Whenever there is a major news story or world event, you can guarantee hackers will jump at the chance to take advantage of the uptick in online activity to launch attacks against unsuspecting businesses–and the COVID-19 crisis is no different. Several cybersecurity firms have already reported an increase in attacks across a range of targets, all using the coronavirus pandemic as an angle to mislead their victims into running their malware.
On top of that, it seems like there is an unlimited supply of malicious emails and posts out there claiming to offer aid during the COVID-19 crisis. Fear is a huge driving factor behind this because no one in our lifetime has experienced a global pandemic of this nature. Workers need to be careful when receiving these messages to their inbox or take head not to click on a link that appears to offer aid or resources.
Phishing scams are rampant; especially those offering resources to assist with masks or materials. Many employees have been forced to work from home exclusively outside of their company’s security protocols. One can easily find themselves vulnerable to virus attacks, hacking, and phishing scams.
Different Types of Hacking Attacks
According to Malwarebytes, a popular tool for malware detection and elimination, “…hacking refers to activities that seek to compromise digital devices, such as computers, smartphones, tablets, and even entire networks.” With so many people working from home nowadays, hackers are finding ways to attack both enterprise-level and home networks now more than ever.
Here are several prime examples of how an intruder may gain access to your network or device through hacking:
1. Keylogger – by recording the strokes from your keyboard, a hacker can gain valuable data about your usage and passwords. A simple software program keeps track of the keys you type and can gain access to things like bank accounts and network login access.
2. Virus – used by hackers for decades, viruses and trojans install themselves on your device and constantly send data back to the hacker. You can accidentally infect your device by clicking on an unknown link or file attachment sent to you by someone posing to provide you a service. These can be vicious attacks on individual computers to full-scale enterprise networks and servers causing lockouts and crashes. Viruses embed in your system and can spread from computer to computer through networks and emails.
3. Bait and Switch – an attacker can purchase what would appear to be a legitimate ad on a website. However, when a person clicks on what appears to be an ad for a service the user needs, they are directed to a malicious website that can install malware within the user device and browser.
4. Clickjacking Attacks – also known as UI Redress, a hacker hides a link within what appears to be a click for some other service. When a user clicks on this link, it is counted for a totally different webpage. Mostly used to gain additional advertising for another website but a hacker can gain your personal information as well.
5. Fake WAP – a wireless access point can be named anything. When you are connecting to a public WAP, you should be really sure you are connecting to a legit service. A hacker can install a WAP in a public area, name it something you think is safe, and when you connect to it, you now have given them access to your device.
6. Denial of Service – by overwhelming a server or website with data requests, a hacker can shut down a complete system. A hacker may use a bot or program that constantly bombards the server with traffic. The server is unable to process the large amount of data all at once and thus causes it to crash.
7. Cookie Theft – cookies leftover in unsecured browsers are easy targets. By visiting a website or pages within a website that are not encrypted or secure, your personal information can be retrieved by a hacker. Websites can store your personal information by using what is called a “cookie”. Be sure the webpage you are visiting is secure. The web address should start with https.
8. Eavesdropping – this is more of a passive type of attack. The intent is to not attack a specific device but more to gather information and data over time. By monitoring for keywords in messages like emails, web browsing, and instant messaging, a hacker can gain valuable insight into your habits.
9. Ransomware – you have been a victim of ransomware if you’ve ever been prompted or forced to pay a fee to some unknown entity to unlock your computer. UC Berkeley describes Ransomware as “…a type of malicious software that infects a computer and restricts users’ access to it until a ransom is paid to unlock it.”
How does one get infected by Ransomware? UC Berkeley also states that “Ransomware is often spread through phishing emails that contain malicious attachments or through drive-by downloading. Drive-by downloading occurs when a user unknowingly visits an infected website and then malware is downloaded and installed without the user’s knowledge.”
10. Phishing – Phishing is a fraudulent attempt to obtain sensitive information such as usernames, passwords, and credit card details by disguising oneself as a trustworthy entity in an electronic communication.
So for example, you may receive an email that looks trustworthy claiming to be a supplier of N95 masks and face shields. They only need your personal information to begin the purchasing process or by clicking a link in the email to commence the order. Unfortunately, the link may actually be a hidden virus or worm that just installed itself on your computer once you clicked on that link. You’ve now just given a scammer access to your address book and your confidential information.
The US Federal Government has recently started rolling out payments to individuals as part of the Coronavirus Stimulus Payment plan. With this of course comes a whole new range of scams that are praying on those most in need. Email messages or callers claiming to need your social security number in order to process the payment to you are never legitimate. The IRS will never contact you requesting your personal information as they already have those details.
A recent Federal Trade Commission blog listed several key points to protect yourself and your vital personal information. Here are a few key points:
1. The government will not ask you to pay anything upfront to get this money. No fees. No charges. No nothing.
2. The government will not call to ask for your Social Security number, bank account, or credit card number. Anyone who does is a scammer.
3. These reports of checks aren’t yet a reality. Anyone who tells you they can get you the money now is a scammer.
Protect your business
While you may have procedures and protocols in place while your staff is at their workstation, those same environments are certainly not the same while employees are transitioning to work from home life. For many, this is new and uncharted territory. Your organization should be vigilant in ensuring work from home staff are aware of threats and how to report such issues.
Computer Service Now is happy to provide on-site services to businesses in the Southwest Ohio region. Our network security options offer you an easy and hassle-free option to keep your network safe from vulnerabilities.
With our high level of customer service and satisfaction, Computer Service Now works hard to be the premier IT firm in the Cincinnati and Dayton region. We offer a wide variety of IT solutions that stay within your budget. For IT-related projects big and small, our experience, expertise, and variety of services allow us to provide the support you need to meet your business needs. Contact us today and let us solve all of your IT needs today!
Subscribe to our blog today to stay up-to-date with Computer Service Now and follow us on social media. Join the discussion by commenting below.