7 minute read
Scams
Malware and Phishing
Scams By Thomas Holt Russell I t may come as no surprise that hackers and scammers are taking advantage of the increasing numbers of people suddenly working from home due to the COVID-19 pandemic. Overnight, millions of people who never worked from home before are now sitting ducks for the skilled hacker that is hunting them. The rising of the number of people working from home is a bonanza for hackers.
Working from home may not be the best experience for many people. Besides the regular distractions such as kids, balancing home life and work life in the same place, and Netflix, it is also uncomfortable being a prime target for hackers.
Let’s take a look at a couple of scams.
One of the main methods used to coax people out of their private information is a phishing scam. Phishing is fraud attempts perpetrated by random attackers against a large number of users. This cybercrime is mostly conducted through email by someone posing as a legitimate institution to lure people into providing sensitive data such as personally identifiable information (PII).
There is one particular coronavirus hoax that targets Android users. It promises to provide real-time access to virus tracking. They promise statistics as well as a visual map that tracks the hot areas for the virus. The application prompts users to download this Android App. This application is full of ransomware. It denies users access to their phones. The application accomplishes this by forcing a change in the password used to unlock the phone. The hackers will then request a $100 ransom in bitcoin. The victim has only 48 hours to comply. The hackers threaten to erase all contacts, photos, videos, and documents. This malware is called the CovidLock ransomware. A more in-depth look into CovidLock can be found here: https://www.domaintools.com/resources/blog/covi dlock-update-coronavirusransomware
There is another phishing scam that seems to come from the World Health Organization. Emails are sent out promising information on safety measures to avoid virus infections. The user will click on an embedded link and then are directed to a site that asks for personal information. The scam looks very legitimate, so it can be difficult to tell whether it is real or not. There are also similar scams that promise face masks and other PII equipment.
People are attacked during their most vulnerable times, so this is a very critical time to practice cyber safety. Think as if the entire world is involved in taking advantage of our vulnerability because they are. Individuals perpetrate some of these scams, but there are also state-run resources directed in this effort. The usual suspects, China, Russia, Iran, and North Korea, are actively using virusrelated information to conduct spying operations.
SophosLabs has a list of newly registered malicious domains that have sprouted up since the pandemic. The list can be found here: https://twitter.com/Soph osLabs/status/12395982898901 11488
Even an established organization, such a NASA, is not immune to attacks by hackers.
This past week NASA has reported an exponential increase in malware attacks. Many of these attacks are directed at people working from home. According to a NASA memo, some of the signs of increased hacking include a doubling of phishing attempts, a massive increase in malware attacks on NASA systems, and double the number of mitigation blocking of NASA systems trying to access malicious sites. This increase in activity is due to users accessing the internet. This proves that NSA employees and contractors are clicking malicious sites that arrive in their email. In part, the NASA memo to employees stated;
“NASA employees and contractors should be aware that nation-states and cybercriminals are actively using the COVID-19 pandemic to exploit and target NASA electronic devices, networks, and personal devices.” What can we do?
People are the weakest link in cybersecurity. If employees were trained to identify fishing emails, that could save companies a lot of misery. Besides training, VPNs are a good start. However, people working from home, away from VPN enterprise networks, are still in danger when they access any cloud-based applications. And again, VPNs do not protect companies when the employee clicks a malicious link in a phishing email.
Some of the things that need to be done for cyber protections are under our control. These measures will help. Keep operating systems, browsers, router firmware, phones, and all devices up to date. Another idea is to receive email messages on computers and phones that are not connected to work. Denver Urban Spectrum — www.denverurbanspectrum.com – May 2020
25
Be on the lookout for suspicious emails and websites that promises to give information or any help on the pandemic. This is just an easy way for hackers to build a road to your data. If you want reliable information, the best site is the Centers for Disease and Control located at https://www.cdc.gov/coronavirus/2019-nCoV/index.html
Some of the changes being made during the pandemic will be here to stay once the virus runs its course. We may experience a vast increase in people working from home. Now is a great time for additional training and awareness for cybersecurity. The threat will never leave, so we have to be serious about protecting our data now, and well into the future. . Editor’s note: Thomas Holt Russell is the Cyber Education Program Manager for the National Cybersecurity Center. He received the 2020 Cyber Education Administrator of the Year award and wrote the book Binary Society.
ALL CAUSES HAVE ADVOCATES. BUT IN THE FIGHT AGAINST HIV ONLY A CHAMPION WILL DO.
Introducing Vivent Health, founded on the combined expertise of AIDS Resource Center of Wisconsin, Rocky Mountain CARES and St. Louis Effort for AIDS. And steadfastly dedicated to serving anyone and everyone affected by HIV through our comprehensive prevention, care and treatment programs. Learn more at ViventHealth.org
An Open Letter: To Council President Clark, Members of Denver City Council and CO State Legislators By John Bailey
The Black Cannabis Equity Initiative (BCEI), the only true Black community equity group engaging the Denver and Colorado cannabis industry on the issue of equity, diversity and inclusion is reaching out to the Denver City Council and CO state legislators for purposes of providing Black community input on the social equity question in Denver and our state.
BCEI is encouraging all CO elected officials to take informed, positive and progressive steps in your role as state and city leaders to assist in bringing action, positive change and healing to this cannabis social equity dialogue in CO and Denver.
BCEI won’t rehash the case or the need for social equity guidance, direction and a plan for not just for Denver, but the state of Colorado (at this point it is rather obvious). Nor will we rehash the impact of a lack of social equity in the initial state law, after 7 years and $8 billion in revenue.
We won’t discuss expungement, record sealing or the impact of COVID-19 in the industry. We won’t discuss the fact that everyone on Council and in the legislature is not at the same place on Cannabis legalization and there is a need for Council and Legislators to get best practice information and education on this issue. With that said, BCEI would like to engage Council and our Legislators in a proactive discussion around the following concerns.
BCEI will continue to engage the cannabis industry leaders and local/state decision-makers in a cannabis social dialogue. This constructive and instructive social dialogue around cannabis social equity will enable and assist social partners trying to influence the arrangement, development and enactment of equitable economic, public and social policies as well as to manage positive change and achieve economic and social goals. Further, there are some specific action items that BCEI supports and want to encourage the cannabis industry, city, state and the community to engage in that social dialogue now, allowing all of us to immediately demonstrate our commitment to social equity in the cannabis space.
The specific BCEI recommended action items are as fol lows: •Demonstrated and continued support for State Government’s and City of Denver’s social equity efforts and leadership in this space as well as engage the cannabis industry around their social equity commitment thus far and social equity plans going forward. •Initiate and support cannabis Emergency Delivery option with a time frame and written social equity accountability resolutions attached such as: 1. Demonstrated cannabis industry social equity commitment to a Local Community Equity Ordinance 2. Demonstrated Cannabis industry support for Community Ownership, Partnership and Sponsorship Agreements 3. Demonstrated cannabis industry support for Cannabis Industry Community Invest Fund 4. Demonstrated support for expungement, record sealing, or release of low-level cannabis offenders 5. Demonstrated support and a review of the Cannabis Minority Business Association recommendations to municipalities of “10 Local Social Equity Ordinances” for consideration 6. Demonstrated support for a Denver Cannabis Social Equity Commission with commissioners & staff 7. Demonstrated support for the BCEI Social Equity Accountability Report Card
In addition, please visit our bceicolorado.net website to get a better sense of who we are, our vision, mission and programs..
