Defying Cyberattacks in the Time of Coronavirus


The time of Coronavirus brings about not only increase use of technology, but also an explosion of cybersecurity incidents. Govtech reports on the concerning magnitude of cyberattacks:

· Bizjournals.com: "Cyberattacks on the rise during the Covid-19 pandemic"

· Government Technology: "How Is Covid-19 Creating Data Breaches?"

· BBC: "Coronavirus: How the world of work may change forever"

· Interpol.int: "INTERPOL report shows alarming rate of cyberattacks during COVID-19"

· Techxplore.com: "Ransomware surge imperils hospitals as pandemic intensifies"

· PR Newswire: "Top Cyber Security Experts Report: 4,000 Cyber Attacks a Day Since COVID-19 Pandemic"

· ZDNet: "COVID-19 pandemic delivers extraordinary array of cybersecurity challenges"

· Maritime Executive: "Maritime Cyberattacks Up by 400 Percent"

Most prominent is Evil Corp, a Russian cybercrime syndicate., which installs Ransomware in hundreds of US major companies, crippling healthcare, finance, oil supply and even governmental institutions:

· CNA Financial Paid Evil Hackers $40 Million in Ransom

· St. Joseph's Candler Ransomware Attack

· JBS Cyberattack

It becomes imperative that the public receives information and education during this time to defy the malicious attacks.

From data breaches to ransomware and from online fraudulent activities to election security, new challenges call for necessary preventive measures on every level. First, know what you need to prevent; know that there are four kinds of attacks:

· Network Security Attacks

· Wireless Security Attacks

· Malware Attacks

· Social Engineering Attacks

However complicated and sophisticated cyberattacks may be, we can always start with ourselves to practice safe digital behavior.

· Safeguard and secure information -- Back up files.

· Double-check website safety – Enter only secure webpages.

· Keep your software and systems updated.

· Delete spam.

· Disable third-party components to prevent infiltration.

· Browse/click on only trusted webpages/links.

· Perform regular scans and cleaning.

· Use Domain-Based Message Authentication, Reporting and Conformance (DMARC).

· Use multi-factor authentication (MFA).

From individuals, communities, companies, to governments, we need to work together to raise awareness about cybersecurity. Organizations need to do the following:

· Developing cyber security policies

· Implementing security awareness training

· Installing spam filters and anti-malware software

· Deploying Next-Generation Firewalls (NGFW)

· Installing endpoint detection & response (EDR)

Whatever we do, however we work, stay vigilant. And hopefully with efforts from all sides, we can begin to defy cyberattacks in the time of coronavirus.


新型冠状病毒时期对网络攻击的抵御

新型冠状病毒时期不仅带来了技术使用的需求增加,还带来了层出不穷的网络安全攻击事件。 Govtech 报告了有关网络攻击的严重程度:

• Bizjournals.com:“新型冠状病毒流行期间网络攻击呈上升趋势”

• 政府技术:“新型冠状病毒如何造成数据泄露?”

• BBC:“冠状病毒:工作情况将如何永远改变”

• Interpol.int:“INTERPOL 报告显示新型冠状病毒期间网络攻击的速度惊人”

• Techxplore.com:“随着流行病的加剧,勒索软件激增危及医院运作”

• 美通社:“顶级网络安全专家报告:自新型冠状病毒流行以来,每天发生 4,000 次网络攻击”

• ZDNet:“新型冠状病毒流行带来一系列非凡的网络安全挑战”

• 海事执行官:“海上网络攻击增加 400%”

恶名昭彰的俄罗斯网络犯罪集团 Evil Corp在数百家美国大公司中安装了勒索软件,削弱了医疗保健、金融、石油供应甚至政府机构的安全运作能力:

• CNA Financial 向邪恶网络黑客支付了 4000 万美元的赎金

• St. Joseph's Candler 勒索软件攻击

• JBS 网络攻击

在此期间,公众必须接受真确的信息和网络安全相关的教育以抵御恶意攻击。

从数据泄露到勒索软件,从在线欺诈活动到选举安全,新的挑战显示各个层面必须采取必要的预防措施。首先,人们必须明白自己需要预防什么;四种攻击方式如下:

• 网络安全攻击

• 无线安全攻击

• 恶意软件攻击

• 社会工程性攻击

无论网络攻击多么复杂,我们始终可以从本身开始实践安全的网络互动行为。

• 保护信息—备份文件。

• 仔细检查网站安全—仅登入安全网页。

• 保持软件和系统更新。

• 删除垃圾邮件。

• 禁用第三方组件以防止渗透。

• 仅浏览/点击受信任的网页/链接。

• 执行定期扫描和清洁。

• 使用身份验证、报告和信息一致性作业 (DMARC)。

• 使用多重身份验证 (MFA)。

从个人、社区、公司到政府,我们需要共同努力以提高对网络安全的认识。公司及社会组织需要执行以下操作:

• 制定网络安全政策

• 实施安全意识培训

• 安装垃圾邮件过滤器和反恶意软件

• 部署下一代防火墙 (NGFW)

• 安装端点检测和响应 (EDR)

无论做什么工作、或者如何工作,我们都要保持警惕。希望通过各方的努力,人们可以在新型冠状病毒时期间协力抵御网络攻击。