It seems like every year presents itself with a new cybersecurity issue. During the 2016 election cycle, there was the Russian hacking scandal. In 2018, the Cambridge Analytica and Facebook data problems brought the issue of targeted ads and personal information to the front page of newspapers across the United States. And in 2020, new cybersecurity issues have come about amidst the coronavirus pandemic.
Hackers around the world have been using the pandemic as a backdrop for “themed attacks,” according to Jonathan Nguyen-Duy, the head of the global security advisory team and the Executive Lead for Strategy and Analytics at Fortinet, a cybersecurity firm based out of Sunnyvale, California.
So-called “themed attacks” have been in use during every major world event. “After Hurricane Katrina, or earthquakes, or tsunamis around the world, there have been scams launched at individuals around the world to see if they’ll give money. People want to give money to help, so people pose as the American Red Cross or other groups to scam them,” says Nguyen-Duy.
Of the many types of cyberattacks, phishing has been the one that has caught the eyes of cybersecurity firms. Such scams take place when cybercriminals use emails, text messages, voice calls, social media or other media to trick victims into providing the information needed to access their personal financial information and other confidential data,” according to Nguyen-Duy.
To track potential phishing attacks, cybersecurity firms document suspicious domain names and distribute them to clients. One firm, LookingGlass Cyber Solutions, has documented over 40,000 suspicious domains related to COVID-19 and has a team of analysts that track where and when each domain was created.
According to LookingGlass, over half of these domains were created with the popular domain registrar, GoDaddy, suggesting that it is relatively easy for malicious agents to create these phishing sites.
One of the main types of domains created is fake donation websites. Such websites ask for credit card information for a “donation” to COVID-19 relief funds, but in fact, allow criminals to steal the information for personal gain.
“Talking about fraudsters…they jump on anything like this where they can get people to open up an email and read the email and click on a link and go to a fake website. This isn’t unique to COVID-19. You see this with everything…election news, breaking news, anything that gets people’s attention,” Jeremy Haas, the Chief Security Officer at LookingGlass Cyber Solutions, said.
Every day, LookingGlass, along with other similar firms, publishes an update of new domains documented and general cybersecurity news for their clients. For example, on May 7, LookingGlass announced that the analysis of 450 new domain names related to 19 drug names tested as treatments for COVID-19 had yielded a sharp increase in domain squatting, or using a domain name to profit from a trademark belonging to someone else, over the previous week. Such analysis helps both companies and government agencies alike in preventing people from being scammed.
Some of the fraudulent websites even look the same as safe websites. The only difference between the two is an extra letter, an underscore, or another minuscule detail in the domain name. There was a scam a few weeks ago in which a fake World Health Organization website was created that asked for WHO employees to type in their account number and password to sign into their WHO account. When the employees pressed submit, a group of fraudsters gained access to the WHO database through the employees’ accounts.
Stimulus check scams have also been common in recent weeks. Scammers have been sending fake emails to people and promising to send their stimulus checks earlier than the IRS. Through this, they steal credit card numbers, personal information and social security numbers.
The biggest security issue to affect Lick-Wilmerding since lockdown began has been issues with Zoom, the teleconferencing software that most teachers use to conduct virtual classes.
Although Zoom was built for use by companies and organizations, the sudden switch to public and educational use has caused unanticipated changes to how the company functions. “At the beginning of 2020, we were averaging about 10 million daily meeting participants. In March of 2020, we had 200 million meeting participants every day…and in April we were averaging about 300 million participants every day,” Abe Smith, the Head of International at Zoom, said.
When dealing with a mass number of new users of a software, there are new security considerations that have to be accounted for. “They may not have an IT division, they may be an individual consumer of the product, they may be using our free account,” says Smith.
Information Technology (IT) departments have a large role in providing secure communication throughout a company. However, a user without an IT department securing the network becomes vulnerable to hackers.
“Zoom-bombing,” as some have called it, has become an issue due to the influx of new users. When Zoom meetings are unprotected by passwords or other security measures, some people have joined and presented crude or hateful imagery, causing many governments to stop using the software.
“We take security and privacy very seriously at Zoom,” says Smith. “There are standard user settings that can make securing a meeting pretty easy…there are things like requiring a username and password, using the waiting room feature, which as in the name implies, if someone forcibly enters into a meeting, they have to be approved by the host.”
When dealing with threats, Zoom looks at three different levels of security. “User-level security” addresses the individual user and provides them with settings to increase safety. “The next level is network-level security,” says Smith, which addresses the way that the information is “streamed or provided.” Lastly, the data center takes an important role in security and addresses the concern of how the information is stored physically.
Currently, Zoom runs AES 256-bit encryption, essentially a 256-bit key to prevent hackers from infiltrating, to allow safe communication between hosts. By May 30, Zoom will require all users to update to the Zoom 5 software, which runs a more advanced version of their encryption called AES 256 GCM. “Our goal is to move the product to end-to-end encryption, which is why we acquired a company on [May 7],” says Smith. Zoom acquired Keybase, a company that uses end-to-end encryption to allow users to send messages and securely share files.
The greater lesson behind Zoom-bombing is the realization that small issues can be revealed and heavily exploited when massive changes occur to the user base of companies.
To remain safe, Smith suggests that people use all of the features that Zoom provides with its free account, or upgrade to the paid version for more security features. He also advises users to be smart about where they post zoom codes or links online, and not to post links on social media that aren’t protected.
“Security is a mindset,” Haas said. Haas encourages people to think about their decisions before taking risks. “Everybody has to understand what their risk tolerance is. It’s also extremely important to identify all of the participants on a video call…pay attention, be cautious, always be skeptical.”
Nguyen-Duy gave four basic rules for every consumer to follow when accessing the internet: “Assume that unknown calls, messages, emails are fraudulent; if it’s too good to be true – it is; if someone says you must act now – you shouldn’t; if someone calls you – don’t believe it – legit organizations don’t call you.”
However, the ultimate lesson to come out of phishing scams related to COVID-19 and Zoom-bombing is for users to utilize the security features available and to be cautious when seeking information on the internet.
