Interviews

Cyber risk and covid

by Mark Rowe

Robin Boldon, Director Product Management for Anti-Piracy at OpSec Security, pictured, writes how covid-19 has impacted cyber security and what businesses can do to mitigate the risk.

For almost a year, the Internet has become a lifeline – helping them maintain contact with others, work, shop, and stay entertained as the global COVID-19 pandemic took hold and accelerated the shift to a largely digital lifestyle. With around 20 per cent of the world’s population placed under lockdown during the first wave of the pandemic, Internet use ramped up to unprecedented levels. However, the threats posed to individuals online have increased also.

Cybersecurity has taken a serious hit as online bad actors have taken advantage of the COVID-19 pandemic and the ensuing changes to digital ways of living and working, leveraging vulnerabilities in new working from home set ups or fledgling digital services. Beyond phishing scams, bad actors have also capitalized on consumers’ fears, resulting in a surge in counterfeit goods such as masks and fake COVID-19 testing kits. For instance, European law enforcement agencies seized more than 34,000 counterfeit and substandard masks and coronavirus medication by March 2020 alone. As well as exploiting fears, criminals have also targeted unmet demand for entertainment, which has resulted in substantial increases in film and TV piracy, and the unauthorized streaming of sport events.

Consequently, brands and Internet users are facing a growing number of threats from many different angles. Yet, in spite of this, the Internet is undoubtedly also a force for good, helping people to stay connected during what has been for many an extremely isolating period and allowing businesses to remain viable by moving their operations online. So, as businesses and brands look to make the most of the online world, what new risks are they facing and how can they mitigate them to ensure they keep both themselves and their customers safe for the duration of the pandemic and beyond?

Changing phishing tactics

Since March 2020, online bad actors have launched a variety of covid-19 themed phishing and malware attacks against workers, healthcare facilities, and the unemployed who have been spending more time online with phishing emails related to covid-19 increasing by 600pc. In the first quarter of 2020, OpSec Security found that SaaS and webmail sites were the biggest targets of phishing, accounting for more than a third (34pc) of all attacks, followed by financial institutions (19pc), and the payment sector (13pc).

As well as increasing in frequency, phishing approaches have also been changing to reflect the times. This has included exploiting concerns about the virus and the desire to keep up with the latest developments to make emails seem more legitimate. For example, some cybercriminals have been spreading malware by adding text from COVID-19 news stories to phishing emails to bypass security software that uses artificial intelligence (AI) and machine learning (ML) to detect it. Without the protections in place to catch these more sophisticated attacks, businesses and brands are leaving themselves, their customers, and their employees vulnerable.

The increase in phishing attacks and use of these tactics has led some companies, including Microsoft, to take stronger action against those committing the crimes to protect themselves and customers. In 2020, Microsoft’s Digital Crimes Unit (DCU) took down a business email compromise operation in which hackers used COVID-19-related phishing emails to infiltrate customer email accounts, contact lists, and sensitive documents in order to send emails that looked like they came from a trusted source. While this isn’t an approach all businesses are able to take, working with the right partners and bodies, and having tools in place to prevent phishing attacks slipping through the net, will mitigate the risk posed by this kind of activity.

Businesses can also take simple measures to educate both their employees and customers about online security, for example, sharing information about how they may be targeted and the ways in which they can keep themselves safe and check for authenticity. As part of this, brands should also outline the proactive steps they are taking to protect their customers. By showing customers that they are front of mind when it comes to security and detailing the brand protection schemes they have in place brands will be able to build trust and ensure that consumers only have positive interactions with their business.

Piracy

The growth in piracy, however, presents a different challenge. With governments issuing the directive to stay at home, other than for essential outings for food or medicine, people have sought more ways to keep themselves entertained. Almost certainly as a result of this unfulfilled demand for entertainment, the piracy of film, TV and music has all shot up across Europe, as bored consumers eagerly search for new content before it is officially available in their region.

In the early days of the pandemic, the scarcity of sporting events also led to live unauthorized streaming of the Belarussian Premier League, as it continued to fulfil its fixtures when other leagues closed down. The Belarussian Premier League is hardly at the apex of international football, so it was no surprise that when the German Bundesliga returned in May last year, it was also subject to streaming piracy.

One distinctive aspect of this streaming piracy is the use of social media platforms, which not only have the advanced technology required, but also provide a forum for a semblance of normal live interaction between fans that adds to the overall experience. The fact that such streaming takes place on well-known platforms also lends them a spurious air of legitimacy that may convince many unwitting consumers.

As well as social networks, illegal IPTV services were quick to adapt and make new live content available to paying customers, some offering discounts to new subscribers with voucher codes using the terms “COVID 19” or “CORONA”. The extent of this problem led the UK police to warn individuals using these services that they should desist or risk prosecution.

Preparing

As online bad actors capitalize on the opportunity presented by a mass shift to the online world, as well as people’s fear over contracting the virus, consumers and brands have become susceptible to cybercrime on an unprecedented scale. From phishing scams to fake personal protective equipment and pirated films, online bad actors have sought to exploit both brands and consumers during the pandemic and with many countries having reintroduced stringent restrictions to cope with a second wave of the virus, spikes in cybercrime may not go away.

Consequently, brands must seek to evolve to meet the challenges of a shifting online landscape and prepare for the fact that the COVID-19 pandemic may have a lasting impact both on both consumers and their business. Key to this will be working with experts who can help to identify the threats being posed by online bad actors before they are able to take hold and terminate their fraudulent activity to ensure their business and its reputation among consumers remains intact. In doing so, it’ll be possible to take advantage of the many opportunities the online world offers businesses, while mitigating the risk of threats to consumers and instilling customer trust.

Related News

  • Interviews

    BYOD survey

    by Mark Rowe

    A survey about BYOD (bring your own device) details the security perspective of consumers who use their personal mobile devices for work…

  • Interviews

    IT for SMEs

    by Mark Rowe

    Small businesses need technical excellence, writes Klaus Gheri, vice president of product management, Europe, Barracuda Networks. SMEs are exposed to exactly the…

  • Interviews

    APIs, the new threat

    by Mark Rowe

    We interviewed Colin Tankard, Managing Director of the cyber security and data encryption company Digital Pathways, pictured, in our July print edition.…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing