New cyber threats rise amid coronavirus pandemic
By Soojeong Kim and Eva Weisenfeld
How much do you think your personally identifiable information is worth? Say, your Social Security Number along with your birthday, home address and name, which can be used to commit a multitude of fraudulent acts in your name. To put it into perspective, for $67 a hacker can either treat themselves to an upscale dinner or your social security number, which has potentially higher payouts in the future.
Although the word “hacker” has a negative connotation, not all hackers are malicious. Those that hack with the intent to help an organization/information system improve their security are known as “White Hat Hackers.” On the other side of the spectrum, there are “Black Hat Hackers.” These hackers are known to be malicious and hack with the intent of personal gain. They exploit vulnerable security systems on the World Wide Web to steal information.
There are three levels of the World Wide Web: the surface web, the deep web, and the dark web. The surface web is the searchable part of the internet that most people use, indexed by web browsers, such as Google, Bing, Yahoo, etc.
The deep web contains mainly hidden sites, such as the content of one’s social media, email, and online banking accounts, as well as scientific and academic databases, etc.
The dark web, which can only be accessed through special software, hosts many harmless activities and contents, but is more well-known for the criminal aspect. According to Steve Symanovich, a Norton LifeLock employee, “The dark web may contain information such as stolen credentials (social security, credit card information, etc.), illegal and prescription drugs, murderers-for-hire, illegal pornography, body parts, etc.
“Phishing,” is one of the most common ways cybercriminals attempt to steal personal information, which they can then sell on the dark web. Phishing is when a cybercriminal attempts to steal sensitive information by taking on the persona of a trustworthy source, such as a bank or person in power.
Due to COVID-19, phishing has become a larger threat to people and their information. These cybercriminals prey on the user’s panic and fear to maliciously steal information. According to Kevin Townsend, who has spent the last 20 years writing about cybersecurity, in his Avast blog, these phishers have even been seen to impersonate Dr. Tedros Adhanom Ghebreyesus, the director of the World Health Organization (WHO).
“One of the most common cybercrime methods used now because of COVID is mostly credential harvesting,” said Amyn Gilani, a former intelligence analyst for the United States Airforce and part of the National Association of Security. “There’s a lot of disinformation campaigns that are being pushed out and people are clicking on it; they’re giving their credentials away, or they’re putting their credit cards in and essentially they’re all getting compromised in some aspect.”
Since the pandemic has left many people working and learning from home, the use of videoconferencing platforms, such as Zoom, has increased. This has caused the emergence of a new form of harassment, dubbed “Zoom-bombing.” Essentially, “Zoom-bombers” will gain access to a Zoom call and “post hate speech and offensive images, such as pornography” as defined by Shannon Bond, a tech correspondent for NPR. According to Kristen Taketa, a K-12 reporter for the San Diego Tribune, on the first day of San Diego Unified’s trial period for distanced learning, a high school advanced biology class was Zoom-bombed. The Zoom-bombing issue is so alarming that the FBI had to issue a warning against using the platform.
Although it is called “Zoom-bombing,” the issue is not limited to Zoom. ”On March 26, it was reported that Norwegian students on a school video call found themselves watching a naked man engaged in lewd activity,” wrote Townsend.
So, with cybercrime on the rise, how can we protect ourselves? Making sure your video conference calls are secure can help prevent Zoom-bombers from gaining access to your calls. Making calls password-protected, disabling ‘join before host,’ and preventing people who are removed from calls from rejoining are some ways to protect your conference calls from potential Zoom-bombers.
Additionally, always questioning, “Is this real?” is crucial. Even if it’s from supposedly “trustworthy” sources such as your bank, hospital, etc. This helps to protect against those who are phishing for your personally identifiable information. Keep in mind that these cybercriminals try to make their phishing strategies seem as realistic as possible.
Featured image: COVID-19 has affected the way many of us operate, including cybercriminals. PHOTO CREDIT: U.S. Army