The continued spread of the COVID-19 virus has brought about unprecedented challenges to societies, and during this time organisations and individuals have moved to working and learning from home to play their role in social distancing to prevent the spread of the COVID-19 virus.
The change has been rapid and, in most cases due to the rush cyber security was an afterthought. larger organisations and those with well prepared business continuity plans may have had an easier time shifting the work force to remote and allowing them secure connections to critical infrastructure held by the organisations. Smaller organisations and those least prepared where rushed into a panic of ensuring public safety and developing effective ways to allow for remote work, it is during this rush that security took a back seat.
While not all industries can work remotely or continue to sustain remote work before feeling the strain there are those that considered it for the most part Ludacris to even have remote work, the challenge was not a lack of technology we can see that clearly now the challenge was on adoption of the technology and the value of it. These industries didn’t see any real value in such technology. In particular one of the industries that has had the largest change during this pandemic is the learning industry.
A lot of learning centres have had to resort to remote learning, some where prepared others are starting off for the first time. The unfortunate lesson we get here is that we put to much emphasis on supervised learning that remote learning couldn’t meet the standard of physically supervised learning centres had become a custom to. The pandemic does now allow us to rethink learning as a whole and hopefully the right changes can be made within this space.
However, we currently have a new threat on our hands, the shift to mass remote learning has created opportunities for malicious actors to take advantage of this situation in varying ways, some common vectors other new and ingenious methods. After all what attacker ever said “That’s out of scope?”
What are the malicious actors trying to do and/or are doing and how can we protect ourselves? The vast majority of new devices that are now connected to the internet by virtue of remote learning and devices waiting to be added to the fold of large botnets the numbers could aid in the disruption of critical services in future through DDOS (Distributed Denial of Service) attacks.
As parents, guardians and students acquire new devices or existing devices to use for home learning most of these devices are going to connect to the internet without any form of malware protection and can easily be infected. Learning centres that have not provided for devices to their students to use remotely from home should educate parents, guardians and the students on how to ensure their devices are not infected by installing anti malware.
Some learning centres did not have the resources to allow for remote learning on their own platforms so they encouraged learners to go and use various free resources out there or even paid of a platform that they then gave the learners access to. Malicious actors could easily create fake learning resources online that would be capable of fooling anyone especially during this trying time.
They could use these sites to infect devices with malware, crypto miners and even just to harvest data. Data from minors is a high commodity that will be easily sold out there for various nefarious purposes. Victims may find that their details have been used to register them for loans, identity, credit cards and more only to find out when they become of legal age and try to get a government issued identity or take a loan or a credit card.
This form of identity theft unlike the more common one of stealing the identity of someone who is already in a system is much more favourable as the impersonator can build the stolen identity of their choice (social media where minors have also exposed such information can aid in the ease of such identity theft). Vigilance should be applied when signing up for these online learning platforms ensure that the information these platforms require is absolutely necessary to allow you to learn (or use platforms that don’t require you to sign up to use the free resource).
Use trusted platforms there are a lot of them out there for all learning brackets. In the event one must sign in use an alias to create the account even temporary email IDs can be of use to protect the identity of the learner.
The risks are many during this time and practicing good cyber hygiene can go along way to ensuring you don’t become a victim of malicious actors.
Write to us email@example.com