Be wary of cybersecurity threats during the COVID-19 outbreak

During this time of uncertainty with the COVID-19 virus spreading, staying safe and healthy is everyone’s No. 1 priority. The United States is providing guidance on how to keep you and your loved ones physically safe by recommending practices such as social distancing, and companies like Leidos are offering more workers the option of teleworking whenever possible. Unfortunately, the COVID-19 pandemic is also an opportunity for cyber criminals to perpetrate online attacks – scams, phishing, and fake websites and applications that may affect both your personal and company-owned information technology (IT) devices and information and have the potential to compromise your personal online safety and place of work.

Keeping up to date on the most recent information and announcements is incredibly important. Make sure you get your information directly from trusted sources, as some websites or posts on social media have been spreading incorrect information and/or malware. There is an old adage that says that you should “never let a good crisis go to waste,” and our adversaries are definitely taking that advice and increasing their efforts to attack us during this crisis.

Here are some ways cyber criminals are attempting to profit from the COVID-19 pandemic:

• Scammers have been setting up websites selling bogus products to combat the virus, disseminating false information to generate advertising revenue on their websites, or reposting news stories on pages riddled with malware.
• App stores have been overrun with products for people looking for an easy way to stay up to date on COVID-19 news and tracking maps. Fake apps have been created and filled with malware, which can steal user credentials or financial information. One of the more popular malicious apps, CovidLock, contained ransomware that demanded bitcoin in order to give users access back to their phones before it was caught and removed from the app store.  
• Phishing campaigns are using COVID-19 as a lure to steal user credentials or financial information. They are more frequently targeting at-risk populations who would receive important emails about cancellations or quarantines.

Follow these recommendations to stay secure online:
 

• Don’t let fears over COVID-19 cloud your judgement and allow you to end up on a malicious part of the internet. If you are looking for news on COVID-19, check the CDC website for trusted links and official updates and your employer’s intranet for any company-specific information and guidance.
• When working remotely, there are more cyber-attack vulnerabilities and exploits you need to manage. Make sure your home network is secure by requiring a password to enter your network, don’t let family and friends have access to your work devices, and make sure your computer, mobile and networking devices, software, and applications are using the most updated versions of their software.
• Stay vigilant on cybersecurity best practices. Look for common phishing signs, do not reuse passwords, check the validity of websites, and keep track of your online accounts and financial information.