COVID-19 Exploited by Malicious Cyber Actors

Summary

There is a joint alert from the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC) about cyber criminals seeking to take advantage of the current coronavirus (COVID-19) global pandemic.

Both CISA and NCSC are seeing a growing use of COVID-19-related themes by malicious cyber actors. At the same time, the surge in teleworking has increased the use of potentially vulnerable services, such as virtual private networks (VPNs), amplifying the threat to individuals and organizations.

Cybercriminals are targeting individuals, small and medium enterprises, and large organizations with COVID-19-related scams and phishing emails.

Here is an overview of COVID-19-related malicious cyber activity and practical advice that individuals and organizations can follow to reduce the risk of being impacted.

Summary of Attacks

Cybercriminals are using the pandemic for commercial gain, deploying a variety of ransomware and other malware. These cyber threat actors will often masquerade as trusted entities.

Their activity includes using coronavirus-themed phishing messages or malicious applications, often masquerading as trusted entities that may have been previously compromised. Their goals and targets are consistent with long-standing priorities such as espionage and “hack-and-leak” operations.

Threats observed include:

Phishing

CISA and NCSC have both observed a large volume of phishing campaigns that use the social engineering techniques described above.

Examples of phishing email subject lines include:

  • 2020 Coronavirus Updates,
  • Coronavirus Updates,
  • 2019-nCov: New confirmed cases in your City, and
  • 2019-nCov: Coronavirus outbreak in your city (Emergency).

SMS Phishing

Most phishing attempts come by email but NCSC has observed some attempts to carry out phishing by other means, including text messages (SMS).

These emails contain a call to action, encouraging the victim to visit a website that malicious cyber actors use for stealing valuable data, such as usernames and passwords, credit card information, and other personal information.

Phishing for credential theft

A number of actors have used COVID-19-related phishing to steal user credentials. These emails include previously mentioned COVID-19 social engineering techniques, sometimes complemented with urgent language to enhance the lure.

Phishing for credential theft

A number of actors have used COVID-19-related phishing to steal user credentials. These emails include previously mentioned COVID-19 social engineering techniques, sometimes complemented with urgent language to enhance the lure.

If the user clicks on the hyperlink, a spoofed login webpage appears that includes a password entry form. These spoofed login pages may relate to a wide array of online services including—but not limited to—email services provided by Google or Microsoft, or services accessed via government websites.

Phishing for malware deployment

A number of threat actors have used COVID-19-related lures to deploy malware. In most cases, actors craft an email that persuades the victim to open an attachment or download a malicious file from a linked website. When the victim opens the attachment, the malware is executed, compromising the victim’s device.

Exploitation of new teleworking infrastructure

Many organizations have rapidly deployed new networks, including VPNs and related IT infrastructure, to shift their entire workforce to teleworking.

Read the full article and more at the CISA Alerts page.

In addition to the above alert by the CISA, be aware that robocall scammers are not letting a global pandemic go by without trying to dupe people. There are reports of robocall scams seeking to exploit Coronavirus fears, according to Nomorobo.

You can find a running tab on the latest Coronavirus Robocalls on their website.