Coronavirus: The effect of a pandemic on digitisation efforts and cyber security

The survival, actions and inactions of humans is heavily dependent on both fear and anxiety, requiring people to respond to growing threats that endanger lives, as well as being able to deal and overcome existential threats. These threats have metamorphosed in various ways – political upheavals, health, cultural tensions, religious uprisings, terrorism, natural disasters, among others. Technology in the 21st Century has taken a centre stage in the wake of information sharing through various digitised platforms, predominantly social media which has directed the attention, emotions and reactions of internet users the world over.

The novel Coronavirus (COVID-19) has since its emergence in December 2019, resulted in an increase in internet usage, information sharing, patronage of digital or e-commerce platforms and social media platforms. Vodafone, the world’s second largest mobile telecommunications operator, with about 120 million customers have in March 2020 recorded an upsurge of internet usage of 50% in some European countries as consumers turn to services such as online educational studies, increase in online sales and marketing services, online religious activities, shift to working at home and turn to services due to lock down of affected countries. Technology has also led to panic of people as a result of the need to access information about the status, impact and the efforts nation-states are making to prevent the spread of the pandemic. Industry analysts have revealed that the sudden changes in consumer patterns leading to about 35% increase in the patronage of e-commerce and digital retail products have increased the risk exposure to fraud and cyber-attacks.

Analysis by cybersecurity professionals throughout the world cannot underestimate the impact of the COVID-19 pandemic in shaping the cybersecurity threat landscape. No single health crisis after the emergence of internet has changed the technology landscape more than the emergence and impact of the Coronavirus. The lockdown in countries and the sudden activation of “work from home” policies by organisations have put the preparedness of IT systems to test as more than a third of the world’s corporate workforce have to conduct business activities in the confines of their homes exposing the difficulties in managing the security of IT assets used by staff and ensuring Confidentiality, Integrity and Availability of corporate data.

A remote workforce can make it more difficult for IT staff to monitor and contain threats to network security. In an office environment, when a threat is detected, IT can immediately quarantine the device, disconnect the endpoint (i.e. the compromised computer) from the corporate network while conducting investigations. Organisations will be experiencing an unprecedented amount of traffic accessing the network remotely. Companies with an agile workforce have been preparing for this contingency for some time and will be well-equipped to maintain network integrity, through the use of sophisticated virtual private networks (VPNs) and multi-factor authentication. There is a risk that the increased volume of network traffic will place a strain on IT systems and that employees will be accessing sensitive data and systems via unsecure networks or devices.

There has been significant increase in business email interruption scams in which a number of email accounts have been compromised through a phishing email, hackers sending fraudulent invoices purporting to be from legitimate vendors, altered wiring instructions with the money going to the hacker’s account, among others. In Ghana, the e-commerce industry is beginning to see a number of smishing (perpetrated through SMS) and vishing scams (perpetrated through scam calls). The use of malware and ransomware by cybercriminals is becoming a regular trend, as analysis and intelligence received by e-Crime Bureau reveal compromise of a number of computer systems and digital devices of individuals and corporate executives. This is due to the high demand of e-commerce platforms as cybercriminals have infiltrated the spread of Covid-19 updates and messages through the creation of malicious internet links, malicious websites, fake mobile applications, etc. which have widely been on circulation on social media platforms and have compromised user credentials of users.

Some phishing emails orchestrated around Coronavirus advisory targeting corporate websites and email accounts have led to an increase in the number of cases of Business Email Compromise schemes over the past three (3) to four (4) weeks. The first wave of the Coronavirus phishing scams discovered by IBM X-Force and Kaspersky in Japan warns about infected patients being reported in victims’ local areas. The messages, in Japanese, urge victims to open a Word document containing malicious code. A number of such emails have circulated within the internet space of Ghana. Other groups adopt the coronavirus themes in an "email thread-hijacking technique" that led targets to download and install the malware. So far, the identified emails have predominantly captured in Japan. This approach can be used to steal financial information or login credentials.

