By David Bruno
On March 17th, celebrity actor Jared Leto – known for his roles in such movies as Dallas Buyers Club and Suicide Squad – tweeted: “Wow, 12 days ago I began a silent meditation in the desert. We were totally isolated. No phone, no communication. We had no idea what was happening outside the facility,” he said. “Walked out yesterday into a very different world. One that’s been changed forever. Mind-blowing – to say the least.”
To say the least, life, as we knew, seems gone. Coronavirus or COVID-19 is wreaking havoc worldwide. Everyone is struggling to keep up and adapt to a quickly changing world. And with that new world, we have never been more vulnerable to cyber scammers and online bad-guys as we are right now.
As we struggle to catch up and fight a titanic battle against COVID-19, cybercriminals are eager to jump in and manipulate this tragedy out of greed or some other perverse motive.
Experts warned us about this, just as they did about the potentially devastating threat of pandemics. They were sounding alarms long before this pandemic hit, telling us our networks weren’t secure. Now, those concerns have exploded in their urgency. Malicious cyber campaigns out to exploit the pandemic – the fear and anxiety people are feeling – are proliferating all over the world, many from Russia.
As recently as March 13, 2020, Canada’s cyber-intelligence agency, the Communications Security Establishment, confirmed it was acting to dismantle fake COVID-19 sites mimicking government sites in phishing attempts.
This is one of the many ways disinformation presents itself – cloaked in appearances designed to look official with legitimate names and believable logos. And when people are afraid or don’t trust their government, they are more inclined to buy into these fraudulent messages or campaigns. Divisions are deepened and blame is assigned in order to aggravate emotional discord. It is easy to imagine how these campaigns can lead to unnecessary deaths. If citizens believe false reassurances or news stories, they might ignore warnings or be more careless. These warped campaigns have created an alternative universe in which any bad-acting citizen wishing to avoid accountability or reality itself can continue such behavior unimpeded.”
Another problem rests with the intersection of cyber and security laws and current working- from-home requirements. Privacy laws require that personal information is protected at all times. But what about employees who do payroll? Remote connections must also be secure and digital storage encrypted, but most at-home connections are not set up this way. This is very problematic because the worst of cybercriminals will go after individual citizens and the personal information they work with, to steal money, hack into bank accounts, appropriate someone’s identity or engage in some other nefarious activity. Whatever your weakness, these criminals will find it. In today’s world, that prospect is more terrifying than ever. It means many of us will be much less likely to notice abnormal activity or things that don’t pass the smell test. We are too busy simply trying to keep ourselves and our families healthy.
Rafal Rohozinski, CEO of SecDev Group of Companies, has seen an increase in phishing recently against public servants and corporate employees, many of whom must rely on instructions from employers to connect internal networks. Malicious foreign actors take advantage of that as our federal government and corporate sector systems were never designed for a mass workforce migration home or to support millions of employees on private networks.
Russian disinformation campaigns, meanwhile, continue to target the West in order to destabilize it and sow distrust. An EU database has apparently recorded almost 80 cases of disinformation about COVID-19 since January 22nd. And there are plenty of hostile or criminal actors willing to do their dirty work in almost any language. They look for where the chaos is worst and then seek to amplify certain frightening, even apocalyptic narratives. They want to induce panic. They falsely claim that the virus is a human creation or a bioweapon. They try to pose as reputable officials from legitimate agencies like the WHO or the Centers for Disease Control. One frequent goal –– is to lure you into clicking onto something that permits them to steal your sensitive information (phishing). Perhaps they will also install some malware on your computer to access financial accounts. An American firm has identified at least two sources targeting Canadians with fake emails on COVID-19. One claimed to be from the Public Health Agency of Canada and refers to a real official. The possibilities for creating hysteria with this truly evil activity are endless.
A range of options to tackle these problems is available – if we are willing to act in a way that scales to the problem, The most basic responsibility lies with each individual or citizen to assume some ownership in the fight against these problems. Don’t click onto things online that may raise doubts. Don’t share suspicious emails.
Use critical thinking always when online
Use critical thinking always when online. Don’t open email attachments from people you don’t know. Encrypt your email. Get a VPN. Most importantly, help spread the word about education campaigns on the need to better recognize suspicious posts, emails or other potentially pernicious online activity.
Encryption is critical in these times, but we must become much more vigilant as well. It’s time to stop taking for granted our cyber-privacy, security and safety. The world is becoming unrecognizable, both online and off, but we have to adapt. If we do and grasp that this is one of that truly rare one-for-all, all-for-one moments, we will surmount these daunting challenges.