This piece by our staff member Jacqueline Muthoni was first published on her LinkedIn page.

###

The Director General of the World Health Organization, Tedros Adhanom Ghebreyesus, declared COVID-19 to be a pandemic on March 11, 2020. The first case of the virus was reported in Wuhan, China and quickly spread to other parts of the world. As the coronavirus moved westwards, Italy became the new epicenter for a while. However, it was surpassed by the U.S. which, at the time of writing, had the most known cases of COVID-19 globally.

Unfortunately, cyber criminals and IT proficient individuals are using the current global crisis to stoke fear as well as swindle people caught up in the mass panic. WebARX, a web security company, has witnessed an increased amount of website exploitation attempts over the past weeks. “Unfortunately, many threat actors have started to abuse the panic and discomfort of the COVID-19 pandemic to conduct special crafted malware and phishing attacks worldwide,” stated the WebARX page.

An example is the website “coronavirusmedicalkit.com” which was flagged by the U.S. Department of Justice (DoJ) because it claims to offer a corona vaccine. The operators of the website are accused of engaging in a “predatory wire fraud scheme” seeking to profit from the confusion and widespread fear surrounding the disease. “Information published on the website claimed to offer consumers access to World Health Organization (WHO) vaccine kits in exchange for a shipping charge of $4.95” the DoJ said.

The Brno University Hospital in the city of Brno, Czech Republic was also hit by a cyberattack amid the outbreak. The small hospital in the central European country has not yet revealed the type of attack, but it was severe enough to also have an impact on the hospital’s Children and Maternity wings. This attack led to the shutdown of the hospital’s IT department and the transfer of patients to the nearby St. Anne’s University Hospital.

Domain registrars have also been asked to step up their security systems towards fighting the rising number of coronavirus-related scam sites, according to an article published by ZDNet this week. The registrars include sites such as GoDaddy, Dynadot, Name.com, Namecheap, Register.com, and others. The guidelines issued by the New York State Attorney and sent to the domain registrars include the following:

1. The use of automated and human reviews for all newly registered coronavirus-related domain names;

2. The establishing of a special channel for authorities and the general public to report coronavirus-related scam sites;

3. The de-registration of all reported domain names;

4. The deployment of systems to halt the registration of coronavirus-related domains;

5. The deployment of systems to block the rapid registration of coronavirus-related domains; and

6. Updating terms of service to add clauses for "aggressive enforcement for the illegal use of coronavirus domains."

These are just a few examples of how COVID-19 is affecting the cyber world. Yet they show the importance of having robust protocols in place because cyber criminals are unscrupulously exploiting the global pandemic. As nearly a third of the world’s population are living under coronavirus-related restrictions and are tempted to spend more time online, it is more important than ever to have defenses against cyberattacks. Strategies to maintain cybersecurity include maintaining good cyber hygiene, verifying sources and staying up to date on official updates.