From fake contact tracing apps to attacks on vaccine makers, COVID-19 will define cyberattacks in 2021, experts say. Here's how businesses can prepare.
- The ongoing
COVID-19pandemic will continue to pose unique threats and vulnerabilities for businesses fending off cyberattacks in the coming year, Kasperskycybersecurity analysts predict.
- Cybercriminals have already started using sophisticated tactics to exploit fear surrounding the pandemic, including fake contact tracing apps that steal people's information.
- Others have capitalized on the high-stakes nature of COVID-19 treatment, targeting vaccine research centers and overburdened hospitals for profit.
- The rise in remote work also grants cybercriminals more opportunities to hack into companies by targeting tools like VPNs used on employees' devices.
- Kaspersky researchers Ariel Jungheit, David Emm, and Costin Raiu answered questions from Business Insider about their predictions for the coming year and how businesses can prepare.
As COVID-19 rages on,
The pandemic will remain a defining force in
Such schemes have already been sighted in the wild, the researchers noted, including emails posing as health authorities to trick victims into clicking malicious links.Other cybercriminals have devised even more sophisticated bait, including fake contact tracing apps designed to look like they come from government health authorities that install malware on victims' smartphones — a trend that Jungheit predicts will extend into the coming year.
"Almost every (cybercriminal) campaign in 2020 made use of COVID-19, with each threat actor finding its own angle fitting its geopolitical agenda," Jungheit said.Overburdened hospitals and COVID-19 vaccine research facilities will be top targets for cyberattacks in the coming year, the researchers predict, building on an uptick in attacks against those sectors in 2020. Vaccine research centers in the UK and several hospital chains in the US have already been hit with cyberattacks in recent months. It's not clear whether those attacks are motivated by profit or by geopolitical aims, the researchers said — but cybercriminals are targeting them because the high stakes surrounding COVID-19 grants them more leverage over their victims.
"Attackers seek to exploit any situation where there's any form of conflict," Emm said.
Experts say businesses should prepare for an onslaught of attacks targeting remote workers
With the rise of remote work, cybercriminals are devising new ways to crack into companies' systems by targeting employees logging in from home, the researchers said.One tactic that's expected to grow in 2021 is social engineering schemes that aim to compromise cloud computing platforms or corporate VPNs used by remote workers. Those schemes often incorporate "voice phishing," wherein attackers call victims and pose as technical support with Microsoft Teams, Slack, or a VPN company in order to direct users to log onto a phony site that steals their login credentials.
To counter those attacks, companies should train workers about phishing tactics and warn them to be on the lookout for suspicious calls or emails, Raiu said. He also recommends offices invest in detection tools like YARA, a free service that lets organizations share information about malware.
"All it takes for threat actors to breach your organization [is] getting a foothold, then slowly but surely expanding their access ... so vulnerability tracking is very important," Raiu said. "Altogether these form the right security posture that organizations need to adopt for 2021."
- COVID-19: One crore frontline healthcare workers identified to receive vaccine in first phase
- Pollution played key role in high severity of third wave of COVID-19 in Delhi: Kejriwal to PM
- US calls on India to be a key partner in countering China's 'increasing assertiveness'
- No gaming advertisement may depict any person under the age of 18 years, or who appears to be under the age of 18: ASCI
- Now there is 'real hope' to end COVID-19 with vaccines: WHO chief