Coronavirus: Hackers are exploiting the COVID-19 outbreak to steal your information

COVID-19, the coronavirus that has the world on edge, is bringing another threat to our doorsteps–hackers. TechRepublic’s Karen Roby spoke with Rasmus Holst, chief revenue officer at Wire, about the ways that hackers can exploit people’s interest in the disease to attack your business. The following is an edited transcript of their conversation. 

Karen Roby: Is it possible the coronavirus could increase our risk for a cyberattack? As we know, sometimes when we’re most vulnerable, bad things can happen, and we don’t even realize they’re happening. Rasmus Holst is the chief revenue officer for Wire. Rasmus, thanks for being with us here today to talk about this. 

SEE: Coronavirus: Critical IT policies and tools every business needs (TechRepublic) 

It’s our job just to pass along information to people, give people things to think about, especially at a time like right now. We’re hearing so much information, different things coming in from different outlets about the coronavirus and what we need to keep in mind. So connect the dots for us here between coronavirus and cybersecurity.

Rasmus Holst: Thank you for having me on, Karen. Let’s first at least say that cybersecurity is a problem whatever happens. It’s a $6 trillion loss to businesses and governments every year. It’s 3% of our global GDP. So, in essence, the coronavirus just does a couple of things for how we react as human beings to a crisis. We tend to increase our awareness and therefore be more interested in information that’s coming our way. And that, of course, looking at something like phishing attacks, increases the risk that your employees might actually jump right into something they think is information about the coronavirus. And yet, it is a phishing attack used by malicious actors who know the psychology of people. And as the barriers for an awareness of getting information in increases, they actually use that as the underlying marketability to get in and hack your network.

SEE: Coronavirus domain names are the latest hacker trick (TechRepublic) 

Karen Roby: And when we talk about, Rasmus, psychology, we know that a lot of people are on edge right now just waiting to hear, is this something that they need to be concerned with? Is it something that their company may be sending down directives for? Talk a little bit about when we are most vulnerable, as a lot of people are right now, what we tend to do–we tend to jump on links maybe that otherwise we would normally stop and think not to. 

Rasmus Holst: Take the example of coming to work: You know there’s coronavirus. Your CEO sends out an email, “This is how we should respond to the crisis.” It has a link there to read the policy, how you would get to work and all those kinds of things. The only thing that’s not true about that is that this email was never ever sent by your CEO. It was sent by malicious actors, similar to a normal phishing attack. You would be prone to click that because you think it’s information you shall have, you shall understand, you shall be aware of, and therefore you will click it. It’s an easy way for malicious actors to now use that, “I need the information,” to get into your network. Similarly with SMS, say that someone set up an SMS campaign, sent that to a thousand people in your company saying, “Please call this number to make sure that you are secure.”

SEE: Coronavirus having major effect on tech industry beyond supply chain delays (free PDF) (TechRepublic)

But at the other end they’ve set up a premium number costing you $20 a minute and every single one of them spends a minute on the call. That’s $20,000 out of your pocket straight to malicious actors. So you just need to think about the awareness of your employees of these types of things and that in a situation like this, they are very likely to click information about what’s really going on with the company, with the external world around you and get information about the coronavirus, that malicious actors use to basically penetrate your network or defraud you of your money.

Karen Roby: We were talking earlier, too, about how remote workers, how this could be, how they could play into this.

Rasmus Holst: I think the coronavirus just underpins another trend that we see in the market, and I think most boards and executives right now, they go back and say, “Do we actually have a proper strategy for the remote workplace? Do we have video conferencing in place? Do we have collaboration platforms in place? Do we have secure, outside-our-network perimeter collaboration tools in place? Are all of these things in place so that we can continue to work even if we didn’t come back into the workplace? And can the business function without an actual office?”

SEE: How coronavirus may accelerate the future of work (ZDNet)

But again, if we look at it in the shape of the coronavirus, it is not something that the coronavirus created. It amplified the need for the remote workplace, but it’s already an underlying trend in how we go to work, how we perform our daily tasks. I think in North America, more than 50% of knowledge workers have at least one day out of the office every week. So, most companies are prepared. Now, all of a sudden, you just have a full population outside of your firewall, and you need to understand how you’d deal with that and keep the productivity of the business even if you have to go to drastic measures and not have people in the office given a situation like the coronavirus.

Karen Roby: I like how you said at the beginning, of course, all this comes down to no matter what with coronavirus, cybersecurity is something that we need to always keep top of mind and out in front of our conversations certainly because the implications can be huge as to what can happen if a company opens itself  up, possibly, or an employee does, to one of these attacks. 

Also see