Current COVID-19 Cyber Threats The UN Agency WHO has reported a 500% increase in cyber security incidents over the same period last year.
The SecurityMetrics Security Operations Center (SOC) continues to monitor the COVID-19 situation and its impact on our clients and the entire community at large. Our COVID-19 Cyber Attacks Security Update Center contains the latest resources and content to help you navigate your data security and compliance concerns during this time.
The UN Agency WHO has reported a 500% increase in cyber security incidents over the same period last year.
As our SOC team continues to hunt these threats, we want to provide a big-picture view of the situation from our front-row seat in this battle. This view includes any threats that could potentially impact our SM clients. Many early reports predicted that these advanced persistent threats (APTs) would hold off on attacking during the COVID-19 pandemic, but this has proven to be false.
Phishing attack vectors are the most dominant type of threat we are seeing across the entire landscape. However, current cyber threats run the gamut from phishing to ransomware to some very clever attacks that mix old and new. Here is an overview:
Phishing email threats continue. However, the types of phishing campaigns are varied. Our industry peers did a great job highlighting the many different types of phishing emails and how they look when they arrive in your inbox.
We are seeing greater sophistication, along with more government impersonators than ever before. Examples include a booby-trapped email scam in which attackers impersonate the Small Business Association (SBA) and target those seeking small business loans. In another scheme, attackers prey on those who need the CARES Act, specifically the paycheck protection program.
Some phishing emails claim to be from the CDC or WHO and offer to disclose which individuals in your neighborhood test positive for COVID-19. If you click on the attached word doc, you will have enabled malware. We are even seeing threat actors create fake utility bills threatening disconnection of services.
New phishing campaigns are popping up which involve imitating delivery services like FedEx, UPS, or Amazon. These campaigns send coronavirus-related emails with malicious attachments that can install backdoors. This can be especially impactful for businesses that are expecting deliveries and are being asked to pay “re-delivery” fees.
There has been a spike in new malicious domain registrations that use the word “reopen” followed by a US city or state name. These specific domains are being registered in response to the coronavirus restriction protestors, and are an attempt to attract unsuspecting users who will visit and unknowingly click on malicious links.
As always, be aware of malicious websites that appear to sell or promote anything related to the crisis, such as this example where threat actors create fake news sites to promote a phony pandemic survival book.
Many businesses and individuals are using a variety of video conferencing tools; all of which can be exploited by APTs. The security and compliance of these tools is all over the place. Many businesses–including banks–are banning tools like Zoom outright. Zoom’s CEO offered an outright apology letter in early April.
No matter which video conferencing service your business uses, every service has its own flaws and concerns. As always, perform your own due diligence and research before committing to any product or service that may impact the security and compliance of your firm or home.
Most companies rely on their hardware, software, and websites to keep business running smoothly. But a recent survey indicates many IT leaders believe remote workers are a security risk and may potentially expose their employers to cyber attacks, impacting the reliability of the tools these businesses need to continue operating remotely. One dangerous attack which could affect business uses COVID-19 as a lure and can overwrite master boot records.
And recently, a joint publication of guidelines released by the National Security Agency (NSA) and Australian Signals Directorate (ASD) highlights ways to minimize the impact of a common kind of attack: web shell exploits. A web shell is a malicious program often written in languages like PHP or Java. Web shells allow attackers to remotely access web servers to steal business data.
No matter where you store your data, staying on top of these threats in relation to your cloud data should be on the top of your list. We strongly recommend proactive education of your users on COVID-19 threats and cloud data protection. This article is a great starting point and provides a useful, high-level perspective.
.svg)
