David A. Wheeler's Blog

Tue, 07 Apr 2020

COVID-19/Coronavirus and Computer Attacks

Sadly, attackers have been exploiting the COVID-19 pandemic (caused by Coronavirus SARS-CoV-2) to cause problems via computers around the world. Modern Healthcare notes that hospitals are seeing active attacks, emails where a sender (pretending to be from the Centers for Disease Control and Prevention) asks the receiver to open a link (which is actually malware), other scams claim to track COVID-19 cases but actually steals personal information. Many official government COVID-19 mobile applications have threats (ranging from malware to incredibly basic security problems). For example, in Columbia the government released a mobile app called CoronApp-Colombia to help people track potential COVID-19 symptoms; the intention is great, but as of March 25 it failed to use HTTPS (secure communication), and instead used HTTP (insecure) to relay personal data (including health data).

In the long term, the solution is for software developers and operators to do a much better job in creating and deploying secure applications. In the short term, we need to take extra care about our computer security.

path: /security | Current Weblog | permanent link to this entry