Cyber Criminals Use Wide Array of Pandemic-Inspired Methods
The headline on the Ars Technica blog post sums it up pretty well: “The Internet is Drowning in COVID-19-Related Malware and Phishing Scams.”
As if those responsible for making sure IT and communications infrastructures can handle a rapid transition to 100 percent telework at companies all around the world was not enough of a job, the threat of cyber breaches has escalated in the past week. But bad actors are going to act badly, and when the world sees panic, criminals see opportunity.
First of all: The Johns Hopkins University Coronavirus Map page does not contain malware. In case you need reassurance: here’s the Snopes.com fact check. That said, as Snopes and so many others have said, cyber criminals are mimicking the Hopkins map, as well as the similar map and data page from the World Health Organization, and creating malware, ransomware, and phishing schemes designed to take advantage of a busy and information-starved public. And remember, these criminals are not necessarily the guy in a windowless basement in a dirty t-shirt trying to get rich with bitcoins. Many of these attacks are sophisticated, state-sponsored and highly targeted.
Our @threatresearch and @thepacketrat are doing a little threat hunting today on #coronavirus-themed domains and URLs we've seen in the past few days that mention "covid" or "corona" in the URI path.— SophosLabs (@SophosLabs) March 16, 2020
We've seen an astonishing number of newly registered domains just the past week pic.twitter.com/gpCEY9oLDR
The criminals are dreaming up, and deploying these schemes fast, so while there’s a list of links describing attacks at the bottom of this post, it’s already going to be dated. Things to think about and do now:
- Alert your staff to the dangers, reminding them of their role in cyberprotection.
- If telework is something your organization is doing or considering, be sure you use or develop remote work cyber protection tips or policies.
- On a daily basis (if not more often) check your cybersecurity resources to see if there are new things that would require your action or communication to your employees.
- Work to ensure HR, IT, and physical security are all acting in concert.
A fake Android coronavirus tracking app is actually ransomware. Masked as an app with pandemic statistics, it locks a phone and demands $100 in bitcoins to unlock.
Group sells kit that uses Hopkins map as click bait to get people to download Java-based malware. The password-stealing malware appears to no longer be for sale, but no information is known about how many people may have tried to purchase and deploy it.
U.S. Health and Human Services Department sees increased cyber attacks. It’s unknown if the attacks are related to the pandemic, and HHS Secretary Alex M. Azar said the attacks were not successful.
Facebook, Google, LinkedIn, Microsoft, Twitter, Reddit, and YouTube release joint statement on misinformation. In the unprecedented statement, the companies pledged to elevate authoritative content and deleting hoaxes.
Czech Republic hospital hit by cyberattack. The hospital is the country’s largest COVID-19 testing center and it’s IT system had to be shut down.
Phishing attacks use real government organizations to look legitimate. From the World Health Organization to the European and U.S. Centers for Disease Control, phishers using realistic domains designed to look like real health organizations to steal passwords.
For more security-related resources on the COVID-19 pandemic, access ASIS's Disease Outbreak: Security Resources page, which is updated regularly.