by Kapua Iao
Article filed in
CISA and NCSC Joint Alert: COVID-19 Malicious Cyber Actors
by Kapua Iao
The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) and the U.K. National Cyber Security Centre (NCSC) released a joint alert April 8.
The document examines the exploitation of the COVID-19 global pandemic by cybercriminals and the increase in malicious cyber campaigns over the past few months.
Below are brief descriptions and mitigation strategies for each mentioned attack method.
Such emails can be random and sent in bulk or targeted and geared to an individual.
Currently, cybercriminals use COVID-19 as a lure, playing on human traits such as curiosity and concern.
They can mimic authority by spoofing the Center for Disease Control, the World Health Organization, or even a Human Resources Department.
Furthermore, email subjects can focus on up-to-date information, local cases, or tactics to avoid contact.
Finally, all contain a malicious web page link, app download, or attachment.
The end goal: stealing usernames, passwords, credit card numbers, and other personally identifiable information (PII).
So knowing how to recognize a malicious email is the first step of protection.
Other mitigation strategies include:
- Avoid links/attachments/downloads
- Only open email or visit web pages of trusted sources
- Never reveal PII in an email
- Always verify a sender’s authenticity
And for organizations, especially in healthcare, a HIPAA compliant email to stop phishing emails from even reaching employees.
Such malicious payloads, including Trojans and ransomware, results in the theft of PII for payment or credentials for access into a victim’s system/network.
According to the joint alert:
“In order to maximize the likelihood of payment, cybercriminals will often deploy ransomware at a time when organizations are under increased pressures. Hospitals and health organizations in the United States, Spain, and across Europe have all been recently affected by ransomware incidents.”
Mitigation is the same as for phishing schemes; when in doubt, delete.
New virus-related domain names
Recent reports have seen an increase of new, coronavirus-related domain names used to spread false information and persuade distracted people to do whatever is asked.
Most of these domains will use words related to coronavirus, COVID-19, or pandemic.
Therefore, always examine the browser’s address bar when visiting a website and ask:
- Is there a lock to the left?
- Does it begin with https?
- Is it close but slightly off from a well-known source?
And ultimately, only use reputable sources when looking for information.
Remote working difficulties
The surge in remote working, for individuals and organizations practicing social distancing, has increased the use of vulnerable, outdated, and unpatched technologies.
And along with this, new communication platform users that do not utilize security controls, up-to-date software/apps, and/or meeting passwords.
Unfortunately, this also means an increase in threat vectors; systems and conversations can easily end up hijacked and credentials stolen.
Mitigation strategies include:
- Keep all utilized apps up-to-date
- Do not make meetings public
- Do not share links over social media
- Moderate the meeting
- Manage screen-sharing options
Generally, the CISA and NCSC alert asks individuals and organizations to be proactive in protecting themselves.
People should remain vigilant and only access COVID-19 information from trusted sources.
Furthermore, organizations should ensure remote employees are current with awareness training and software.
And finally, everyone should employ strong security software that includes email protections, such as Paubox Email Suite Plus.
Such a layered approach to cybersecurity helps you safely stay informed when information is needed the most.