What is going on? 

Gigi, a senior executive in the Fashion industry is furious. Her computer stopped working and suddenly a screen appeared advising her that the information stored in it has been encrypted and now she must pay $400 USD in Bitcoins to retrieve it. «NO WAY!» she exclaims annoyed. In addition to the COVID-19 and being locked up in her apartment, she must pay some thugs to access her data again. 

When she calmed down, she recalled that a day before she received an email with an attachment announcing the «most effective measures» to put an end to COVID-19 and that when reading it nothing seemed particularly new, so  now she thinks: “in fact it came from an association that I didn‘t even know, was that annex the origin of the ransomware that infected my computer? «. 

Elsewhere in the city, Pancho, a 63-year-old financial manager, also homebound by the pandemic, observes something similar on his mobile phone. «What happened? I have not changed anything on my cell phone… mmhhh except, perhaps, the app that I downloaded yesterday to see the coronavirus infection map worldwide”.  Yes, that app was on an apocryphal site and it really was a new type of ransomware (1). 

These are just two examples of the cyberattacks variants that are appearing: Malicious software, generally ransomware, which has several ways to infect us (for example, spear phishing emails and misleading apps) and that takes advantage of the moment of global crisis to offer us something «appetizing” like maps, recommendations, images, etc. The authors behind the attacks are the same as always, organized crime, nation states and groups with radical ideologies doing «hacktivism» 

For example, a disinformation campaign in Ukraine, apparently orchestrated by the Hades Group, a group sponsored by the Russian State, sent documents (which included a Trojan made in C # language) to specific objectives. The shipment was made through fake emails that allegedly came from the Ukrainian Ministry of Health. Next, they generated a lot of spam and false news messages on social networks, spreading info stating that COVID-19 had arrived in the country. Even though the government and the Ukrainian president denied this news, there were violent riots in some regions of the country. 

Similar attacks from China to neighboring countries like Mongolia have been observed and, as in the case described above, appear to come from government-sponsored groups. Some media are spreading articles of these types of attacks that take advantage of people’s fears and, sometimes, the lack of trust they have in their governments and in their health systems (see references 2-6). 

But are there new risks? 

We can say that all the attacks that have appeared so far are the same or similar to those that already existed, but what has changed is the risk equation. In other words, we now have more vulnerabilities because: 

a) Working at home weakens, in several ways, our cyber defense. At home we do not have the same level of protection technology, nor the management, monitoring and support capacity that we have achieved in our organizations. 

b) We have little awareness of the variants of the attacks. Many of us do not think that organized crime and country-sponsored cyber attackers take advantage of any opportunity, including this pandemic. 

In addition to the two previous factors, the quarantine that many people in the world are facing (in Mexico we are starting), along with news and messages, is causing emotional states of uncertainty and fear.

Uncertainty increases due to the lack of effective medicines or vaccines against the new virus, contradictory official versions, contradictory strategies and not knowing what to expect from this crisis (how long will it last? what impact will it have?). 

 Some recommendations 

Understanding the moment we are living, we will be focusing in the most practical measures that do not represent significant financial investment. 

1.- Be suspicious. This results in various tips:  

a) Be wary of emails and advertisements. Now more than ever, doubt about emails offering you bargains, “special” information of any kind, quarantine ideas, etc. And – above all – do not open any attachments or click on links to other sites. 

b) Do not install apps from unauthorized places. If you require an app, only use the official stores: Google Play for Android, AppStore for Apple and Microsoft Store. 

c) Be aware of what you send in your messages (emails, WhatsApp, Facebook Messenger, etc.) and remember that you do not know where that information will end. 

d) Consult official sources to stay informed, such as the World Health Organization. 

