Cybercriminals Adopt COVID-19 Themes to Gain Access to Home and Office Networks

(June 13, 2020)  Cybercriminals are following workers to their homes as a result of the coronavirus pandemic to gain access to employer’s networks using COVID-19 themed phishing campaigns.

Cyberattacks “in the COVID-19 era are focused on stealing your information and using remote employees as doorways into more valuable networks,” reports Malwarebytes Labs in a new report “Cybercrime tactics and techniques.”

Cybercriminals are using COVID-19 based themes in their attacks including phishing campaigns that:

• claim to be providing COVID-9 information from UNICEF, the children’s aid organization
• claim to be an invoice for a medical supplier
• seek bulk quantities of ventilators
• attach a fake Johns Hopkins University coronavirus map application

Cybercriminals also focus on stealing financial data from users such as home shoppers by using credit card skimmers on webstore checkout pages, the report found.

To protect your home and employer networks, Malwarebytes suggests:

• Running security software on any system that is either connected to your home network or is used regularly.
• Using a virtual private network or VPN. While it will not block malware, it will keep your online activities on your browser or connection from revealing personal information or tracing your behavior.
• Using trusted sources for information, shopping, or applications.
• Avoiding repeat entries of credit card numbers in applications. Instead use PayPal, ApplePay, or Google Pay, which can offer greater security of your financial information and reduce the likelihood that your card information will be spread online.