North Dakota’s Chief Information Security Officer Kevin Ford is reminding the state’s citizens of flourishing COVID-19-related cybersecurity threats including hackers exploiting weak passwords to gain access to users’ networks.
This threat, known as a ‘brute force’ attack, occurs when hackers use automated tools to enter combinations of usernames and passwords at random using lists of previously compromised credentials that are available on the dark web in the tens of thousands. Once the attackers successfully guess the right combination, they gain full access to the targeted machine and are able to steal sensitive information, deploy malware or move within the organization's network to find more valuable targets.
“You don’t need to be an IT expert to protect yourself and your families while working, connecting or e-learning,” said Ford. “Simple safety steps go a long way in protecting our devices, our data and our network from attacks.”
Ford encourages North Dakotans to follow these steps to avoid malicious attacks:
- Always use strong passwords with 12+ characters;
- Do not plug your computer or laptop directly into your cable or fiber modem; make sure it is plugged into a router, which is typically provided by your Internet Service Provider.
- Exercise caution when clicking links or opening attachments in unsolicited e-mails. Referred to as ‘phishing,’ this threat has escalated significantly during COVID. A recent example involves hackers pretending to be DHL, FedEx and other shipping companies, asking recipients to click on links or attachments to schedule delivery of packages. These links and attachments often contain malware or spyware. Users are encouraged to verify tracking information directly from the carrier’s website.
Emerging threats are posted regularly to the Cybersecurity and Fraud resources page on the state’s NDResponse.gov website.