With businesses completely shut down, people working from home, some ordered to stay at home, kids home from school or homeschooling, friends and family falling ill and people wondering when the COVID-19 pandemic will end, there’s a lot that can distract users from following cybersecurity best practices. Unfortunately, this hasn’t escaped hackers’ attention, and they’re doing all that they can to take advantage of it.
Touch base with your clients and share this information to remind them not to let their guards down.
Cybercriminals Capitalize on the Vulnerable During the Coronavirus Crisis
The U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the UK’s National Cyber Security Centre (NCSC), issued an alert on April 8, 2020, warning of cyberattacks related to the coronavirus crisis.
The agencies report at the same time more people are working remotely, and criminals are ramping up attacks with COVID-19 themes. The alert provides a summary of attacks that you and your customers should stay alert to:
- Phishing attacks using coronavirus-related content, targeted and specific, using information that makes them look like known or official sources
- SMS phishing using texts to try to get banking or contact information
- Malware delivered using COVID-19-themed emails, offers, apps or websites
- Attacks targeting new remote access and teleworking infrastructure.
Review and share this guidance available from CISA and NCSC:
- CISA guidance for defending against COVID-19 cyber scams
- CISA Alert: Enterprise VPN Security
- NCSC guidance to help spot, understand, and deal with suspicious messages and emails
- NCSC guidance on home working
- NCSC guidance on end user device security
CovidLock Ransomware Emerges
DomainTools reports that after COVID-19 cases began to spread, more people claimed domain names that had different versions of “coronavirus” or “COVID” in them. In mid-March, DomainTools reported this activity peaked, and many of the domain names were linked to scams. The company’s security team began investigating these domains and found that (coronavirusapp[.]site) is offering a “real-time coronavirus outbreak tracker” available through an Android app download.
When users download the app, it deploys Android ransomware dubbed “CovidLock.” The malware encrypts users’ phones and gives them 48 hours to pay $100 in bitcoin. The encryption warning also states, “Your GPS is watched and your location is known. If you try anything stupid, your phone will be automatically erased.”
- Android Nougat has protection against this type of attack, but it only works if the user has set a password.
- DomainTools reminds users to only use trusted sources for health information and to not allow fear to overcome phishing prevention best practices.
- Only download Android applications from the Google Play store.
- Follow DomainTools for decryption keys and technical details.
Microsoft AccountGuard Is Free to Healthcare Providers on COVID-19 Front Lines
If you work with healthcare providers, make sure they know they can take advantage of Microsoft AccountGuard for Healthcare to protect themselves from cyberthreats during the coronavirus crisis. Hospitals, clinics, labs, clinicians and life sciences and medical device companies researching and developing treatments are invited to take advantage of this offer.
The service includes notification of threats to their Office 365 accounts, recommendations for remediations if there is a compromise, support from Microsoft’s team, and access to numerous resources.
- Check with Microsoft for eligibility for this free service.
Don’t Take Your Eye Off the Ball
While the COVID-19 coronavirus monopolizes attention, it’s also important not to overlook other newly discovered vulnerabilities and threats. Make sure you address these risks as well:
- SafeBreach announced a vulnerability in the Realtek HD Audio Driver Package, deployed on PCs with Realtek sound cards.
- VMware released a security update for vRealize Log Insight and updates for VMware Directory Service.
- Mozilla issued security updates for Firefox and Firefox ESR.
- Intel, Adobe, Google and Juniper Networks have released multiple security updates to correct vulnerabilities.
For more security news and insights, visit XaaS Journal’s Security as a Service resource page.