In the UK, coronavirus scams in the month of February 2020 cost victims and organisations over £800,000.00 (equivalent of nearly $1M). By the end of January, as the global death toll of the coronavirus reached 213 and more than 9,000 cases were reported, malicious actors started leveraging public fear to spread the notorious Emotet malware, a banking trojan that primarily spreads through malspam (spam emails) and attempts to sneak into computers to steal sensitive and private information.

Within the first week of February 2020, Sophos reported a global phishing scam exploiting the coronavirus. The email carries the logo of the WHO and exhibits the usual spelling and grammatical mistakes that should act as indicators to victims that this message is not what it seems. The link embedded in the message brings users to a compromised music site using insecure HTTP and shows a fake WHO page with a popup form asking for email verification and password. Upon submitting credentials, users are redirected to the real WHO site. A very basic attempt at stealing credentials, brimmed with red flags.

By the end of February 2020, MailGuard reported a widespread email scam in Australia leveraging the coronavirus fear. The malicious emails are signed with “Dr. Li Wei” and are titled “Corona-Virus Affected Company Staff.” The sender of the emails was identified to be from a freshly registered domain, likely created for the sole purpose of the scam. The message urges victims to open the attached file, which allegedly would contain pictures, countries, names, and companies of COVID-19 infected people.

While automated content generation by machines for disinformation and fake news campaigns are yet to be reported, automated (machine) bots are already claiming a fair amount of the malicious activity surrounding the coronavirus in the form of spam bots. Imperva recently discovered pharmaceutical spam campaigns performed by bots thriving on the need for information about the virus.

Bots have been used as another means of injecting popular and frequently searched keywords to increase the visibility and ranking of website in search results. ‘Coronavirus’ is an often-searched term in Google and using it on a page will rank the page and website favourable in search algorithms thereby aiding them to engage their targets and unsuspecting victims.

Cyber-criminals have also launched a fake coronavirus threat map website to steal personal information from the public. The site joins a growing number of COVID-19 scams exploiting via the link corona-virus-map.com.exe. To give the fake and malicious map an extra aura of authenticity, criminals have designed it to mimic a legitimate COVID-19 threat map created by Johns Hopkins University that similarly shows countries hit by the virus together with the latest statistics.

Organisations that will survive the fallout within this period of institutional lockdown will be the ones that have consciously complied with the best practice of isolating and segregating their core operations and services. Organisations need to adopt some specific cyber security best practices to scale up their cybersecurity preparedness against the emerging risks. These include the use of Virtual Private Network (VPN) on corporate and even personal computers of all employees working remotely, adopt a two or multi-factor authentication for emails and other digital transactions, e-commerce websites and e-payment platforms must review their cyber security preparedness against any imminent cyber-threats.

IT Departments and Management Teams must assess the cyber security preparedness of staff working through short quizzes and cyber-threat advisory cautions on a regular basis. IT Teams must constantly monitor functional systems to detect and respond adequately to real-time threats. They are advised to adequately back-up systems of organisational data and seek professional support in complicated cases of cyber breach to resume business activities and guard against similar attacks in the future.

Employees need to be reminded of the types of information that they need to safe-guarded. This often includes information such as confidential business information, trade secrets, intellectual property, work product, customer information, employee information, and other personal information (information that identifies a person of household). This requires a review of organisations’ information security policies that specifically address the risk exposures in handling sensitive information such as corporate and individual client records, employee record, audit records, medical records, financial records in the period of implementation of the “work from home” measures.

Individuals must avoid sharing unverified links concerning updates on COVID-19 as more than 55% of such links in circulation have been identified to be embedded with malicious content that can compromise end users. Institutions are advised not to rollout digital products or application without proper cyber security assessment of these platforms before making accessible for customer consumption. Institutions as a matter of urgency must activate business contingency plans in case of any cyber-breach to maintain business continuity.

They must make the effort to investigate the most trivial and detected cyber breach. Companies must educate existing and prospective clients to adopt proper cyber hygiene as their transactions may be compromised due to poor end user practices. It is essential that employees exercise extra vigilance and report any suspicion of breach on their computers and/or digital devices when undertaking official tasks outside of the office environment.

Stay Home, Avoid the Spread…Be Cyber Safe!