Cyber security firms around the world are seeing an increase in Covid-19 related scams. The attached document contains information on the various types of attacks that are being reported. Please take some time to review so that you can be aware of the tricks currently being employed. An excerpt is posted below. Please check with your IT department if you receive any of these scams or if you have suspicions about something you have received.
Cybercriminals are using the pandemic for commercial gain, deploying a variety of ransomware and other malware.
Both APT groups and cybercriminals are likely to continue to exploit the COVID-19 pandemic over the coming weeks and months. Threats observed include:
· Phishing, using the subject of coronavirus or COVID-19 as a lure,
· Malware distribution, using coronavirus- or COVID-19- themed lures,
· Registration of new domain names containing wording related to coronavirus or COVID-19, and
· Attacks against newly—and often rapidly—deployed remote access and teleworking infrastructure.
Malicious cyber actors rely on basic social engineering methods to entice a user to carry out a specific action. These actors are taking advantage of human traits such as curiosity and concern around the coronavirus pandemic in order to persuade potential victims to:
· Click on a link or download an app that may lead to a phishing website, or the downloading of malware, including ransomware.
o For example, a malicious Android app purports to provide a real-time coronavirus outbreak tracker but instead attempts to trick the user into providing administrative access to install “CovidLock” ransomware on their device. (source)
· Open a file (such as an email attachment) that contains malware.
o For example, email subject lines contain COVID-19-related phrases such as “Coronavirus Update” or “2019-nCov: Coronavirus outbreak in your city (Emergency)”
To create the impression of authenticity, malicious cyber actors may spoof sender information in an email to make it appear to come from a trustworthy source, such as the World Health Organization (WHO) or an individual with “Dr.” in their title. In several examples, actors send phishing emails that contain links to a fake email login page. Other emails purport to be from an organization’s human resources (HR) department and advise the employee to open the attachment.
Malicious file attachments containing malware payloads may be named with coronavirus- or COVID-19-related themes, such as “President discusses budget savings due to coronavirus with Cabinet.rtf.”
Employing the services of a Managed Security Service Provider (MSSP)could prove especially beneficial during this time. Godlan’s MSSP program includes services such as Security Awareness Training and Cyber Threat Drills. A complete listing of Godlan’s Managed IT and Security Services can be found here.
Download the PDF Alert from the United States CISA – Alert for COVID-19 Exploited by Malicius Cyber Actors here.