Cybersecurity & Covid-19: Vulnerability and What to Do About It

by | Mar 31, 2020 | Uncategorized | 0 comments

Cybersecurity & Covid-19: Vulnerability and What to Do About It

Steve Burgess, 2020

As if we didn’t have enough to worry about.

With so many of us working from home (close to 90% of American corporations are encouraging or requiring employees to do so) and having little time to set up corporate cybersecurity barriers, employees and their companies may be more vulnerable than ever. Hardly anybody has had their home setup properly pen tested or security-checked.

Cybercriminals, ever ready to jump on an opportunity, are likely to take advantage immediately with malware, phishing attacks, and more.

For instance, the World Health Organization (WHO) has been plagued by a doubling of cyber attacks recently. One of the main attempts is suspected to be the Dark Hotel group, in putting up a fake website on or around March 13, 2020 that mimics the internal email system of WHO – but they were caught in the act and this effort appeared to have netted nothing

Real-world virus begets virtual viruses.

One expert, Alexander Urbelis of New York-based Blackstone Law Group, which tracks suspicious internet domain registration activity, said there are about 2,000 coronavirus-themed web sites being set up daily, many of them obviously malicious. This may be true of experts but obvious is in the eyes of the beholder. Most may be more easily fooled.

The FBI says that there has been a huge spike in scams exploiting fears about Covid-19, and that the majority of these target recipients in the three states with the largest number of reported Covid-19 infections – California, New York, and Washington. But don’t imagine that if you’re in one of the other 47 that increased attacks aren’t already on their way.

One victim is the Champaign Urbana Public Health District (CHUPD) in Illinois, which covers 210,000 people, including the state’s biggest university. A ransomware infection called Netwalker took down its primary website on March 12, 2020. CHUPD had to set up an alternate site in order to continue to be in business and communicate with its users.

There are treatment scams (fake cures, vaccines), Supply scams (fake accounts and sites supposedly selling medical supplies), provider scams (supposed doctors and hospitals that claim to have treated a friend and now need to get paid – by you), charity scams (of course), app scams (mobile apps disguised as tracking the disease that are only really tracking you), investment scams (as there always are), and lots and lots of phishing scams.

What to do:

You can report fraud and other misbehavior to various government organizations.

• To the Justice Department: Covid fraud reporting https://www.justice.gov/usao-wdpa/covid-19-fraud-pageblank
• Or COVID-19 Fraud Coordinator, Senior Litigation Counsel Shaun Sweeney at USAPAW.COVID19@usdoj.gov or 1-888-C19-WDPA
• To the FBI at: https://www.ic3.gov/default.aspx or 412-432-4000.
• To the Federal Trade Commission at ftc.gov/complaint.

20+ Steps to take on your own

• DO back up your data.
• DON’T respond to offers to sell you COVID-19 cures.
• DO check out companies offering supplies through online reviews, Better Business Bureau, other rating sites.
• DO research any charities soliciting donations. You might check the FTC’s (Federal Trade Commission) website for advice here.
• DO use effective passwords. A good guide is at the Perfect Passwords page at Gibson Research Corporation’s website.
• DO secure your router – especially your wireless router. The manufacturer or your Internet Service Provider can help you with the best settings for your particular equipment.
• DO keep your operating system and antivirus patches updated.
• DON’T give out your Social Security number or use it as an ID. You usually only have to give it to your employer, your financial institution and government agencies.
• DO disable your Guest account on your computer.
• DON’T make your personal info public on social networks or elsewhere.
• DON’T open email from people you don’t know.
• DON’T make online purchases from or donations to sites you don’t know well.
• DO use a firewall (hardware and/or software) for your computer.
• DON’T give any of your passwords to others.
• DON’T use the same password for everything.
• DO make sure that Administrator access on your computer is protected and accessible only to you (use a password).
• DO disable Guest access on your computer.
• DO disable remote logins
• DO require a password to log onto your computer, phone, or email and make sure your phone or computer requires a password after a few minutes idle. It’s a pain, but it’s smart.
DO check to see what ports on your computer are wide open do ne’er-do-wells at Gibson Research’s ShieldsUp! Site https://www.grc.com/shieldsup
• DO use a password that is hard to guess (4 of the 5 most common iPhone passwords are 1234, 0000, 1111, 5555). Don’t make it easy to guess!
• DON’T let your mobile device out of your sight.
• Don’t click on links in emails or messages. If you want to go to a site mentioned in an email, type it directly into the browser. It’s a pain (again), but it helps keep you safe.
• Don’t open emails from people you don’t know. They may look interesting, but they’re not worth the risk.
• Only download apps from the phone vendor’s App store (such as the Apple App Store or the Google Play Store).

