial aka the ‘War Dialing Tool’ exposed this flaw showing what can happen when you fail to password protect sessions. While Zoom is working to enhance security and better protect your resources, we recommend that, at the very least, you password protect where possible.

There have also been more than 30,000 new coronavirus-related domains registered since mid-March, although initial investigation shows less than 10% seem to have malicious intent. Domains can be used for phishing attacks, which have also increased using COVID-19. Many new websites claim to share important information like World Health Organization (WHO) COVID-19 updates but instead are the latest phishing or spear phishing attacks looking to damage your data or steal your money. Spear phishing normally is personalized and appears to come from a trusted source (like WHO or someone in your company). In comparison, phishing attacks are cast widely and not personalized.

These new phishing attacks have been very effective, and are costing people money. As of April 2, 2020, the FTC had received 9,918 complaints related to COVID-19. The average per user loss is $563, but the total loss is $6.85 million. A recent report published by Barracuda Networks shows that 54% of the attacks are scams designed to fool people into either donating money to combat COVID-19 or installing malware on their computer. There is even a new piece of ransomware that has dubbed itself CoronaVirus.

Researchers at Check Phone have seen an increase in “ransomware” attacks to over 2,600 per day on average, with more than 5,000 attacks just on March 28. Curiously, some criminal organizations claim that they do not wish to interfere with healthcare workers and have offered free fixes for some in healthcare. Ransomware groups behind CLOP Ransomware, DoppelPaymer Ransomware, Maze Ransomware, Nefilim Ransomware and Netwalker Ransomware have stated that they would provide decryption tools for healthcare workers in most cases. Security firms Emsisoft and Coveware Inc have also announced a joint initiative to help hospitals recover from ransomware attacks for free.

How can you protect yourself in this environment? Below are 4 simple things you can do to avoid falling prey to cyber criminals:

• Pay special attention to inbound social media communications and emails they could include Spear Phishing and regular phishing attacks.
• Turn on two-factor authentication in browsers.
• Use advanced password protection tools like LastPass or KeePass.
• Always ensure you make frequent, regular backups.

Stay safe!