The COVID-19 disease is now a global epidemic, and while many countries have initiated their quarantine plans to protect their citizens, there are many cyber threat actors trying to take advantage of this situation. For example, an American recently tried to hoard thousands of hand sanitizers to resell online. Fortunately, e-commerce site Amazon removed his listings and warned everyone that they will get suspended if they mark up the prices too much.
In the Philippines, while we have seen attempts of some sellers to sell essential products such as alcohol and toilet paper at higher markup prices, the Bangko Sentral ng Pilipinas (BSP) is warning of a different kind of cyber threat. BSP noted that there are some bad actors carrying out criminal activities like ransomware, phishing, cyber extortion, and even launching cyber espionage activities. These activities contain links to COVID-19 or coronavirus-themed malicious websites or attachments.
Sometimes they can take the form of an email disguised to contain information on how to protect oneself against COVID-19. Once the receiver opens a link, that link maybe malicious and will install sypware or ransomware to the person’s computer.
The BSP is requiring all BSP Supervised Financial Institutions (BSFIs) to stay vigilant against cyber threats taking advantage of the outbreak situation. The monetary agency reminds all BSFIs to employ multi-layered security defense against such attacks and continuously roll-out security awareness campaigns to their employees, clients, and relevant stakeholders.
In a recent memorandum, the BSP said it expects the BSFIs and Operators of Payment Systems (OPS) to adopt and implement an appropriate response to ensure the health and safety of its employees and customers while still delivering continued financial services to the public. It also said that there must be alternate work arrangements and remote access capabilities as long as they are deemed practicable and necessary.
This article is published on BitPinas: BSP Advisory on COVID-19-Themed Malicious Websites and Phishing Campaigns