Keep employees and data safe from COVID-19 cyber threats
Cybercriminals regularly seize on popular news stories to take advantage of public fears. Case in point: the COVID-19 coronavirus outbreak. As reported cases and death tolls rise worldwide, malicious actors are using the pandemic to entice people to click on links, open attachments, and generally forget their security best practices and information awareness training.
Here are four common cyber threats to watch out for—and potential ways to keep your employees, data, and organization safe during the COVID-19 pandemic.
1. Misleading “health and safety” emails
In the most common COVID-19 cyber threat, emails promise valuable information but instead deliver dangerous malware for cyberespionage, ransomware installation, and credential theft. Examples include:
- Ransomware through a fake statement about coronavirus in Hong Kong, which referenced “Dr. Chuang Shuk-kwan, Head of the Communicable Disease Branch” to add an appearance of legitimacy
- A remote access trojan through a PDF of coronavirus safety measures
- Information-stealing malware through a coronavirus-themed email campaign about the shipping industry
- A virus through a coronavirus-themed document
- A malware bot through an email titled “Emergency Regulations,” that looks like it’s from the Chinese Ministry of Health
- “Coronavirus” ransomware that used a fake version of the WiseCleaner site for Windows system utilities
Many examples of coronavirus social engineering so far have masqueraded as public health or official government announcements. However, as the virus spreads to the United States, some actors may adjust their tactics to pose as other prominent public officials, including politicians and local health authorities.
2. Dangerous websites and maps
Not all websites with COVID-19 in their URL are legitimate or safe. In late February 2020, Check Point reported 3% of all COVID-19-themed domains to be malicious and another 5% as suspicious, out of a sample of more than 4,000 domains.
As people search for information about the virus’s geographic spread, cybercriminals are also using online maps—and selling coronavirus-themed malware loaders online. In a well-publicized case, spoofed versions of Johns Hopkins University’s COVID-19 tracking map distributed information-stealing malware.
3. Phishing scams
Pretending to offer infection-prevention measures, information about new cases, and general COVID-19 “awareness,” phishing campaigns target Microsoft Outlook and Office365—and credit card data.
Scammers promise you can:
- Donate food, water, and medical care, sometimes with a QR code for “donating” bitcoins
- Access non-public information that “is not being told to you by your government”
- Buy hand sanitizers, vitamins, supplements, and other supplies to fight infection
- Purchase a COVID-19 vaccine, payable by bitcoin through a fake PayPal page [Note: There is currently no vaccine to prevent coronavirus disease.]
4. State-sponsored campaigns
Nation-state actors are suspected to be actively using coronavirus themes in malware campaigns. While data remains relatively limited and it’s unclear how frequent this activity is, it seems clear that government-backed actors are utilizing mentions of the coronavirus to social engineer victims.
At the moment, state-sponsored campaigns appear to be geared predominantly toward cyberespionage. However, other types of campaigns, such as those targeting intellectual property, may be possible.
Best Practices for Cyber Protection
The World Health Organization and multiple U.S. government agencies have issued public warnings about malicious cyber actors taking advantage of the coronavirus pandemic. In addition, you can protect your organization, employees, and data in the following ways:
Vet and verify the information. Consult official websites only when seeking COVID-19 information. Don’t click on links or open attachments from unknown senders. Be particularly wary of documents and URLs that reference coronavirus or COVID-19—especially if the documents or URLs are sent in unsolicited emails or social media messages.
Be suspicious of offers for vaccinations, health supplies, or non-public information. No vaccine currently exists to prevent COVID-19—and one will likely not be ready until 2021. Don’t trust offers for health supplies, such as hand sanitizer, that are in short supply, and of COVID-19 information that a sender claims aren’t otherwise publicly available. Scrutinize requests for credit or debit card data and other sensitive information, particularly if it’s in an unsolicited email or social media message.
Be vigilant when IT departments are short-staffed. In the event of a significant outbreak, cyber threat actors could view lean employee coverage as an opportune time—such as during a holiday or weekend—to target an organization’s network.
Knowing what to look for and taking the necessary precautions helps your organization and employees maintain cyber health as you adapt and protect yourself during the current pandemic.