There are people helping

There’s a group of volunteers in the UK that’s formed called, “CV19.”
https://cyberv19.org.uk/ Their mission is to “help healthcare organizations identify, protect, detect and respond to existing and emerging cyber threats using volunteers.”

There are thousands or millions of friend, neighbors, and just good people chipping in however they can to help in whatever ways they can. Here are some ways you can do the same.

And please, follow government guidelines about sanitizing and distancing.

Be kind to your neighbors and others, be well, and we’ll get through this together.

Related Posts

CSI Cases from Burgess Forensics #69 A Case of Hiphop Beef

The Stories are true; the names and places have been changed to protect the potentially guilty. It was almost closing time on Friday and my thoughts were turning to Barbequeing some of that mouth-watering Santa Maria tri-tip while my nose was turned to the scent of...

Email as a signed contract vs. fraudulent emails

Email as a signed contract vs. fraudulent emails We all send and receive email, but did you know that what you say in an email can be interpreted as a legal contract? And that sometimes, emails are fraudulent? Both are true. The Statute of Frauds Although email didn’t...

El Salvador Adopts BitCoin

El Salvador Adopts BitCoin copyright Steve Burgess, 2021 El Salvador just passed a law to make BitCoin (BTC) legal tender and is the first country to do so. It did something similar back in 2001, when it made the US Dollar the official currency, replacing the...

Keeping Your Bitcoin Safe

BitCoin. Everybody wants some. But what’s the best way to keep it safe once you’ve got it? And how to get it? First things first – you get BitCoin (and Etherium, and DogeCoin) from a cryptocurrency exchange, like you would from a “regular” currency exchange to turn...

Cyberbullying and Covid-19: 2021 Update

California defines a cyberbully as anyone who sends any online communication to deliberately frighten, embarrass, harass, or otherwise target another. The Cyberbullying Research Center defines it as “willful and repeated harm inflicted through the use of computers,...

Indian Summer Lovin’ – Tech Tips For a Warm Autumn

by Natalie Miller, 2019 With Indian Summer temperatures rising, here are some tips to help you make sure your devices are ready to conquer these warm days of Fall like you are. Check Those Pockets! Taking a dip in the pool, going for a paddle in a kayak, and jumping...

Electronic Waste and Recycling – What Your Old Devices Can Say About You

by Natalie Miller, 2019 With new models of phones and computers being released every year, wanting the latest and greatest is never a bad thing, but what about your old devices? The truth is that old devices can still hold all of the data you put on them or that they...

The Case of The Client Who Wanted … to be Wanted

The Case of The Client Who Wanted … to be Wanted copyright Steve Burgess, 2018 It was nearly Christmas, but the morning sun was pouring in through the windows of my Central Coast office, casting shoe-shaped shadows on the West side of my desk. Perhaps I should have...

Burgess Forensics Newsletter Vol. 5 Issue 1: FitBit Fun Forensics & Foes 08.08.2018

  Fitbit, Fun, Forensics, and Foes Have you tracked your 10,000 steps today? Has anyone else tracked them? Fitness trackers are big business, helping people get and stay fit, and helping them share their progress with friends – and sometimes with strangers. The...

The Rise of Cybercrime and How to Prevent It

The Rise of Cybercrime and How to Prevent It (guest article contributed by Josh Wardini, of  Webmastersjury.org) As people are leaning more and more towards the digital world, cybercrime is becoming an issue that cannot be ignored. Although many individuals and...

Pin It on Pinterest

Share This