In addition to the risk COVID-19 poses to people’s individual health, shop owners and personnel should also be aware that the global pandemic poses increased risks for cybercrime.
“The increase in cyber risk during COVID-19 is very real. Many cyber criminals were starting to focus on attacking phones and PDAs, which tend to have less cyber protection thus make for easier targets. The exponential growth in use of social apps has provided new rich targets for their devious actions,” said David Willett, underwriting value creation executive at ProSight Specialty Insurance.
By the middle of April, cyber-risk specialists had identified more than 70,000 malicious COVID-19 domains, and these cyber forensics experts urged business owners to take steps to mitigate the risk to their organizations.
The largest risk is to the shops that have a higher number of employees working on their personal devices.
“The amount of risk to each business depends on how many people they are relying on and how the risk is distributed,” Willett explained. “Shop owners are exposed to cyber-risk when working on-site, but if they’re operating remotely, according to the new norm, they do not have the same amount of protection that they’d have while working on-site.
“The risk may be lower for shops whose teams are still working on-site with the same devices; cybercriminals are targeting most widely distributed workforces,” he continued. “When a business invests in cybersecurity, such as VPN, firewalls and other protections, that’s great when you’re in the office, but with more people than ever working remotely on their own devices, criminals have discovered that many of these employees don’t have the same level of protection on their home networks. As a result, they are going after these people who do not even realize they’re vulnerable.”
Zoom meetings’ vulnerabilities have come to light, such as increased exposure to beaconing, a type of malware which infects the computer and sends data through an app into the phone being used, stealing information at irregular intervals. When Willett downloaded Zoom, he found his phone sent 13 beacons to various countries in 20 minutes.
“The game has changed,” Willett warned. “Cybercriminals were attacking through ransomware and demanding bitcoin to release the system, but now, they are also accessing the system to obtain business information and other data.
“Because the system isn’t immediately locked down, the user is unlikely to release that information is being extracted. Now, the cybercriminal can see who you’re working with, emulate your business and identify the more effective ways to target you.”
Cybercriminals are also using geofencing, allowing them to trigger a pre-programmed action when the mobile device enters a certain location.
“Nefarious actors can see what you do and what accounts you have, but who knows how long before they act on what they find—or they may not,” Willett said. “These hackers are less grab and go; instead, their approach is to go in and obtain information before acting on it. They’re using malicious sites to steal data and gather intel, and it’s not unusual that we haven’t heard much about it since they typically don’t do anything right away.”
Willett emphasized employees should not be permitted to access the shop’s private WiFi with a phone they use in public.
“You’re inviting their friends and enemies into the system where you are looking up OEM repair procedures and accessing customers’ personal information,” he said. “They can access the shop’s network through their work devices, but they should be using the public WiFi at your operation when they’re on their personal devices.”
Willett warned against two types of sites specifically: “Food sites have always been the worst for nefarious attempts, and right now, everyone is researching new recipes. Also, make sure you are utilizing reliable, secure sites for information on COVID-19 because these can be a watering hole that lead you to dangerous sites.”
Currently, beta testing of risk management tools to block these new aggressive measures are underway.
“Hopefully, we will be able to share some information on those soon, as they become available,” Willett said.