COVID-19 Cyber Threat Awareness

Cyber criminals are exploiting COVID-19

The impact of COVID-19 on our way of life has been unprecedented. For the cyber criminal it has been business as usual but with additional fringe benefits. More people are working from home and some of them will be less familiar with secure working practice than they ought to be. We still need to collaborate leading to increased use of web communications and conferencing software some of which will be unfamiliar to the user and vulnerable to spoofing. Also access to those crucial files and systems requires greater use of remote access systems, all needing to be properly secured and checked out before they are deployed.

The UK government cyber crime investigation body (NCSC) has published a COVID-19 exploitation report  that illustrates how criminals are trying to exploit the current situation. The criminals’ aims have not changed, to steal financial credentials, access information that can be monetised or to compromise the target and hold them to ransom.

Many attacks follow the familiar pattern such as phishing emails, SMS messages and compromised websites. The criminals are using key text phrases such as ‘COVID’ and ‘UKGOV’ to provide a veneer of authenticity. Companies and government bodies have been putting out essential information on how to deal with COVID-19 but similar information could be a link to on-line scams. A list of new malicious sites linked to the COVID key word lists 2,514 entries as of 8th April 2020.

Another approach has been to spoof meeting invites from collaboration platforms such as ‘Zoom’. Naturally the text and images will look authentic but the aim is as always to get the user to download a file or open a web page that will start a chain leading to the target’s device being compromised. As always it is the end user who needs to be vigilant, why have they received that message, do they need to open the file or visit the site? The action needs to be reinforced, if in doubt report it. With companies now extremely reliant on on-line communications all users need to know who to report potential incidents to.

The increase in remote working has led to greater access to systems through VPNs. These pathways are not foolproof. There are publicly known vulnerabilities in Citrix and in VPN solutions provided by Pulse Secure, Fortinet and Palo Alto. The solutions to these vulnerabilities are known and operators need to ensure that they are in place. RDP is another means to access remote systems, either directly or through a VPN. Nevertheless there has been an increase in reports of attacks on unsecured RDP endpoints since the COVID-19 lock-downs. Network administrators need to ensure that appropriate constraints are in place.

Proof that the cyber criminal is nothing if not inventive is the deployment of CovidLock ransomware. This appears to be an Android App allowing real time tracking of COVID-19 cases. In reality the App changes the device’s lock screen password and demands $100 to unlock it with a threat that data will be deleted if payment is not made within 48 hours. Thankfully this particular ransomware threat has been fixed and a decryption key released.

Android devices are easier to compromise in this way than IOS devices as any IOS application has to be approved by Apple before it is released on their store. There are genuine efforts being made to create Apps that will track COVID-19 cases so this might not be the last instance of creative COVID-19 cyber crime that we will see.

More from Security

04/12/2024

Sitting Duck Attacks

The Sitting Duck attack revolves around taking control of a domain and then using it to distribute malware or as a source for phishing …

Read post

25/11/2024

Developers Hit By Compromised Software Packages

A Typosquat campaign uses slight variations on well-known names to mislead a user to access a rogue rather than genuine asset.  It is well …

Read post

04/11/2024

UK Data (Use and Access) Bill

The Data (Use and Access) Bill had its first reading in the Lords on 23 October 2024.  This step is merely a formal introduction …

Read post

28/10/2024

Zero-Day Attacks

In October 2024 Google Mandiant reported on 138 exploited vulnerabilities since 2023.  They concluded there had been an increase in the number and speed …

Read post

Sign Up

Sign up to our newsletter list here.

    Successful sign up

    Thank you for signing up to our newsletter list.

    Check your inbox for all the latest information from Kindus

    Categories