COVID-19 and How Bad Actors are Trying to Exploit Users

Published on April 24, 2020  |  Cyberfort Advisors

Bad actors are always a threat to your enterprise’s devices and data security. They attack IT systems in order to gain sensitive information, spread malware and ransomware, and gain access to your accounts.

The routes bad actors take to attack your IT systems are always evolving, especially during a crisis.

Bad actors and COVID-19

According to the United States Department of Homeland Security Cybersecurity and Infrastructure Security Agency, cyber threats have increased because of the novel coronavirus in two main ways:

  1. Bad actors are using people’s desire to learn the latest COVID-19 news as a way to trick and trap them with phishing schemes and malware.
  2. Cybercriminals are targeting potentially vulnerable services that businesses use for teleworking, such as VPNs and video conferencing platforms. 

These cyberthreats typically populate via email, SMS messages, and app-based messaging services in link or download format. When the victim clicks on the link or downloads the file or app, their device is either infected with malware or ransomware, or the hacker captures their sensitive data.

Bad actors may also create a false login webpage or email address to impersonate a reliable source, website, or popular person. The spoof looks very similar to the real entity in an effort to gain trust and collect user credentials or other sensitive information. 

How bad actors behave is generally the same during the coronavirus pandemic as it was beforehand, but their attack volume has increased due to new opportunities, which means more users and data are being exploited during this vulnerable time.

How bad actors exploit users

Cybercriminals are upping their game during the COVID-19 crisis because they see the opportunities expand while business operations are done from home with less security and little planning. This is largely due to the increase of personnel accessing private networks for work while using VPNs without firewalls or intrusion detection systems. These escalated scenarios make your data at risk of exploitation by cybersecurity adversaries.

A common tactic bad actors are using is to title the email or attachment with COVID-19-related phrases, especially as it relates to financial inquiries specifically pertaining to stimulus money, as well as outbreak cases identified in the victim’s city. This tactic catches the victim’s attention and preys on their potential financial and health concerns.

How to defend against these attacks

Even though we are in the middle of this crisis, there are still ways you can defend your data and users against cyber attacks. To protect your enterprise from bad actors exploiting the crisis, practice these defensive actions:

  • Only use trusted sources concerning the COVID-19 pandemic, including the WHO and the CDC. Encourage your employees to do the same.
  • Educate your employees about what suspicious emails look like.
  • Improve your cybersecurity initiatives for teleworking situations and inform your employees about telework best practices to keep your network safe. 
  • Require passwords for video conferencing; do not make meetings public.
  • Help employees identify suspicious email activity so you can respond quickly to incidents. 
  • Develop a plan to respond to phishing and other incidents so you can minimize the damage.

Are you concerned that your enterprise is vulnerable? Learn more about our Threat & Vulnerability Management services. 


CyberFort Services

We offer a complete suite of consulting services to help you create an effective strategy that resolves threat, security and regulatory compliance risks efficiently.


Industries Served

Our team of industry recognized subject matter experts work to offer the right security solutions for your specific needs, preventing threats and vulnerabilities from compromising your business.


Ready to secure your business against cybercrime?

Establish a complete cybersecurity program for your business with smart strategies, solutions and support by CyberFort.

Your Guide To A Successful Cybersecurity Overhaul by CyberFort Advisors

Your Guide To A Successful Cybersecurity Overhaul

Many companies implement new cybersecurity policies and procedures, but they ignore one critical fact: When it comes to your cybersecurity posture, your end-users are your weakest link.

Without getting employees and other end-users on board, your company data is at risk.

With your end-users on board, how do you deploy new cybersecurity policies? There are many pitfalls companies commonly fall for during this process. With the right preparation and guide, you can overhaul and deploy a successful cybersecurity initiative.

This short but comprehensive guide will show you how to:

  • Overhaul your cybersecurity program
  • Get your employees and other end-users on board
  • Avoid common pitfalls that cause cybersecurity initiatives to fail

To download the guide, please provide us with your name and email address:

Thank you for your submission! You will receive an email with a download link.