Advice: Cybercriminals exploiting Coronavirus

16 March 2020

Public concern and working-from-home mandates are providing opportunities for cybercriminals.

With countries such as Italy already in lockdown, it is expected that Coronavirus will continue to trigger widespread disruption globally. In an effort to protect public health, more and more governments are considering school closures and working-from-home mandates. However, public concern about the spread of the virus, as well as remote working, is creating opportunities for cybercriminals.

We provide some background on these risks along with some easy-to-implement steps that businesses can follow to avoid falling victim.

Increased remote working can open gateway to hackers

Remote Desktop Protocol (RDP), when set up correctly, is a great tool for remote working. However, using these without Multi-Mactor Authentication (MFA) enabled or on an insecure network can open the gateway to hackers. In fact, in 2019, 80% of the ransomware attacks handled by CFC insurance were initiated through RDP.

Businesses that start using RDP for remote working during the outbreak should be aware of some of the cybersecurity risks it can pose and ensure it is being used securely. Employees should always log on within a trusted network, preferably via a Virtual Private Network (VPN), and ideally work with their IT consultant or department to secure personal devices – and implement MFA – prior to remote working.

Coronavirus increasingly being used in phishing attempts

As new cases of the Coronavirus continue to be reported daily, cybercriminals have been leveraging the situation to take advantage of those looking for information on the outbreak. For example, the Sophos Security Team has spotted emails impersonating the World Health Organization (WHO). The emails ask victims to “click on the button below to download Safety Measure”. Users are then asked to verify their email by entering their credentials, redirecting those who fall for the scam to the legitimate WHO page, and delivering their credentials straight to the phisher.

In addition, Twitter has identified another malware campaign purporting to be a “Coronavirus Update: China Operations”. The emails have attachments linking to malicious software.

As global concern about the Coronavirus grows, it is likely that threat actors will continue to abuse this outbreak to their advantage. Businesses and individuals should stay alert to potential scams that trick you into sending money or disclosing security or bank details. 


Implement the following steps to bolster security:

1. Test remote log-in capabilities

Not only should personal devices be configured for secure remote working, but business should ensure that multi-factor authentication (MFA) is set up immediately. MFA is an authentication process that requires more than just a password to protect an email account or digital identity and is used to ensure that a person is who they say they are by requiring a minimum of two pieces of unique data that corroborates their identity. Implementing this significantly reduces the chances of cybercriminals being able to log into a business’s RDP. For more information on MFA and how to implement it, contact your IT consultant or department.

2. Use a secure network

Ensure employees always log on within a trusted and secured network - it should be password protected or accessed via a VPN.

3. Train your employees on how to spot a phishing email

It is important for your business to be more vigilant when in comes to opening attachments, clicking on links, transferring money, or sending sensitive information.

4. Prepare for operational disruption in advance

Put simply, prepare for the worst. As with so many cyber incidents, time is of the essence so ensure you have an incident response plan in place. And as ever, if you believe that one of your employees has fallen victim or that you are experiencing any kind of cyber event, contact your IT consultant or department and notify your Cyber insurer as soon as possible.


For further info: