Cybersecurity in the COVID-19 era

How to protect your data as cybercriminals capitalize on the COVID-19 pandemic


By John Yeast

As front-line first responders, we have all been inundated with information, statistics, charts, graphs and more on COVID-19 from both internal and external sources in personal and professional inboxes.

In addition to our conscious awareness of good personal hygiene, we can’t forget that good cyber hygiene is critical for maintaining a sanitized cyber ecosystem. Cybercriminals as threat actors are using these opportunities of fear and community chaos to launch phishing attacks and scams. The biggest opportunity for cyber attackers with this outbreak has nothing to do with technology, but with how humans change their behavior and patterns in response to the crisis.

The healthcare industry in general, and particularly the fire and EMS industries, along with their local governments, are especially vulnerable to cybercriminals right now.
The healthcare industry in general, and particularly the fire and EMS industries, along with their local governments, are especially vulnerable to cybercriminals right now. (Photo/Getty Images)

Amongst all of the information that is being distributed, it’s unfortunate (but not without expectation), that cybercriminals are capitalizing on some of the widespread chaos. These players target regular people as well as healthcare front liners and first responders. In times like this, there is an even greater increase in such activities. The healthcare industry in general, and particularly the fire and EMS industries, along with their local governments, are especially vulnerable right now.

Cybercriminals know first responders cannot afford the least bit of disruption during the public health emergency and assume their victims will quickly pay a ransom rather than having critical infrastructure, such as CAD systems, held hostage.

Recent examples of such attacks include Durham, N.C., and Champagne-Urbana, Ill., where officials have had to scramble to stay operational without access to critical systems and information.

Heightened state of cybersecurity issued by DHS

The Cybersecurity and Infrastructure Security Agency (CISA) executes the Secretary of Homeland Security’s authorities to secure critical infrastructure. On March 12, 2020, CISA released an alert encouraging organizations to adopt a heightened state of cybersecurity. This included recommendations for alternate workplace options (i.e., teleworkers), awareness of increased phishing attempts, and implementing multi-factor authentication on virtual private network (VPN) connections.

Be wary of phishing attacks and scams

Countless email messages are circulating that claim to be COVID-19 updates from organizations, the CDC or other government agencies, but some of them may be phishing schemes or contain malware as attachments – and clicking on them can infect your computer system or worse.

Cybercriminals impersonate legitimate organizations and send emails with information about COVID-19. The email messages may contain an embedded link/attachment for the latest statistics, instructions on how to stay secure, downloadable forms, or anything related to the COVID-19 pandemic. If you click on the link or attachment from an illegitimate source, you’re likely to download malware onto your system or be redirected to an infected website.

Common phishing and scam emails are cloaked as CDC alerts that claim to have information about COVID-19 in your area. They may also include links to alleged sites to claim gift cards in the absence of dine-in restaurants, hard to obtain supplies, etc.

Developers surge with fake COVID-19 applications

As people seek out information about COVID-19, how it is impacting them, and how they can stay safe, many are looking to their smartphone for help. There have already been developers and apps blocked from online stores, many reported to have malicious applications that claim to offer information about the virus. These allow the attacker to spy on you through your devices or encrypt your device and hold it for ransom.

Android users should not install applications from untrusted sources (stick to the Google Play Store) and iPhone users should not jailbreak their phones and install apps from third-party sources (stick to the App Store).

COVID-19 themed domain names

In the past few weeks, thousands (in fact over 100,000) of domains have been registered containing terms like “covid,” “virus” and “corona.” Not all of these will be malicious, but all of them should be treated as suspect. Whether they claim to have information, a testing kit or a cure, the fact that the website didn’t exist until the pandemic became news should make you very skeptical of their validity. Use trusted sources – such as legitimate, government websites (ending in .gov) – for up-to-date, fact-based information about COVID-19. Cybercriminals have also impersonated the Centers for Disease Control (CDC) by creating domain names similar to the CDC’s web address to request passwords and even bitcoin donations to fund a fake vaccine.

Human firewalls

Over 90% of all successful network compromises, especially ransomware attacks, start with a simple phishing email, and someone opening a malicious file or clicking on a link sent to them by someone they don’t know. Phishing emails are becoming harder and harder to differentiate between legitimate and malicious.

Because no anti-virus, anti-malware or firewall software can single-handedly stop every cyber threat, the best cyber defense starts with our users. With security awareness training, employees are not only aware of what they need to watch out for but also how to follow best practices, as well as being empowered to report anything suspicious.

There are no silver bullet solutions to fend off cyber criminals. A multi-tiered defense approach is the most sustainable solution. Stay safe, be vigilant and be prepared.

About the author

John Yeast is the director of technology at St. Charles County Ambulance District, and executive vice-president of cybersecurity solutions for EMS Compliance, LLC. He has a focus on information technology leadership along with cybersecurity and holds certifications in protecting cyber ecosystems, including Certified Ethical Hacker, and Cyber Security Architect.

He has 29 years of experience in EMS, with roles as a clinical provider, designing and managing emergency communications centers, large scale project management, and over 15 years in executive leadership in Information Technology. His experience managing large, diverse geographical teams and leading multimillion-dollar projects throughout the U.S., complement his wheelhouse of diverse EMS experience.

Recommended for you

Join the discussion

Copyright © 2020 FireRescue1. All rights reserved.