In the midst of the coronavirus pandemic, hackers are capitalizing on fears surrounding the outbreak by crafting COVID-19-themed attacks aimed to infect computers with malware or obtain sensitive, personal information.

For example, readers may be familiar with a popular interactive dashboard created by Johns Hopkins University using real-time data from the World Health Organization to track the spread of the virus. It has become a go-to source for many wishing to stay up to date on the virus. Recently hackers have circulated links via social media, email attachments and online advertisements to malicious websites that are disguised as the university’s COVID-19 map. However, the deceptive links open an applet that, when installed, infect the device with malware designed to steal personal data such as login credentials, banking information and other sensitive data. To ensure you are accessing the “real” COVID-19 map, directly access it through Johns Hopkins’ official home page, rather than clicking any unidentified links or searching the internet.

In addition, news recently broke that the Department of Health and Human Services (HHS), the federal agency tasked with fighting the coronavirus, experienced a cyberattack. Although there was no actual penetration or data involved, a distributed denial of service – or DDOS – attack occurred in which bots attempted to overwhelm the department’s system to slow or shut it down. Officials are satisfied that the attack was unsuccessful and are working on determining the origin of the activity.

Even as the government and the public are focused on the public health crisis, the security and intelligence community is also monitoring threats from foreign adversaries and other malicious actors who may take advantage of the attention on COVID-19 to launch cyber-attacks on susceptible networks.

In times of crisis and uncertainty like these, businesses and their employees should be more vigilant than ever of malicious attacks, malware, and scams, especially those relating to the diagnosis, prevention or treatment of COVID-19. Implementation of security best practices will reduce the risk of losing sensitive personal and corporate information and minimize damage and disruption to systems and networks. Among other preventative measures, businesses should revisit (and, if appropriate, enhance) their remote working policies and procedures, require (or reinforce) anti-phishing training, and use email and multifactor authentication. Employees and customers should not click on links without scrutinizing the URL (i.e., ensuring secured websites begin with “https://”), never respond to emails requesting login credentials, payment information, or other sensitive information, and be wary of opening suspicious attachments. Visiting websites directly, rather than clicking on embedded links to those sites in emails, is always a good practice.

Just as people should be careful about what they touch in the physical world, they are also well advised to be careful about how they conduct themselves in the digital world.

McGuireWoods has published additional thought leadership related to how companies across various industries can address crucial COVID-19-related business and legal issues.

Print:
EmailTweetLikeLinkedIn
Photo of Neelam Takhar Neelam Takhar

Neelam represents financial institutions and fintech companies on legal, regulatory and product development initiatives.

Photo of Janet P. Peyton Janet P. Peyton

Janet practices in the area of data privacy and security, and assists clients with both preventive data security as well managing compliance issues in the aftermath of a data breach. Her experience includes auditing and evaluating clients’ data security policies, drafting website privacy…

Janet practices in the area of data privacy and security, and assists clients with both preventive data security as well managing compliance issues in the aftermath of a data breach. Her experience includes auditing and evaluating clients’ data security policies, drafting website privacy notices and internal corporate privacy policies, negotiating cloud computing agreements from both the vendor and customer perspective, and compliance with breach notification laws.

Photo of Bethany Gayle Lukitsch Bethany Gayle Lukitsch

Bethany concentrates her practice in complex civil litigation and class actions, including the defense of antitrust matters, mass tort and product liability claims and commercial disputes. She represents global clients, including Fortune 100 companies and various product manufacturers, as national counsel in various…

Bethany concentrates her practice in complex civil litigation and class actions, including the defense of antitrust matters, mass tort and product liability claims and commercial disputes. She represents global clients, including Fortune 100 companies and various product manufacturers, as national counsel in various federal and state courts around the country and has significant first chair and liaison counsel experience in multidistrict litigation and complex civil and class action litigation. Bethany frequently prepares internal client witnesses for testimony, interacts with expert witnesses and counsels clients regarding complex discovery proceedings, including international discovery.

Photo of Alicia A. Baiardo Alicia A. Baiardo

Ali has more than a decade of experience handling complex commercial cases and financial services litigation. She represents clients ranging from individuals to manufacturers, financial services providers, and large financial institutions. She successfully advocates for her clients at all stages of litigation, depending…

Ali has more than a decade of experience handling complex commercial cases and financial services litigation. She represents clients ranging from individuals to manufacturers, financial services providers, and large financial institutions. She successfully advocates for her clients at all stages of litigation, depending on their goals, by obtaining awards, dismissals and beneficial settlements.

Photo of Justin T. Yedor Justin T. Yedor

Justin specializes in creative solutions to client problems of all types and sizes. In addition to maintaining a robust litigation practice, he handles complex contract negotiations, trademark work, and anti-hacking investigations for clients ranging from startups to Fortune 500 companies.

Photo of Anthony Q. Le Anthony Q. Le

Anthony is an associate in the Financial Services Litigation Department and member of the firm’s Fintech industry team. Anthony has a diverse practice focused on representing financial institutions,