The Department of Homeland Security’s cybersecurity agency is working with the United Kingdom’s top cyber agency to warn against a growing number digital attacks exploiting the new coronavirus pandemic.
In an April 8 alert, DHS’ Cybersecurity and Infrastructure Security Agency and the U.K.'s National Cyber Security Centre said that an increasing amount cybercriminals and advanced persistent threat actors were sending malicious emails pretending to be from trusted institutions to exploit fears caused by COVID-19.
The emails sent have been masked as updates from the World Health Organization, or used “Dr.” as a title to demonstrate authenticity. One specific phishing campaign pretended to be from the director general of the WHO. Other campaigns offered thermometers and face masks to protect against COVID-19.
“As the COVID-19 outbreak continues to evolve, bad actors are using these difficult times to exploit and take advantage of the public and business. Our partnerships with the NCSC and industry have played a critical role in our ability to track these threats and respond,” Bryan Ware, CISA’s assistant director for cybersecurity, said in a statement. “We urge everyone to remain vigilant to these threats, be on the lookout for suspicious emails and look to trusted sources for information and updates regarding COVID-19. We are all in this together and collectively we can help defend against these threats.”
In other examples, phishing attempts pretend to be from an employee’s human resources department.
Links in phishing emails have led to malicious websites that distribute ransomware. These emails have coronavirus in their subject line:
- 2020 Coronavirus Updates
- Coronavirus Updates
- 2019-nCov: New confirmed cases in your City
- 2019-nCov: Coronavirus outbreak in your city (Emergency)
Others have included malicious email attachments that have coronavirus in their file names.
“Malicious cyber actors rely on basic social engineering methods to entice a user to carry out a specific action," the alert read. "These actors are taking advantage of human traits such as curiosity and concern around the coronavirus pandemic.”
The two agencies warned that actors will continue to exploit coronavirus fears for the “coming weeks and months.” In a news release, CISA also noted that it hasn’t seen an increase in the overall amount of cyber crime.
CISA and NCSC also warned that hackers were targeting known vulnerabilities in virtual private networks used for telework — a problematic situation given that millions of people working from home because of the pandemic.
“With the sudden, unexpected, and unplanned conversion to remote work, the vulnerabilities that have been created will persist far beyond the end of the pandemic event,” Michael Hamilton, former chief information security officer for the city of Seattle and now co-founder and chief security officer of CI Security, said in a statement. “Threat actors have been handed a gift, and systems that support critical services are now in the sights for extortion … think water purification, waste treatment, and emergency management. Organizations across public and private sectors need to have a deeper understanding of what this new attack surface has brought and where threats are likely to land.”
On March 18, CISA released a coronavirus risk-management document that outlined several ways in which organizations could improve their cybersecurity posture, including patching VPNs, implementing multifactor authentication and updating incident response plans.
Andrew Eversden covers all things defense technology for C4ISRNET. He previously reported on federal IT and cybersecurity for Federal Times and Fifth Domain, and worked as a congressional reporting fellow for the Texas Tribune. He was also a Washington intern for the Durango Herald. Andrew is a graduate of American University.