eGospodarka.pl
eGospodarka.pl poleca

eGospodarka.plPrawoGrupypl.soc.prawoJak oszuści wykorzystują koronawirusaJak oszuści wykorzystują koronawirusa
  • Path: news-archive.icm.edu.pl!news.icm.edu.pl!newsfeed.pionier.net.pl!goblin2!goblin.
    stu.neva.ru!aioe.org!peer01.am4!peer.am4.highwinds-media.com!news.highwinds-med
    ia.com!peer03.ams1!peer.ams1.xlned.com!news.xlned.com!border2.nntp.ams1.giganew
    s.com!nntp.giganews.com!newsfeed.neostrada.pl!unt-exc-01.news.neostrada.pl!unt-
    spo-b-01.news.neostrada.pl!news.neostrada.pl.POSTED!not-for-mail
    Newsgroups: pl.soc.prawo
    X-Mozilla-News-Host: news://news.neostrada.pl:119
    From: u2 <u...@o...pl>
    Subject: Jak oszuści wykorzystują koronawirusa
    Date: Sat, 21 Mar 2020 22:10:44 +0100
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101
    Thunderbird/68.6.0
    MIME-Version: 1.0
    Content-Type: text/plain; charset=utf-8; format=flowed
    Content-Language: pl
    Content-Transfer-Encoding: 8bit
    Lines: 115
    Message-ID: <5e7682d5$0$522$65785112@news.neostrada.pl>
    Organization: Telekomunikacja Polska
    NNTP-Posting-Host: 83.9.115.184
    X-Trace: 1584825045 unt-rea-b-01.news.neostrada.pl 522 83.9.115.184:44808
    X-Complaints-To: a...@n...neostrada.pl
    X-Received-Bytes: 6924
    X-Received-Body-CRC: 3452798667
    Xref: news-archive.icm.edu.pl pl.soc.prawo:795975
    [ ukryj nagłówki ]

    https://fortune.com/2020/03/18/hackers-coronavirus-c
    ybersecurity/

    How hackers are exploiting the coronavirus--and how to protect yourself

    By
    David Z. Morris

    March 18, 2020 5:01 AM EST

    The race is on to create a coronavirus antiviral drug and vaccine
    Gilead's drug Remdesivir is already being tested on patients.

    We all have new worries thanks to the current coronavirus pandemic, but
    the old worries haven't gone away. Among them: malicious hackers, some
    of whom are trying to use the outbreak to steal or ransom victims' data.

    Several recent attacks have attempted to leverage the coronavirus by
    getting people to click on links in messages about the illness,
    according to a report by cybersecurity firm Nocturnus on Wednesday.
    Hackers have also tried to use the influx of people working at home
    because of the virus to their advantage.

    Chief among the techniques are coronavirus-themed phishing campaigns
    targeting countries hard-hit by the coronavirus, including China, Japan,
    South Korea, and Italy. As with many other phishing efforts, the
    hackers' goal is to get a user to click on an emailed link that
    downloads malicious malware, which can be used to steal victims'
    personal data or freeze their computers.


    Nocturnus said the emails have tried to bait users into clicking with
    subject lines such as "Coronavirus: Important information on
    precautions" (in this case, in Italian). Other phishing emails spotted
    by a second security firm, Nuspire, include messages about a coronavirus
    vaccine (which doesn't exist yet), deals on medical equipment, and
    investment opportunities related to the outbreak.

    Coronavirus-themed ransomware, which can encrypt a computer's hard
    drive, enabling hackers to demand payment to unlock it, has also been
    used. One piece of malware spotted warns victims: "Just because you're
    home doesn't mean you're safe," before demanding payment to unlock
    files, according to Nocturnus.

    Software appearing to provide information about the coronavirus, while
    actually delivering malicious software, is another problem. "Coronavirus
    map" software that appears to track the global pandemic, for example,
    also hides the password-stealing malware AZORult, cybersecurity firm
    Reason Security said. The Nocturnus report also identified a mobile app
    that promises "Ways to Get Rid of Coronavirus," which, in fact, delivers
    malware that steals banking information.

    Nocturnus has also found suspicious domains claiming to distribute VPN,
    or virtual private network, software. Many white-collar workers who are
    now working from home may need such software. But attempting to download
    it from an untrustworthy site could leave computer with--again--a
    dangerous malware infection.

    How to avoid malware

    Broadly, avoiding most of these risks means following the same advice as
    during more normal times. Don't click on links from unknown people. Only
    download or install software from trusted sources. And verify that the
    URL of any website that asks users to enter a password is accurate:
    Hackers often set up URLs that are similar to real websites to harvest
    passwords.

    Remote-work vulnerabilities

    The sudden increase in remote work that many companies have instituted
    over the past week introduces a new set of cybersecurity risks to
    organizations. The fundamental problem: Communication that is entirely
    online makes it much easier for bad actors to use deception to gain
    access to systems. This type of hack, generally known as social
    engineering, relies on con artistry rather than code.

    Hackers may "call into a department and pretend to be another
    department" of an organization, says Marty Puranik, president and CEO of
    cloud computing provider Atlantic.net. Chris Wysopal, cofounder and
    chief technology officer of security firm Veracode, warns that hackers
    may pretend to be employees having remote access problems thus tricking
    IT staff into giving them access. Both scenarios suggest taking
    additional care when verifying identities remotely.

    Even more worrisome, Puranik says hackers "could impersonate Department
    of Homeland Security [personnel] and call a police department, call a
    hospital chain and say, we need access to your system so we can, for
    example, enforce a curfew." DHS did not respond to inquiries from
    Fortune about how companies can confirm the identities of government
    agents remotely, but one simple solution would be for them to contact
    DHS directly to investigate suspicious requests.

    Hackers impersonating government agents may have goals well beyond
    stealing bank account information, or even infiltrating corporate
    systems. An attempted hack of the U.S. Health and Human Services agency
    website on Sunday appears to have been aimed at slowing emergency
    information systems and spreading false information through text messages.

    Much is unclear about the attack, but some sources told Bloomberg that
    it was likely state-backed. The incident suggests that the coronavirus
    pandemic could become partly a replay of the 2016 U.S. election, with
    governments angling to destabilize opponents by sowing fear and distrust.

    At their most extreme, hacks could even interfere with systems vital in
    the fight against the virus. A Czech hospital appears to have been hit
    by a ransomware attack, in which hackers shut down its information
    systems and asked for money to eliminate the problem, though there is no
    evidence that attack was state-backed.

    The fluid situation is likely to make serious cyberattacks of many sorts
    easier, says Puranik. "Sometimes the rules go out the window when
    there's a lot of volatility. Someone might let down their guard.

    "It makes it easier for malicious actors to take advantage of the system."

    [...]

Podziel się

Poleć ten post znajomemu poleć

Wydrukuj ten post drukuj


Następne wpisy z tego wątku

Najnowsze wątki z tej grupy


Najnowsze wątki

Szukaj w grupach

Eksperci egospodarka.pl

1 1 1