The rise in cyberattacks has been noted around the world as the dreaded coronavirus disease 2019 (Covid-19) spreads its deadly payload. Cybercriminals and scammers have taken advantage of the resulting lockdowns and continuing community quarantines to release various viruses and malicious codes to an unsuspecting public.
Also, the work-from-home mode of transacting business by a sequestered workforce has increased the attack surface or broadened the landscape open to virus intrusions. The surge in the use of the digital infrastructure, most prominently the internet and corporate networks, the financing institutions, in particular, has made more people and enterprises vulnerable to cybercrime.
Among a glut of cyber threats in today’s Covid-19 ravaged world, the following 10 stand out as the most prevalent and persistent online pests:
1. Phishing. It’s a deceitful way of obtaining sensitive information such as passwords and credit card details by masquerading that the request came from a trustworthy party. It could take the form of computer or short message service (SMS) phishing with the intent to deploy nasty viruses or to steal personal credentials for ransom. Today, the most publicized incidents involve spurious emails (e.g. donation petitions) on the Covid-19 situation supposedly coming from trusted organizations like the World Health Organization and our own Department of Health.
2. Card skimmers. Criminals attach a hidden recorder on the automated teller machine (ATM) to gather account data on cards swiped on the compromised machine and later on use the recorded data to steal from the account. This is a particularly sinister form of illegal hack nowadays when locked down citizens rely on their ATM cards for money to pay for daily needs.
3. Spyware. This is a software or code embedded in the computer or phone that secretly leaks or transmits data in the compromised computer to other interested parties.
4. Malicious smartphone apps. Typically, this is an SMS spyware or hidden Trojan that collects vital information or records conversations that are afterwards repurposed into attack vectors against the victim’s own device.
5. Brute force. This refers to a security breach to crack the password or protective code by using an automated means of sending thousands or even millions of possible passwords to the target computer or device.
6. Malicious domains. New illegitimate websites are being created every day to carry out spam or phishing with domain names related to coronavirus or Covid-19 and make money from unsuspecting online visitors.
7. Malware. Usually downloaded from an email, malware refers to software or malicious code intending to do harm on the computer or device, or to gain unauthorized access to the system for illicit purposes such as stealing information and/or corrupt the hard drive.
8. Ransomware. This attack vector disrupts the entire system by withholding access to it and only gives back control to the users once a ransom has been paid to the cybercriminals. Several ransomware episodes in healthcare facilities as well as disruptions in systems that track the coronavirus have already been reported.
9. Malicious contact tracing app. The scam works by directing the recipient of an SMS message to a website where he or she must input several personal information that may give hackers access to the person’s bank account. It’s a despicable way of abusing the trust of innocent people who are only helping out others in a time of grave need.
10. Zoom-bombing raids. Cyberattackers disrupt video calls by inserting or spouting lewd messages or politically motivated spiel in an ongoing online meeting. A videoconference led by Pasig Mayor Victor Maria Regis “Vico” Sotto was Zoom bombed with nude images while a Go Negosyo online forum on Covid-19 participated in by chief executive officers was also Zoom bombed with pornographic animé. Zoom bombing is feared to become so pervasive that the Federal Bureau of Investigation is pushing to criminalize the act of Zoom bombing.
Beware, these 10 online plunderers continue to evolve. In fact, within the malware family itself, there must be at least 50 other variants, each with its own illegal specialty. To name three, there’s Avemaria which is a remote access Trojan; NetwiredRC, with the capability to spy on, manipulate and steal data; and AzoRult. whose threat entails malicious phishing and drive-by exploits.
Be very aware, indeed. You may be next in line on the scammers’ homing device.