Out to Infect: Common Ways Cybercriminals Exploit the Coronavirus Crisis

Man Wearing a Face Mask Hunched Over His Computer in a Dark Room

While the whole world is busy looking for ways to battle the Coronavirus disease (COVID-19), cybercriminals seem to be quite busy looking for ways to capitalize on the crisis. Many of them appear to be especially interested in taking advantage of healthcare facilities including practices like yours.

By exploiting vulnerabilities, cybercriminals are capable of hijacking your operations, extorting your business, and crippling your practice. In many cases, unfortunately, cybercriminals don’t have to work too hard to find your infrastructure’s weak spots.

According to The Human Factor 2019 Report by cybersecurity company Proofpoint, 99% of the threats that they observe requires at least some degree of human interaction to execute—whether it’s clicking a link, opening a file, opening a document, or entering credentials. 

Apparently, cybercriminals take advantage of human vulnerability more than they do software vulnerability, which is why it’s important that you stay informed and updated on how they do what they do:

  • Phishing Emails

Phishing emails are the most popular means by which cybercriminals attack. They are emails sent by cybercriminals claiming to be from legitimate organizations. The goal is to deceive users into providing sensitive information such as usernames, passwords, and credit card information. 

To capitalize on the Coronavirus outbreak, cybercriminals prey on people’s fear, panic, and desperation. Early in the year, for example, phishing emails made to look like COVID-19 alerts, health advice, and announcements from the Centers for Disease Control and Prevention (CDC) made its rounds in people’s inboxes. They contained malicious links and attachments that, when opened, can be used to infect and lock the users’ computers.

So what do we do? The FBI Internet Crime Complaint Center (IC3) advises everyone to be wary of emails, apps, and websites that claim to offer information about COVID-19. Do not open the links or attachments they contain. Note that government agencies do not send out unsolicited emails asking for money or private information from you. If you’re unsure of the legitimacy of some emails, it’s best to contact a certified IT expert.

  • Malicious Tools and Apps

Cybercriminals know how people think and how they’re likely to respond to stressful times. This information allows cybercriminals to know which tools and techniques to use to get their plans going. During crisis situations, many people are so hungry for updates and information that they become susceptible to malicious lures disguised as useful tools or applications.

For example, Android phone apps that claim to provide statistical and tracking information about the COVID-19 outbreak have been popping up all over the US. Unfortunately, when downloaded, these apps can either implant malware or illegally intrude your space by accessing your phone’s camera, microphone, and messages.

So what do we do? Of course, you first need to ensure that no sensitive patient data can be found on your mobile phone. They must be securely stored in a HIPAA-compliant environment.

Don’t install pirated or fake apps. You should also avoid sideloading or downloading apps that are outside Google’s official Play Store. If you really need to, then make sure the app that you’re sideloading is from a source that you trust.

  • Distributed Denial-of-Service (DDoS) Attacks

A distributed denial-of-service (DDoS) attack is the act of overwhelming an online service with traffic from several compromised sources in order to render the service unavailable to legitimate users. 

On March 15th, the US Department of Health and Human Services (HHS) website itself got hit by a DDoS attack that was designed to slow or shut down the agency’s servers. Fortunately, the incident appears to have been unsuccessful and no full breach took place. 

While motives for DDoS attacks can vary from one incident to another, these are likely to trigger panic and cause disruption especially in the middle of a startling pandemic.

So what do we do? There are different types of DDoS attacks, which means that the ways by which they are prevented or mitigated can vary as well. You can start with ensuring that a defense strategy and response plan are in place so you know exactly what to do once disaster strikes. 

On an individual user’s level, using strong, complex passwords that are regularly changed can go a long way as a countermeasure for a DDoS attack.


Don’t let cybercriminals in.

We are in the middle of a global Coronavirus pandemic, and the last thing your practice needs right now is a threat to the security of your data, IT infrastructure, and business operations. Unfortunately, preying on the vulnerability of healthcare facilities is exactly what many cybercriminals have in mind these days.

Keep cybercriminals from taking advantage of human vulnerability by staying informed, vigilant, and prepared for their moves. Keep them from taking advantage of software vulnerability by making sure your network is equipped with the most essential safeguards.

Give your practice the cyberprotection it deserves.

Contact us now.