Coronavirus Spreads in the Cyberworld

The silent spreader


Three months after its first discovery, the deadly infectious disease COVID-19, caused by the SARS-CoV2 virus, is now spreading wildly across the world. As of February 28, COVID-19 has made its way into 54 countries, where an increasing number of them are starting to lose track of the spread. South Korea, Italy, and Iran are on the edge of a full-scale outbreak. The total number of cases worldwide reached over 80,000, ten times that of SARS in 2003. The long incubation period and asymptomatic transmission (based on current information) make it extremely difficult to detect at an early stage, making it a silent spreader.


Impacts on the global economy


The global economy is facing the biggest challenge in decades. Flight cancelations and border shutdowns are one thing, but a bigger challenge emerges from the disruption of the global supply chain. Bloomberg has predicted that the economic impacts of COVID-19 may be much worse than those of natural disasters. To put it in perspective, the 2011 Fukushima earthquake had led to a 63% decrease in Japanese automobile production during that month.

The coronavirus outbreak appears to be much more destructive. It was reported that Chinese industrial activities dropped faster than it did during the financial crisis in 2008. This decrease in manufacturing activities in China is rippling through the world, causing severe chain effects. The tech industry is taking the hardest hit because all tech products around the world have Chinese components in their supply chains. If the disruption continues, we are likely to experience a worldwide shortage of finished goods.


Impacts on the cybersecurity industry


The RSA conference, one of the most prestigious cybersecurity conferences, has issued multiple updates during the past week, informing about sponsors and exhibitors dropping out of the event. AT&T and Verizon are the latest after IBM to withdraw from the conference, increasing the total number of withdrawn sponsors and exhibitors to 14, including seven from the United States, six from China, and one from Canada (RSA Conference). A number of other IT-related annual events were also disrupted by the disease outbreak. GSMA’s Mobile World Congress was canceled, DEF CON China was put on hold, and Facebook recently called off an event in San Francisco.


A parallel outbreak in the cyberworld


We have been witnessing the horrific impacts of COVID-19 offline. We are now seeing equally destructive impacts online. Since the disease started to gain global attention in late January, online information exploded. Governments, doctors, scholars, NGOs, and everybody else is making their own claims of how the virus spreads and what it can do. Information changes day by day as we learn more about the virus. Yet, nobody can be sure of what the virus is capable of, leaving the internet flooded with speculations, as well as a mix of optimism, pessimism, fear, confusion, and distrust.

The general public’s fear and confusion have become an appealing target for cybercriminals. Many are seeing this as a great opportunity for phishing schemes. During the past two weeks, malicious emails and text messages relating to coronavirus have been reported from every continent of the world. These attacks are especially common in countries where an outbreak is currently taking place.

These criminals usually disguise themselves as authorities such as the Center for Disease Control and Prevention (CDC), the World Health Organization (WHO), or other local governments. Most of them apply a common tactic – by luring the receiver to click a link. The link would either direct them into a fake website or download a malicious piece of software on their computer.

For example, one of the text message scams pretended to be sent by the Cable News Network (CNN) and claimed that the virus has spread to the receiver’s city. The message then asks the victim to click on a link to read more information. When a receiver clicks the link, they would be directed to a fake website, where they would be asked to enter their personal information or login credentials.

Another wide-spread email scam appeared to be from the World Health Organization (WHO), asking the receiver to click a button to download safety information regarding the disease. The button would trigger the download of malicious software in the receiver’s computer.


Take extra precautions both offline and online


As a new disease caused by a newly discovered virus, COVID-19 is unknown territory. Despite extensive research being done to understand the virus, the future remains unpredictable.

This is why we should take extra precautions. Offline – avoid close contact with people and take care of personal hygiene. Online – be open to new information and updates, but always double-check the source and scrutinize the certainty of the information. Be sure to distinguish opinions and predictions from facts. Lastly, when receiving emails and text messages about the virus, stop before clicking on any links.

In terms of keeping yourself safe from phishing scams, we have a few tips to help you protect yourselves:

      1) When receiving emails, always check the sender’s email address domain, if the domain does not match the organization they claim to be, discard the email immediately.

      2) Even if a link seems to be from a legitimate site, it could still be a malicious code disguised as a fake address. Do not click on it directly, copy and paste it into your browser first. Had the link been a fake address, you would get an error message from the site.

CDC Fake
      3) When receiving text messages, if you receive a message from an organization you have never given your phone number to, do not trust it.

      4) When receiving emergency alerts, double-check the wordings and formats. Ask surrounding people if they are receiving it too. If you are the only one receiving it, chances are it’s a scam.

The bottom line is to use your common sense. Make cautious judgments and trust yourself.


Sources: BloombergAndroid CentralSecurity MagazineBusiness Insider


Check out Penta Security’s product lines:

Web Application Firewall: WAPPLES

Web Application Firewall for Cloud: WAPPLES SA

Database Encryption: D’Amo

Authentication: ISign+ 

Smart Car Security: AutoCrypt