Hikvision Senior Director of Cybersecurity on Four Recent Coronavirus Cyber Scams and Hacks, Plus Hikvision’s Cyber Tip of the Week
As COVID-19 becomes a global concern, cybercriminals are leveraging this tragedy to spread their own kind of virus and digital attacks to prey on the fears of people around the world.
In this blog, Hikvision’s Davis covers four recent coronavirus cyber scams and hacks related to COVID-19, and more.
Four COVID-19 Themed Cyberattacks
COVID-19 remains a top story in international news and is also the theme of many attackers on the Internet. Below are four recent COVID-19 themed attacks on home networks, hospitals, and consumers.
1) Home Router Attack: The ARSTechnica.com article, “New Attack on Home Routers Sends Users to Spoofed Sites That Push Malware,” outlined how cybercriminals are gaining access to home routers and making DNS changes that send users to malicious websites. At the time of this writing, both Linksys and D-Link routers have been targeted. According to Bleeping Computer, for five days people have been reporting their web browser would open on its own and display a message prompting them to download a 'COVID-19 Inform App' that was allegedly from the World Health Organization (WHO). Of course, this is a malicious download that executes a relatively new piece of malware that extracts browser credentials, cryptocurrency wallet addresses, and possibly other types of sensitive information. While it is unclear how the attackers are gaining access to the routers, experts suspect that attackers are guessing weak passwords. To prevent this attack, turn off remote management to your router, or if you need that feature, ensure that you have a very good password. If possible, enable multi-factor authentication as well.
2) Hospitals Attacked: On March 22, the Paris hospital authority, AP-HP, was the target of a cyberattack which, “sought to disable hospital service in the French capital by overwhelming its computers” reports Bloomberg. While the attack was not successful, it is the next in a series of hospitals that have become the target of cyberattacks during the COVID-19 pandemic. Others include the U.S. Health and Human Services Department, Australia’s welfare website, and the Czech Republic’s second largest hospital.
3) Free Netflix Pass is a Scam: Cybersecurity provider Bitdefender covered this scam in its newsletter. And, Graham Clueley reported that scammers are sending messages through social media that are offering a free Netflix pass during the COVID-19 coronavirus pandemic. This scam asks the victim some questions and then has them invite 10 friends to get the free pass. The scam has been issued in both English and Spanish. While this would normally seem like an obvious scam, it currently seems more believable because many companies are offering free services to help people who have been impacted by the pandemic.
4) Stimulus Check Scam: Security company, KnowBe4, reported of an FBI alert warning of a coronavirus-related phishing attacks, “particularly surrounding economic stimulus checks. The news that the US government is likely to send upwards of $1,000 to most Americans has created a golden opportunity for scammers, especially since the delivery method for the cash is still uncertain.”
Are you sick of attackers using COVID-19 as the basis of their phishing, malware and cyberattacks? You’re not alone! Forbes reported that there are two groups of cybersecurity expert volunteers who are working hard to defend cyberattacks against hospitals, discover and thwart COVID-19 phishing attacks and malware.
The first group, named Cyber Volunteers 19 (CV19), was formed and is operated by three cybersecurity experts: Lisa Forte, Daniel Card and Radoslaw Gnat. The CV19 website states that their purpose is, “To facilitate and enable a Volunteer Matchmaking service to give healthcare services access to a pool of cyber security experts.”
The second group, Called COVID-19 CTI League, was started by Ohad Zaidenberg, an Israel-based cyberthreat researcher who stated, “If anyone is sick enough to use this global crisis to conduct cyberattacks, we need to try to stop them,” Cyberscoop reports.
Both groups report that they hope these volunteer efforts to thwart cyberattacks will continue, even after COVID-19 is under control.
More Online Credit Card Skimming
Previously we discussed how NutriBullet and some other sites were found to have credit card skimming malware on their websites. Now we can add Tupperware to the list. SecurityWeek.com reports that, “According to Malwarebytes, the credit card skimmer planted on the Tupperware website displayed a fake payment form during the checkout process. The form asked unsuspecting users to provide information such as name, billing address, phone number, credit card number, card expiry date, and CVV.”
Hikvision’s Tip Of The Week
Multi-Factor Authentication (MFA), also referred to as Two-Factor Authentication (2FA), is a way to add another layer of protection when you log into websites and applications. Typically, we log into things with a username and password, however, there are three problems with this method:
- If a threat actor can get your password, they can access your account.
- Users tend to create easily-guessed passwords.
- Users tend to reuse passwords across multiple accounts, leaving them vulnerable to Credential Stuffing Attacks.
Here are three ways you can prevent hacks and your account from being compromised:
- Create good passwords.
- Use a password manager to create and store those passwords so you don’t have to reuse them.
- Enable Multi-factor authentication everywhere you can.
With MFA enabled, you’ll need to login with a username, password, and something else, like a 6-digit number that you receive from an SMS (text) message, from an app on your phone, or other device. The reasoning behind this is that the threat actor would likely not have access to your mobile phone, or some other physical device that creates those codes. Biometrics can also be used for MFA, however, the argument against biometrics is that you cannot change things like your fingerprint if a threat actor is able to replicate it. SMS has also been criticized for not being as secure as other methods of MFA. However, SMS MFA is better than no MFA at all.