Is coronavirus the newest threat to cybersecurity in the GCC?

The new Covid-19 disease, commonly known as coronavirus, has become one of the most discussed subjects around the world in recent weeks. Declared a pandemic by the World Health Organisation (WHO) on March 11, the disease has affected business operations globally, across all industries, with aviation, hospitality and F&B being particularly affected.

Unsurprisingly, it is a topic that has seen exponential growth online too.

Grad Conn, chief experience and marketing officer at the social media analytics firm Sprinklr, noted that the platform has seen unprecedented spikes in Covid-19 related content, with 19 million mentions of coronavirus across social media sites within a 24-hour period alone this March.

“Coronavirus” has become one of the most searched Google terms around the world, showing a significant upward spike in the GCC from February 16 onwards, which continued through March. Many of the most popular search terms connected to the disease have been related to symptoms, the impact on regional countries and news about the disease. At the same time, security companies have seen a rise in the number of malware threats, seeking to abuse users’ vulnerability regarding their fear and uncertainty around the disease.

“Threat actors often exploit times of confusion or global events to conduct cyber-attacks and email phishing campaigns. These actors are opportunistic and inventive and will seek to exploit the public’s and organisations’ fears in order to perpetuate malicious activity,” explains Jonathan Miles, head of Strategic Intelligence and Security Research, Mimecast.

Indeed, the uncertainty and unpredictability caused by an unforeseen outbreak as with Covid-19 has caused some people to act with what psychologist David DeSteno, an expert on socio-emotional psychology, has described as “a mix of miscalibrated emotion and limited knowledge.”

It is something which has been expressed globally in multiple ways, for example, through consumers panic-buying household items resulting in empty shelves in some supermarkets in certain countries. Online, however, this can also translate to an increase in misjudgement when faced with malware which is designed to specifically target these psychological vulnerabilities.

“One of the most typical ways users are being targeted is through email malware threats. An example is a potentially malicious email [with content about coronavirus] used by scammers as a vector for delivery of malicious content. As is typical in such campaigns, it requires the victim to click on a link or a pdf document, in order to download malicious code, or to be redirected to a malicious URL. The body of the email makes repeated requests to shape the recipient’s action, by suggesting that the link be clicked,” explains Miles.

As much of the information being shared within companies regarding the evolving Covid-19 pandemic is via email, it makes users particularly vulnerable to this type of threat.

Indeed, Miles continues, “the sole intention of these threat actors is to play on the victim’s genuine fear of the impact on them by such global incidents, in order to increase the likelihood of victims clicking on an attachment or link delivered in a malicious email. Ultimately, this will cause the infection of a single machine, a system, or network, or can be made for monetary gain. This is a rational choice by criminals as our research has shown that over 90 per cent of compromises occur by email and that over 90 per cent of those breaches are primarily attributable to user error.”

James Lyne, chief technology officer at SANS Institute adds: “Cyber criminals are, simply put, experts in using the latest news trends to snare clicks. It would be prudent to provide employees and users with authentic information sources to address their fears of Covid-19 to drive them away from the ‘shock and awe’ e-mails or communications they may receive. Some of these may be genuine, but avoiding them entirely is a safer strategy.”

Interestingly, Covid-19 is not unique in terms of the typical spikes seen in threats by cybersecurity firms in the region.

“Following any significant disruptive event that plays on perceived human vulnerabilities such as benevolence and fear, there will almost certainly be an increase in cyber attacks,” explains Miles. “One of the motives for these time-specific attacks is to identify vulnerabilities in infrastructure and defences, which can be exploited and used to improve future attack methodologies.”

How to protect your company from Covid-19 cybercrime

The key way to protect your employees is to “proactively communicate to your users where they can find trusted information and why they should avoid unknown sources,” says Lyne.

Another key step is making sure your company has reliable antivirus (AV) support and good cyber hygiene practices – for example making sure staff use strong passwords and do not enable attachments in the event of malware emails being opened.

“These things will help shore up and support good company-wide cybersecurity practice, so when these unpredictable threats arise, your company is better positioned to remain unimpacted by them in terms of security,” explains Miles.

An intrinsic part of ensuring companies are secure from these type of attacks lies in making sure each employee is informed and empowered to make the correct choices. Organisations should keep staff abreast with how the company is handling a particular or perceived crisis (in this case, the rapid spread of Covid-19) and ensure employees are knowledgeable about best cybersecurity practices.

“It is important that users pause before clicking a link in an email. They should never feel pressured into clicking a link. Most importantly, users should not act on any advice within the email body that they didn’t ask for and were not expecting – for example, an email from an unknown user that demands they click a link from an unknown source,” explains Harish Chib, vice president, Middle East and Africa, Sophos.

“If you are genuinely seeking advice about the coronavirus, do your own research and make your own choice about where to look. Don’t be taken in by the sender’s name. A scam email could say it’s from the ‘World Health Organisation’, but this doesn’t necessarily mean that it is, as the sender can put any name they like in the ‘from’ field.”

There are often key warning signs that users can also look out for when trying to detect whether the email they have opened is malware content.

“Look out for spelling and grammatical errors. Not all scammers make mistakes, but many do,” explains Chib. “Take the extra time to review messages for telltale signs that it’s fraudulent. It will be bad enough if you do get scammed, but you will feel even more foolish if you realise afterwards that there were signs that you could have spotted in the email upfront.”

Although most malware attacks come through phishing emails, there are also many that can be found elsewhere on the internet. In the case of Covid-19, many of the phishing attacks are linked to the spread of misinformation about the disease. Something that in recent weeks, Google and other social media and search engines have been racing to control.

To combat the threat, Sundar Pichai, the CEO of Google and Alphabet made a speech on March 15 announcing that Google would be partnering with the US government to create a website “dedicated to Covid19 education, prevention, and local resources nationwide.”

The website, he explained will “include best practices on prevention, links to authoritative information from the World Health Organisation (WHO) and the Centers for Disease Control (CDC), and helpful tips and tools from Google for individuals, teachers and businesses.”

However, as Chib explains, there are many precautions users can make, without relying on just one website for information, which can be an issue in itself if the website is hacked.

“There is general good practice that people can apply. Check the URL before you type it in or click a link. If the website you’re being sent to doesn’t look right, stay clear. Do your own research and make your own choice about where to look. Never enter data that a website shouldn’t be asking for.”

A key area where cybercrime is rife is in relation to password data. “If you realise you have accidentally revealed your password to scammers, change it as soon as you can. The criminals who run phishing sites typically try out stolen passwords immediately, as it is a process that can often be done automatically. So, the sooner you react, the more likely you will beat them to it.”

Having healthy password protection in place can also lessen the chances of being affected by phishing scams.

“Never use the same password on more than one site. Once scammers have a password, they will usually try it on every website where you might have an account, to see if they can get lucky. Turn on two-factor authentication (2FA) if you can. Those six-digit codes that you receive on your phone or generate via an app are a minor inconvenience to you, but are usually a huge barrier for the scammers, because just knowing your password alone is not enough,” states Chib.

There’s a simple rule the security expert advises to follow to help lessen users’ chances of being exposed by a cyber security scam.

“If you are searching for something to do with the coronavirus, there is no reason for a health awareness webpage to ask for your email address, let alone your password. To lessen your chances of being affected follow this simple rule: If in doubt, don’t give it out.”