• Hithawathi
    • About Us
    • Our supporters
  • Help Centre

    Caution!

    • COVID-19 Cyber Attacks
    • Cyber security tips
    • Cyber security threats
    • Security Alerts

    Know More

    • Knowledge Base
    • Social Media
    • Parents Guide
    • Children’s Guide
    • How to get help

    Observation

    • Real-time cases
    • Videos
    • Newspapers
  • How to get help
  • News and Events
  • Monthly Newsletter
  • Contact
    • FAQ
Are you in trouble? 011-421-6062 help@hithawathi.lk
An alert from police about valentine gifts..
  • සිංහල
  • தமிழ்
Hithawathi
  • Hithawathi
    • About Us
    • Our supporters
  • Help Centre

    Caution!

    • COVID-19 Cyber Attacks
    • Cyber security tips
    • Cyber security threats
    • Security Alerts

    Know More

    • Knowledge Base
    • Social Media
    • Parents Guide
    • Children’s Guide
    • How to get help

    Observation

    • Real-time cases
    • Videos
    • Newspapers
  • How to get help
  • News and Events
  • Monthly Newsletter
  • Contact
    • FAQ

Defense Against COVID-19 Cyber Threats

  • Home
  • Help Centre
  • COVID-19 Cyber Attacks
  • Defense Against COVID-19 Cyber Threats

Cybercriminals take advantage of the current COVID-19 outbreak (coronavirus disease) targeting both individuals and enterprises locally and worldwide. A large number of phishing and malware attacks have been reported with this circumstance. Due to restricted movements, people are more towards using online portals for banking, utility payments, and shopping. Therefore, the vulnerabilities of being attacked in those platforms can be identified. Plus the practice of working from home has led to the mismanagement of enterprise systems.

Malware Strains & Phishing Attacks

Social engineers (hackers) may increasingly attack delivering emails, chats, text messages and even calling you directly. Those scams may contain the following, but not limited too.

  • An email with subject COVID-19 related information
  • An email promoting Phishing website appears to a legitimate online portal such as online banking / online shopping cart
  • An email attachment with name of COVID-19 (E.g. COVID-19-new-medicine.zip)
  • Hyperlinks to COVID-19 dashboards and videos (Spread through both emails and Chat messages such as WhatsApp and Viber)
  • A message requesting personal details, passwords or bank details conveying a sense of urgency

How to Stay Safe from Social Engineering Attacks

  1. Do not click any links on emails. The link location may differ from what it appears to be
  2. Do not click any links on Chat messages (IM) from unknown senders or with unusual descriptions or requests
  3. Use Unique & Strong passwords for all accounts
    (How do you select a strong password and protect it?)
  4. Use Password Managers and properly secure them
  5. Use Multi-Factor Authentication every possible occasion which often called Two-factor Authentication or Two-Step Verification
  6. Always check for correct URLs multiple times when you do online banking / online shopping and utility bill payments to avoid phishing attacks. (How to decide whether it is a fake or real website?)
  7. Make sure your Antivirus Solution is properly installed and have latest signature updates
  8. Make sure the latest security updates are installed not only for your operating system, but every application installed in your Computer or Mobile Devices.
  9. Use trusted Wi-Fi connections like your home internet or mobile data service from your telecommunications provider.
  10. Secure your devices when not in use. This can be done by locking your computer when it is unattended or maintaining separate user accounts with unique passwords if a machine is shared. Otherwise, important information may be shared or deleted unintentionally by the other household members or even malicious software may be introduced to your device.
  11. Always get information from legitimate sources, not from social media.

Attacks to Enterprise Systems

It is also observed that the attacks on enterprise systems are being increased during this period. The escalation of reconnaissance attempts can be a sign that the IT assets of your enterprise are probed by unwanted actors.

How to Protect Enterprise Systems

  1. Make sure IPS/IDS functionalities enabled in both perimeter and internal firewalls or other monitoring devices
  2. Make sure IPS/IDS are updated with latest threat signatures
  3. Make sure alerts are generated in an attempt of intrusion and adequate staff is attending to the alert by 24/7 and all 365 days
  4. Monitor applications for unusual errors messages which often indicate Business Logic Attacks
  5. Restrict access to external opened systems to only required groups.
  6. If the Work From Home (WFH) required, provide only required systems access adhering to Principle of Least Privilege (PoLP) with data access to Need to Know Basis and Only through VPNs
  7. Make sure any sensitive data is encrypted in both rest and transmitting in any WFH activity
  8. Monitor and log remote access connection strictly
  9. Use Multi-Factor Authentication every possible occasion, especially for remote connection authentication such as for VPNs
  10. Do not encourage the staff to use portable storage devices like USB drives and cards which can be easily misplaced or unencrypted. Transferring files in more secure ways like organization’s cloud storage or collaboration solutions is advised.
  11. Make sure Corporate COVID-19 BCP addressing cybersecurity issues

Accordingly it is recommended to stay alert on your information systems during COVID-19 outbreak, since the reports have indicated that the cybercriminals use the present opportunity to perform their attacks. Hence, it is always better to keep in mind that the security of the systems should be primarily assured, when changes to the operations of organizations take place with diverted attention.

Citation:
Alerts & News of TechCERT (https://www.techcert.lk/en/alerts-news/295-defending-against-covid-19-cyber-threats)
https://www.cyber.gov.au/advice/covid-19-cyber-security-tips-when-working-home?fbclid=IwAR3zZCPAvtN8Phb0rFAC5ZLb3u8_tzXrh3lbd919ziC6PwW2JwfE_YjD9Ng

 

  • Special Warning
  • Defense Against COVID-19 Cyber Threats
  • How to be safe during this disasters situation
  • How to save your child from cyber crimes

Hithawathi

A Project Funded by
LK Domain Registry

Quick Links

Sri Lanka CERT|CC
TechCERT
Internet Crime Complaint Centre
     
    Instagram

Our Supporters


Business hours

Weekdays 08.30 am – 05.00 pm
Saturdays 08.30 am – 12.30 pm
Closed on Public holidays.(Calls may be recorded for training and quality purposes)

Copyright © 2021 Hithawathi. All Rights Reserved.

Become a partner ?
Just call us 011-421-6062