2.- Check out with the IT and cybersecurity people in your organization regarding what technological controls and policies they have designed, implemented and will have for work at home, particularly: 

a) Protect your computer with more than just an antivirus. Does your PC already have complementary technology like End Point Protection (EPP) or Detection and Response (EDR)? If so, is it properly configured and monitored by the company or by a service provider? If you do not have this kind of technology, is there a plan in your organization to implement it in the short term and, above all, monitor it? 

b) Protect your exit to the Internet. It is not feasible for most organizations to install firewalls and other Internet protection technologies in every home where home office exists. Instead, the most popular mechanism is to establish a secure link via VPN (Virtual Private Network) between our computer and the corporate network. We highly recommend using a VPN for these purposes. 

c) Keep your operating system and applications up to date. Many attacks exploit vulnerabilities that have already been fixed in the latest versions of the software. If you do not have the latest versions, is there a short-term plan to update them? 

d) Consider using password managers. To avoid the inconveniences and vulnerabilities of managing long lists of passwords (remember that each system, software and Web page should have a sufficiently complex and different from the others), there are several options, both on mobile devices and on personal computers, some even without cost. 

3.- Act with caution, but not with panic. 

a) Do not believe everything you read or reach on the Web and on social networks. Check the source of the information before forwarding a story that is probably a fake story. If there is no way to check the source, ask yourself if the recipients will benefit from knowing this news. If not, we recommend you not to do so. 

b) Be aware of your emotional state. If you feel upset, do not surf the Internet and preferably do not use your computer. 

c) Learn about your organization’s cybersecurity policies and procedures. Ask yourself these questions:

    • If I suspect that an email is phishing, what should I do? Who should I report it to?
    • If I mistakenly opened an attached file, who should I notify
    • Is there a way that I can use a secure connection (typically using a VPN, Virtual Private Network) to the Internet?

4.- Take advantage of these weeks to understand the technology and its risks. Some sites that can be useful, with valuable and not so technical information, are: 

a) Berkeley University Office of Information Security https://security.berkeley.edu/resources/cybersecurity-and-covid-19  

b) The World Economic Forum has several articles in support of COVID-19. In cybersecurity you can consult this link: https://www.weforum.org/agenda/2020/03/coronavirus-pandemiccybersecurity/ 

c) The Resources section of Scitum website: https://resources.scitum.com.mx/  

d) LinkedIn article by Enrique López Terrazas, leader of Security Architecture for Government Sector in Scitum: https://www.linkedin.com/pulse/está-su-organización-preparada-parahacer-frente-al-lópez-terrazas  

 In summary, all the previous measures are not new or exclusive to COVID-19, but we have never experienced such a general situation in the whole world, so today they have become even more important. We hope these brief tips helped you. Any questions please, do not hesitate to contact us. 

 Main references consulted 

(1) Stone, Jeff. «A coronavirus-tracking app locked users’ phones and demanded $ 100.» 03/16/2020. [https://www.cyberscoop.com/coronavirus-app-locked-phones/] 

(2) Miller, Christopher. Buzz Feed News. «A Viral Email About Coronavirus Had People Smashing Buses and Blocking Hospitals» 02/20/2020 [https://www.buzzfeednews.com/article/christopherm51/coronavirus-ukraine-china]

(3) Lohrmann, Dan. Government Technology Magazine. Coronavirus Scams: Phishing, Fake Alerts and Cyberthreats. 02/02/2020. [https://www.govtech.com/blogs/lohrmann-on-cybersecurity/coronavirus-scams-prepare-for-a-deluge-of-phishing-emails-fake-alertsand-cyberthreats.html]

(4) Cimpanu, Catalin. «State-sponsored hackers are now using coronavirus lures to infect their targets.» 03/13/2020.  [https://www.zdnet.com/article/state-sponsored-hackers-are-now-using-coronavirus-lures-to-infect-their-targets/]

(5) Newman, Lilly Hay, Wired Magazine. «Security News This Week: Elite Hackers Are Using Coronavirus Emails to Set Traps». 03/14/2020. [https://www.wired.com/story/coronavirus-phishing-ad-fraud-clearview-security-news/]

(6) O’Donnell, Lyndsey. «Coronavirus-Themed APT Attack Spreads Malware». 03/13/2020. [https://threatpost.com/coronavirus-aptattack-malware / 153697 /]