COVID-19 EXPLOITED BY MALICIOUS CYBER ACTORS
The United States Department of Homeland Security (DHS) Cyber security and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC) did a joint alert talking to the exploitation by cyber criminal and Advanced Persistent Threat (APT) groups and a list of Indicators of Compromise (IOCs) for both detection and mitigation.
Both APT groups and cyber criminals are likely to continue to exploit the COVID-19 pandemic over the coming weeks and months.
Threats observed include:
- Phishing, using the subject of coronavirus or COVID-19 as a lure,
- Malware distribution, using coronavirus- or COVID-19- themed lures,
- Registration of new domain names containing wording related to coronavirus or COVID-19, and
- Attacks against newly—and often rapidly—deployed remote access and teleworking infrastructure.
Following the CISA and NCSC advice set out below will help mitigate the risk to individuals and organizations from malicious cyber activity related to both COVID-19 and other themes:
- CISA guidance for defending against COVID-19 cyber scams
- CISA Insights: Risk Management for Novel Coronavirus (COVID-19), which provides guidance for executives regarding physical, supply chain, and cybersecurity issues related to COVID-19
- CISA Alert: Enterprise VPN Security
- CISA webpage providing a repository of the agency’s COVID-19 guidance
- NCSC guidance to help spot, understand, and deal with suspicious messages and emails
- NCSC phishing guidance for organizations and cyber security professionals
- NCSC guidance on mitigating malware and ransomware attacks
- NCSC guidance on home working
- NCSC guidance on end user device security
The Trinidad and Tobago Cyber Security Incident Response Team (TTCSIRT) encourages all organisations to review the CISA Alert (AA20-099A) by referring to the following link for comprehensive detailing of the aforementioned threats and mitigations: