Shomiron Das Gupta

There has been widespread panic across the globe due to the novel coronavirus pandemic, and justifiably so. It has infected countless people and claimed many lives, having sent entire nations to a standstill! Businesses have stopped functioning the traditional way and are trying out novel techniques, such as remote working, to stay connected and keep business operations as smooth as possible.

Amidst all this hysteria, there is one group of people that has found a new leash of life – cybercriminals. This global pandemic has proven to be a boon for them because of all the room for vulnerabilities that accompany remote work; it is a known fact that home networks are easy to target compared to the high-end network infrastructures at work. Not just that, hackers have also created thousands of fake coronavirus-related resource websites that they use as bait to exploit the unknowing user.

Recent Incidents



Many malicious spam emails were and are still being sent to the public, under the guise of official organizations containing an update on the virus.



CovidLock, a malicious Android app that supposedly helps track cases of the virus, was used to lock the phones of victims and gave them 48 hours to pay USD 100 in bitcoin to regain access to their phones. Threats included deletion of data stored in the phone and leak of social media account details.



As many as 14 potentially dangerous website domains masquerading as Coronavirus-related resources were identified by the cybercrime division of New Delhi, India.



In another instance, the web browsers of users opened automatically and displayed a message to download a ‘COVID-19 Inform App’. It then installed the Oski Info Stealer on the device that intended to steal browser history, payment information, saved login credentials, and so much more.



A suspicious COVID-19 Tracking Map has also been doing the rounds, which reportedly contains spyware that gains access to all your data. It steals information from users including passwords, credit card numbers and other important data stored in the browser.



As a cybersecurity company, we’ve been at the center of this phenomenon and have been witnessing an increased number of exploitation attempts, taking advantage of the panic surrounding the COVID-19 outbreak. Below are a few incidents:

Preventive Measures to be Taken



Businesses must have proper security measures and configurations, such as multi-factor authentication, in place when it comes to leveraging remote technologies to ensure seamless and secure business operations even from home.



Individuals should not use unauthorized personal devices for work; even if they do, they must ensure that the devices have the same level of security as a company-owned device.



Be wary of emails and files from unknown senders. Following a few hygiene factors like checking the authenticity of the email address, not clicking on suspicious links, and avoiding emails that ask for personal information such as passwords, can go a long way in keeping oneself secure.



Use trusted sources, such as legitimate government websites — for up-to-date, fact-based information about COVID-19.



Clearly, these attacks exploit people’s fears and their innate need to keep themselves cognizant about the outbreak. Their impact on businesses and individuals alike can be ground-shattering; hence, it is advisable to be wary of such attacks by practicing good digital hygiene. Here’s how:

These are testing times; the business community from around the globe has faced a severe blow due to the virus. However, as long as we’re cautious enough and practice ample digital hygiene to ensure seamless business continuity to the maximum possible extent, we shall all emerge from this stronger!