With many individuals having moved to remote working due to the coronavirus, it has unfortunately given opportunistic hackers and scammers greater opportunity to use the pandemic as a subject-matter for malware attacks.
Malware (short for “malicious software”), is the general term covering all the different types of threats to your computer safety such as viruses, spyware, ransomware, phishing scams, worms, trojans, bots, and rootkits. It is basically a program designed to infiltrate a computer system, either by disrupting, damaging or simply gaining unauthorised access to your data.
The top 5 malware threats targeting small-to-medium businesses
1. Ransomware – once inside your device or network it denies access to systems or files until a ransom is paid.
2. Viruses – infect and corrupt software installed on devices, and then reproduce. A worm is a type of virus that once inside a vulnerable system can spread on its own.
3. Adware – software that displays unwanted advertisements on your computer, serving you pop-up ads, changing your browser’s homepage or adding spyware.
4. Phishing Emails – emails pretending to be from a legitimate business in order to trick you into giving out personal information (e.g. bank account numbers, passwords and credit card numbers).
5. Spyware / Keyloggers – records keystrokes and uses that information to steal passwords and other sensitive information, such as banking details.
Almost one in three Australian adults were affected by cybercrime in 2019.
How to prevent getting malware
The Australian Cyber Security Centre (ACSC) recommends implementing the below simple cyber security practices if you are working from home – during COVID or otherwise.
- Minimise visits to unknown websites and avoid being enticed by clickbait.
- Do not click on any links or open attachments from emails claiming to be from a trusted organisation (like your bank), or who are asking you to update or verify your details. Just press delete.
- Use trusted sources of information – look for the padlock symbol and 'https' in the internet browser address bar.
- Turn on multi-factor authentication across your devices as it can act as a safeguard when your password becomes compromised. Most sites & programs have the option to turn it on in their settings, especially the big players like iCloud, Microsoft 365, Outlook and Google/Gmail.
- Install and regularly update anti-virus and anti-ransomware software.
- Keep your operating system and software up to date with the latest versions
- Secure your devices and use trusted Wi-Fi
- Use a virtual private network (VPN). They add a layer of protection to your online activities and anyone who tries to spy on you.
- Use a free (or paid) password manager like www.Lastpass.com, www.dashlane.com, or www.1Password.com to keep your individual passwords unique, complex and secure.
Ransomware is the number 1 form of malware threatening Australian businesses and is often unleashed when an unwitting employee clicks on an emailed link that contains malware. Once launched, the ransomware scrambles or deletes all data until a ransom is paid to restore it.
Australia holds the highest rate of ransomware attacks against small-to-medium-sized enterprises (SMEs)
Since the COVID-19 lockdown
Since March 10th 2020, there has been a noticeable increase in COVID-19 themed ransomware attacks, with hackers likely gaining access through sophisticated phishing techniques targeted to employees working from home.
94% of malware is delivered via email.
Below are some of the most recent ransomware attacks that have impacted Aussie businesses since the COVID-19 lockdown.
1. Toll Group had some of their customer data stolen after suffering a major ransomware attack in January, followed by a second attack only a few months later.
2. Money management company MyBudget was attacked as it moved its employees to work-from-home arrangements amid coronavirus, causing a nationwide systems outage that left 13,000 customers in financial limbo.
3. BlueScope Steel was the subject of a ransomware attack in one of its US-based businesses, forcing production systems to be halted company-wide.
4. Service NSW was hacked in April, in an attack that compromised 47 staff email accounts.
Whether or not the ransom ends up being paid to the hackers, the indirect costs to a business from simply spending the time to detect and resolve a malware attack can be incredibly costly – on average, businesses suffer a 28% information loss, 25% revenue loss and 29% productivity loss.
The average cost of downtime as a result of a ransomware attack is $208,000 – a 200% increase on 2018.
If you’re expected to work from home for the next few weeks, (or even months), make sure you remain vigilant against the threat of malware attacks.
Put as many of the above prevention techniques as you can in place, with emphasis on implementing multi-factor authentication and a password manager to help safeguard you against any future destructive computer viruses.
In the meantime, if you think you might have provided your account details to a scammer, contact your bank or financial institution immediately. The Australian government also encourages you to report scams to the ACCC via their report a scam page.
Sources: Datto, State Of The Channel Ransomware Report 2019, https://www.abc.net.au/news/2020-05-15/bluescope-steel-cyber-attack-shut-down-kembla-ransomware/12251316, https://www.abc.net.au/news/2020-05-15/mybudget-blames-ransomware-for-system-outage-amid-coronavirus/12252316, https://www.fastcompany.com/90492940/how-to-protect-your-work-from-home-computer-from-cyberattacks, https://www.csoonline.com/article/3153707/top-cybersecurity-facts-figures-and-statistics.html, https://www.afr.com/technology/hacked-again-toll-group-systems-hit-by-fresh-ransomware-attack-20200505-p54q19, https://www.greenlight-itc.com/cyber-crime-security-statistics-australia/
This article is informational only and should not be construed as individual advice as it does not consider your individual needs. You should consider if the insurance is suitable for you and read the Product Disclosure Statement or policy Wording before buying insurance.