Cybersecurity Threat Advisory: Hackers Still Are Exploiting COVID-19
Posted on April 28, 2020 by Mike Beagles
As part of our effort to inform our clients about potential and serious cybersecurity issues, MCP provides advisories about vulnerabilities and exploits that could threaten the operations of their mission-critical communications networks. Sign up to receive these advisories in your inbox as soon as they are released.
This week, there is a new critical alert that requires the mission-critical community’s immediate attention.
Hacking groups still are exploiting the COVID-19 pandemic as an opportunity to perform cyberattacks. The United States’ Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC) issued a joint alert regarding the threats. To combat these threats, their recommendations are focused on user training and good cyber hygiene. A comprehensive list of recommendations to mitigate the risk can be found on the CISA website.Technical Detail and Additional Information
What Is the Threat?
Many advanced persistent threat (APT) groups are leveraging the COVID-19 outbreak to perform malicious cyberattacks to aid their operations. These groups disguise themselves as trusted entities to disseminate coronavirus-related phishing attempts or malicious applications. These campaigns are consistent with previously observed priorities for these APT groups, mainly espionage and “hack-and-leak” operations. In addition, cybercriminals are continuing to use similar COVID-19 themes to distribute malware, send phishing messages with coronavirus-related lures, register new domains related to COVID-19, and continuously probe for vulnerabilities in the many work-from-home applications that are now ubiquitous.
Why Is This Noteworthy?
A global pandemic in which the overwhelming majority of the workforce has been confined to their homes—for remote work or otherwise—is a prime opportunity for cybercriminal and APT activity. An unprecedented number of people are now working remotely and using the internet. While the subject matter used to disguise these attacks has changed, the technical aspects stay the same. Malicious actors still are using many social-engineering techniques, but now are preying upon a desire to stay informed and protect against the outbreak to further their attacks. Numerous attack vectors have been observed, including the following:
- Phishing emails and texts offering free “relief funds” to combat unemployment
- Applications that map “outbreaks in your area”
- Malicious domains that spoof legitimate sites
What Are the Risks?
The risks of falling victim to one of these various attack vectors are numerous and substantial. For instance, a victim organization’s personal or work-related credentials could be compromised and used to launch further attacks, or be sold off for other nefarious purposes. If a malicious application were installed or a malicious attachment opened, it could lead to any number of different compromises, including but not limited to, ransomware (such as the infamous TrickBot), remote access trojans (RATs), keyloggers, and more. In addition to these typical attack vectors, many previously undiscovered vulnerabilities in popular teleworking applications are being discovered. These applications can be configured in a nonsecure manner, which could allow unauthorized access to the network. In addition, their vulnerabilities could be leveraged, and malware that appears to be a legitimate application could be distributed, with similarly disastrous results.
What Are the Recommendations?
CISA and NCSC jointly released an alert to raise awareness and provide mitigation tactics for individual users and organizations alike. Click here to access the mitigation tactics.
If you are looking for guidance, please reach out. MCP offers a comprehensive cybersecurity solutions suite that is designed specifically for public safety entities and other critical-infrastructure organizations, to help them determine their network, data, and application vulnerabilities. We can help you develop a complete cyberattack prevention strategy. Contact us today to learn more.