Cybercriminals take advantage of health crisis
During the Covid-19 pandemic, there has been an uptick in cybercrimes and criminal activity via digital means, according to a panel of researchers from the Council for Scientific and Industrial Research (CSIR). The panellists spoke at a briefing on the impact of cybercrimes and misinformation during the Covid-19 pandemic.
Speaking to Health-e News, Thabo Mahlangu, a cybersecurity researcher at CSIR, says the lockdown has resulted in many cybersecurity challenges that carried the potential to bring immense harm to individuals, companies and government institutions. According to the CSIR, there has been a marked increase in ransomware attacks against critical infrastructure and response institutions like hospitals and medical centres, which are already overwhelmed with the current pandemic.
“Obviously ransomware has a huge potential for damage because they won’t steal data, but they lock your data, they lock your system,” Mahlangu explains. This stops the owner of the system from being able to access its data or functions. “As a result, you then can’t render services,” he says, adding that for a medical institution this could have fatal consequences.
‘Quick to adapt’
Due to close monitoring and early interventions, no ransomware attacks were successfully executed on their watch.
“We have also seen a spike in new malware, which basically shows that cybercriminals are taking advantage of the crisis that we are facing and they are quick to adapt.”
Operational and cybersecurity teams had to adapt faster. Mahlangu says in response to Covid-19, a data-driven security approach was adopted to forecast potential malware attacks and fight against phishing scams. Using different data and data sources, the team gets a holistic security view of the environment that they are monitoring and trying to protect.
Networks left vulnerable
With employees working from home, another challenge is that company networks and systems have been left vulnerable.
“People use different technologies and devices to connect to their work environment and to their company,” Mahlangu explains, adding that there has been a marked increase in attempts to steal user data, increases in malware and phishing attempts, increases in breaches of video conferencing platforms and in scams and fraudulent activities using digital means.
Scammers use old tricks
Despite technological advances, the most vulnerable point in any network, system or device still seems to be the person using it.
“There was a need to train our users so that they can be cyber savvy and aware of the threat that is out there, because cybercriminals still use the old tactics of social engineering to trick the user into retrieving an infected file or offer up their details.”
The team at CSIR has been using data to help identify user behaviours that could increase the risk of falling victim to attack.
“A very important and interesting insight that we picked up from the data is that the source of the malware-related infections come from specific files and the majority of those files are entertainment files like music or movies.”
He says malware is also being transmitted more and more through work-related files
“People who are locked down at home – as much as they work during work hours, there is still a need for entertainment.”
He says the pandemic has created a new way for cybercriminals to hook unsuspecting victims – creating fake websites related to Covid-19 to trick users into opening malicious attachments or fishing links, which results in illegal access to personal accounts.
“The main purpose of this malware is to compromise the company’s network, steal data, and even transfer or steal money from your account.”
Fake news flourishes
Majority of the attacks were a result of user behaviour, which is why educating users is key. Education and digital literacy are the first steps in combating the spread of disinformation and fake news – another cybercrime that is on the rise since the start of the pandemic.
Neliswa Dlamini is an information security researcher focusing on combating fake news. She says that the “spread of fake news during the Covid-19 pandemic has resulted in a lot of damage.”
“The spreading and publishing of false information about Covid-19 is actually a criminal offence, according to the regulations that were made in terms of the Disaster Management Act,” she explains.
But this is a crime, she says, that is hard to enforce.
“Fake news replicates rapidly on platforms such as social media, and the mainstream media is not exempt from this,” she warns.
Like other cyber criminals, those who publish fake news are adaptable and opportunistic, and the novel coronavirus pandemic and subsequent lockdown have given them the fuel they need to ensure that their misinformation and disinformation spread like wildfire.
“What we also realise is that after an announcement about the lockdown or regulations there would be a flood of fake news which we then had to dispel,” Dlamini said.
She says misinformation about health is particularly worrying. One of the false stories doing the rounds was that faulty Covid-19 testing kits resulted in false positive test results. This meant that many people were hesitant to get tested.
Fake news stories which wrongly warn against medical interventions, Covid-19 prevention strategies or that perpetuate conspiracy theories can all lead to less people seeking help when they are ill or not taking precautions to prevent themselves from getting infected, or from infecting others.
Tech options
And while technology brings several challenges, researchers also know that it may offer solutions. CSIR biometric researcher Kedimotse Baruni says facial recognition technology can be utilised to reduce the spread of Covid-19.
This could prove particularly useful for access control at hospitals and other public spaces, reducing the need for contact-based biometric devices such as fingerprint scanners that are touched by multiple people.
The benefits of facial recognition technologies, however, are not limited to access control; they can also be used to enforce compliance in public spaces.
“Facial recognition can also be used by law-enforcement to check whether a person is wearing a mask or not,” Baruni explains. “If a person is not wearing a mask then there will be an alert.” – Health-e News
Author
Republish this article
This work is licensed under a Creative Commons Attribution-NoDerivatives 4.0 International License.
Unless otherwise noted, you can republish our articles for free under a Creative Commons license. Here’s what you need to know:
-
You have to credit Health-e News. In the byline, we prefer “Author Name, Publication.” At the top of the text of your story, include a line that reads: “This story was originally published by Health-e News.” You must link the word “Health-e News” to the original URL of the story.
-
You must include all of the links from our story, including our newsletter sign up link.
-
If you use canonical metadata, please use the Health-e News URL. For more information about canonical metadata, click here.
-
You can’t edit our material, except to reflect relative changes in time, location and editorial style. (For example, “yesterday” can be changed to “last week”)
-
You have no rights to sell, license, syndicate, or otherwise represent yourself as the authorized owner of our material to any third parties. This means that you cannot actively publish or submit our work for syndication to third party platforms or apps like Apple News or Google News. Health-e News understands that publishers cannot fully control when certain third parties automatically summarise or crawl content from publishers’ own sites.
-
You can’t republish our material wholesale, or automatically; you need to select stories to be republished individually.
-
If you share republished stories on social media, we’d appreciate being tagged in your posts. You can find us on Twitter @HealthENews, Instagram @healthenews, and Facebook Health-e News Service.
You can grab HTML code for our stories easily. Click on the Creative Commons logo on our stories. You’ll find it with the other share buttons.
If you have any other questions, contact info@health-e.org.za.
Cybercriminals take advantage of health crisis
by healthe, Health-e News
June 23, 2020