Increased Cyber Security Threat and COVID-19

There are an increasing number of malicious cyber criminals exploiting the current COVID-19 pandemic for their own objectives. The National Cyber Security Centre (NCSC) has detected more UK government branded scams relating to COVID-19 than any other subject. These threats will often masquerade as trusted entities. Their activity includes using coronavirus-themed phishing messages or malicious applications. Cyber criminals are using the pandemic for commercial gain, deploying a variety of ransomware and other malware.
Advice on Covid-19 from NCSC can be found here.

Exploiting Home Working
Even if home working has been supported for some time, there may suddenly be more people working from home than usual, some of whom may not have done it before.

The NCSC has outlined recommended steps for organisations here in:
Preparing for home working
Setting up new accounts and accesses
Controlling access to corporate systems
Helping staff to look after devices
Reducing the risk from removable media

Evidence emerges that criminals are exploiting the coronavirus online by sending phishing emails that try to trick users into clicking on a bad link. If clicked, these links could lead to malware infection and loss of data like passwords.

Phishing
Examples of phishing email subject lines include:
• 2020 Coronavirus Updates
• Coronavirus Updates
• 2019-nCov: New confirmed cases in your City
• 2019-nCov: Coronavirus outbreak in your city (Emergency).

These emails will contain a call to action encouraging the victim to visit a URL that malicious cyber actors use for stealing valuable data, such as usernames and passwords, credit card information and other personal information.
Advice on how to deal with Phishing emails can be found here.

Ransomware
Ransomware is malicious software that prevents you from accessing your computer (or data that is stored on your computer). It’s important to always have a recent backup of your most important files and data to protect your business from ransomware attacks.
Information on mitigating the risk can be found here.