Out to Infect: Common Ways Cybercriminals Exploit a Global Crisis
In the year 2020, while the whole world is busy looking for ways to battle the coronavirus disease (COVID-19), cybercriminals are busy looking for ways to capitalize on the crisis. Many of them are especially interested in taking advantage of healthcare facilities including practices like yours.
By exploiting vulnerabilities during a global crisis, cybercriminals are capable of hijacking your operations, extorting your business, and crippling your practice. In many cases, unfortunately, cybercriminals don’t have to work too hard to find your infrastructure’s weak spots.
According to The Human Factor 2019 Report by cybersecurity company Proofpoint , 99% of the threats that they observe requires at least some degree of human interaction to execute—whether it’s clicking a link, opening a file, opening a document, or entering credentials.
Apparently, cybercriminals take advantage of human vulnerability more than they do software vulnerability, which is why it’s important that you stay informed and updated on how they do what they do:
Phishing Emails
Phishing emails are the most popular means by which cybercriminals attack. They are emails sent by cybercriminals claiming to be from legitimate organizations. The goal is to deceive users into providing sensitive information such as usernames, passwords, and credit card information.
To capitalize on the coronavirus outbreak, cybercriminals preyed on people’s fear, panic, and desperation. Early in 2020, for example, phishing emails made to look like COVID-19 alerts, health advice, and announcements from the Centers for Disease Control and Prevention (CDC) made its rounds in people’s inboxes. They contained malicious links and attachments that, when opened, can be used to infect and lock the users’ computers.
So what do we do?
The FBI Internet Crime Complaint Center (IC3) advises everyone to be wary of emails, apps, and websites that claim to offer information about the global crisis. Do not open the links or attachments they contain. Note that government agencies do not send out unsolicited emails asking for money or private information from you. If you’re unsure of the legitimacy of some emails, it’s best to contact a certified IT expert.
Malicious Tools and Apps
Cybercriminals know how people think and how they’re likely to respond to stressful times. This information allows cybercriminals to know which tools and techniques to use to get their plans going. During crisis situations, many people are so hungry for updates and information that they become susceptible to malicious lures disguised as useful tools or applications.
For example, Android phone apps that claim to provide statistical and tracking information about the COVID-19 outbreak popped up all over the US last year. Unfortunately, when downloaded, these apps can either implant malware or illegally intrude your space by accessing your phone’s camera, microphone, and messages.
So what do we do?
Of course, you first need to ensure that no sensitive patient data can be found on your mobile phone. They must be securely stored in a HIPAA-compliant environment.
Don’t install pirated or fake apps. You should also avoid sideloading or downloading apps that are outside Google’s official Play Store. If you really need to, then make sure the app that you’re sideloading is from a source that you trust.
Distributed Denial-of-Service (DDoS) Attacks
A distributed denial-of-service (DDoS) attack is the act of overwhelming an online service with traffic from several compromised sources in order to render the service unavailable to legitimate users.
On March 15, 2020, the US Department of Health and Human Services (HHS) website itself got hit by a DDoS attack that was designed to slow or shut down the agency’s servers. Fortunately, the incident appears to have been unsuccessful and no full breach took place.
While motives for DDoS attacks can vary from one incident to another, these are likely to trigger panic and cause disruption especially in the middle of a startling crisis.
So what do we do?
There are different types of DDoS attacks, which means that the ways by which they are prevented or mitigated can vary as well. You can start with ensuring that a defense strategy and response plan are in place so you know exactly what to do once disaster strikes.
On an individual user’s level, using strong, complex passwords that are regularly changed can go a long way as a countermeasure for a DDoS attack.
Don’t let cybercriminals in.
When in the middle of a global crisis, the last thing your practice needs is a threat to the security of your data, IT infrastructure, and business operations. Unfortunately, preying on the vulnerability of healthcare facilities is exactly what many cybercriminals have in mind.
Keep cybercriminals from taking advantage of human vulnerability by staying informed, vigilant, and prepared for their moves. Keep them from taking advantage of software vulnerability by making sure your network is equipped with the most essential safeguards .
Give your practice the cyberprotection it deserves.
Search Articles
News & Resources
ER Tech Pros is a managed service provider (MSP) that specializes in catering to the IT needs of healthcare practices in and around the Sacramento area.
We use our cutting-edge technology, extensive experience, and 24/7 support to make sure your IT network is in its most secure and optimal state.
HIPAA- and SOC-compliant, we are healthcare’s trusted IT experts.
We take care of your IT so you can care for your patients.
8795 Folsom Blvd., Suite #205
Sacramento, CA 95826
info@ertech.io
Resources
Search this Site
Get Updates
Enter your email address below to receive healthcare tech tips and resources from ER Tech Pros.
Connect With Us