The cyberthreats following in the wake of the COVID-19 pandemic are not substantively different from the threats that security professionals have dealt with during other national or global calamities like the Indian Ocean tsunami, Amazon fires, floods, and hurricanes. Sophisticated cybercriminal, state-sponsored threat actors, and hacktivists have always taken advantage of widespread anxieties in times of crisis to proliferate all types of attacks. And right now, many public and private security organizations are thankfully applying their experience to track and combat these attacks, and many are doing their best to inform the public and various sectors of the economy on these threats and provide guidance on how to weather this storm.
It is, however, important to remember that the COVID-19 crisis is unique in the scale and the level of disruption it has ushered in. Security teams are scrambling to support an increasing number of remote workers who in many instances introduce new devices to the network, put pressure on VPNs, and heighten the risk of Business Email Compromise (BEC).
This attack vector is almost always the simplest, and therefore the first option for many cybercriminals who are now using COVID-19 lures to compromise as many accounts as they can. Their goal is to harvest as many credentials as they can while the pandemic dominates the headlines. Below are summaries of the latest observed campaigns.
- CDC and WHO impersonation phishing campaigns: These campaigns play on peoples’ need for reliable COVID-19 information, and are mainly designed for Microsoft Outlook credentials theft via links to phishing pages.
- Fake government stimulus check phishing emails: The FBI is warning of an ongoing phishing campaign that uses fake government economic stimulus checks as bait to steal personal information from potential victims
- Fake intracompany or departmental advisories phishing emails: These are phishing emails masquerading as IT, human resources, or business continuity and emergency advisories from within the organization. Employees might be motivated to open malicious attachments or click on links that promise to provide COVID-19 updates or information pertaining to remote work policies, or staff downsizing or realignments.
Modern, next-gen endpoint protection solutions can offer strong defenses against much of the phishing and malware associated with these campaigns. However, the single best defense against these threats is not engaging with them in the first place. Train your employees on best practices: carefully inspect any incoming email messages, don’t click on links from any remotely suspicious sources, and when in doubt, report suspicious messages to the IT or security department.
As with all threat activity and risk management, walking together as one is better than walking alone.
Engage! Leverage your RH-ISAC membership to engage with your peers in the listservs, on Slack, in the Weekly Intelligence Calls, and in any working groups you may be a part of where we maintain a proud tradition of trusted and active peer-to-peer information sharing.
Reach out! Not an RH-ISAC member? Reach out to us or visit www.rhisac.org for information on how to join, or reach out to similar security organizations of relevance to you to ask for information, solicit peer collaboration and to engage in the strength of collective activity…don’t walk alone!