Home / Blogs

New Cyberthreats: Have You Been Exposed at Home?

There are new threats that you may have already been exposed to. Here are some of the new threats and advice on how to protect yourself.

During this pandemic, Zoom has emerged as a very popular teleconferencing choice for companies and educational institutions, but a new weakness for Zoom was also discovered. Some online conferences and classes that had not password protected their sessions fell victim to eavesdroppers using the screen sharing feature to "Zoom Bomb" those sessions with graphic images. zWarDial aka the 'War Dialing Tool' exposed this flaw showing what can happen when you fail to password protect sessions. While Zoom is working to enhance security and better protect your resources, we recommend that, at the very least, you password protect where possible.

There have also been more than 30,000 new coronavirus-related domains registered since mid-March, although initial investigation shows less than 10% seem to have malicious intent. Domains can be used for phishing attacks, which have also increased using COVID-19. Many new websites claim to share important information like World Health Organization (WHO) COVID-19 updates but instead are the latest phishing or spear phishing attacks looking to damage your data or steal your money. Spear phishing normally is personalized and appears to come from a trusted source (like WHO or someone in your company). In comparison, phishing attacks are cast widely and not personalized.

These new phishing attacks have been very effective, and are costing people money. As of April 2, 2020, the FTC had received 9,918 complaints related to COVID-19. The average per user loss is $563, but the total loss is $6.85 million. A recent report published by Barracuda Networks shows that 54% of the attacks are scams designed to fool people into either donating money to combat COVID-19 or installing malware on their computer. There is even a new piece of ransomware that has dubbed itself CoronaVirus.

Researchers at Check Phone have seen an increase in "ransomware" attacks to over 2,600 per day on average, with more than 5,000 attacks just on March 28. Curiously, some criminal organizations claim that they do not wish to interfere with healthcare workers and have offered free fixes for some in healthcare. Ransomware groups behind CLOP Ransomware, DoppelPaymer Ransomware, Maze Ransomware, Nefilim Ransomware and Netwalker Ransomware have stated that they would provide decryption tools for healthcare workers in most cases. Security firms Emsisoft and Coveware Inc have also announced a joint initiative to help hospitals recover from ransomware attacks for free.

How can you protect yourself in this environment? Below are 4 simple things you can do to avoid falling prey to cyber criminals:

  • Pay special attention to inbound social media communications and emails they could include Spear Phishing and regular phishing attacks.
  • Turn on two-factor authentication in browsers.
  • Use advanced password protection tools like LastPass or KeePass.
  • Always ensure you make frequent, regular backups.

Stay safe!

By Ram Mohan, Chief Operating Officer at Afilias – Mr. Mohan brings over 20 years of technology leadership experience to Afilias and the industry. Visit Page

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

VINTON CERF
Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Comments

 Be the first to post a comment!

Add Your Comments

 To post your comments, please login or create an account.

Related

Topics

Cybersecurity

Sponsored byVerisign

Whois

Sponsored byWhoisXML API

New TLDs

Sponsored byAfilias

Domain Names

Sponsored byVerisign

Cybercrime

Sponsored byThreat Intelligence Platform

DNS Security

Sponsored byAfilias

Brand Protection

Sponsored byAppdetex