CISA Issues COVID-19 Cyber Threat Update (and US-CERT Alert)
Today, the U.S. Cybersecurity and Infrastructure Security Agency ("CISA") published a joint advisory with the UK’s National Cyber Security Centre ("NCSC") in light of cybercriminals exploiting the COVID-19 pandemic by targeting individuals and organizations with a range of ransomware and malware.
According to the joint advisory, some examples include scams with "emails containing malware which appear to have come from the Director-General of the World Health Organization (WHO), and others which claim to offer thermometers and face masks to fight the pandemic."
In addition, the advisory notes that:
The techniques used by attackers prey on people’s appetite for information and curiosity towards the outbreak, with phishing emails and SMS messages using the virus as a lure to trick people into revealing credentials or downloading malicious software.
Phishing attempts often come from what appears to be a trustworthy sender, such as the ‘World Health Organization’, or with a subject line such as “2019-nCov: Coronavirus outbreak in your city (Emergency)”.
Experts at CISA and NCSC expect that the both the frequency and severity of COVID-19 cyberattacks will continue to increase over the next couple of weeks and months.
CISA also included an assessment from US-CERT (AA20-099A) on COVID-19 cyberattacks, including indicators of compromise ("IOCs") for detection, and guidance for organizations and individuals on how to decrease the risk of cyberattacks.
According to the US-CERT Alert, some of the attacks being used are:
Phishing, using the subject of coronavirus or COVID-19 as a lure,
Malware distribution, using coronavirus- or COVID-19- themed lures,
Registration of new domain names containing wording related to coronavirus or COVID-19, and
Attacks against newly—and often rapidly—deployed remote access and teleworking infrastructure.
. . .