By now, it should go without saying that the internet isn't the safest place in the world. It's an environment that's rife with threats of all kinds.
From massive data breaches to identity theft rings and beyond, both individuals and organizations have plenty to worry about.
Not to put too fine a point on it, but we've even reached the point that anyone with access to YouTube can find and hire a sophisticated botnet to launch a massive DDoS attack.
Now, with the coronavirus (COVID-19) keeping much of the world at home, the average level of malicious activity online seems to be reaching a fever pitch. It's even forcing cybersecurity conferences to go online-only, right when the industry needs the information they provide the most.
The target-rich environment is inspiring malicious actors all over the world to step up their attempts to trick users into coughing up financial information or allow malware to infiltrate their systems. Here's an overview of the major threats to look out for.
Photo: Fabian / Adobe Stock
Security firms that track domain registrations have marked a big surge in the registration of domain names with some variation of COVID-19 or coronavirus in them. As many as 17% of the registrations are suspicious – meaning that they can't be traced to any legitimate business or government agency.
If they haven't already, these are the domains that will likely start cropping up in phishing emails, text messages, and other related scams in the coming weeks. The goal will be to convince users they're legitimate informational or government-sponsored sites and to solicit personal information to use in a future attack.
Photo: James Thew / Adobe Stock
In recent weeks, there's also been a surge in spam related to the coronavirus pandemic. Most of it, as usual, is harmless fodder for users' junk folders. There is one type of mass email going around, though, that's a much bigger problem.
That's because it contains an attached Microsoft Excel document that can grant remote access to machines it's been opened on. Microsoft has sounded the alarm for users about the problem, but with several hundred variants already known to be circulating, there's no telling how widespread the threat might eventually become.
Photo: Oleksii / Adobe Stock
With much of the world working from home and people more dependent than ever on digital tools to keep them connected to friends and family, it was only a matter of time before the bad guys took notice and went on the attack. At first, it took the form of the now notorious wave of Zoom bombings that prompted warnings from the FBI and others. Now, the tactics have shifted from disruption to impersonation.
Right now, emails and fraudulent websites are popping up that look and act like popular collaboration tools like Google Meets and Microsoft Teams. For safety's sake, the exact known URLs of these sites won't be printed here, but suffice to say they can be very convincing.
If a visitor is unfortunate enough to fall for the trap, their reward is a malware or ransomware download that would either inject a backdoor into their system or encrypt the host's filesystem until a ransom was paid.
Photo: immimagery / Adobe Stock
Since these recent threats rely in large part on users not being careful about what they're clicking on while online, they should be easy to defeat. Reading this article is step one in doing so.
So, the best advice is for users to be suspicious. Don't ever open attachments from senders you don't recognize or that you weren't expecting. Never rely on links to take you to well-known collaboration sites. Just manually type in the address once and bookmark it in your browser.
And most of all, never ever respond to a request for your personal data without confirming who's asking for it. No reputable business or government agency would ever send an email or text message asking you to do this without you initiating the process yourself. At the very least, they'd contact you by phone first if anything was amiss.
By keeping these countermeasures in mind, most (if not all) of the current coronavirus-related cyber threats will remain little more than an annoyance. And with so many more important things to worry about right now, that should be at least a tiny bit of welcome good news.