In several examples, actors send phishing emails that contain links to a fake email login page. To create the impression of authenticity, malicious cyber actors may spoof sender information in an email to make it appear to come from a trustworthy source, such as the World Health Organization (WHO) or an individual with “Dr.” in their title. For example, email subject lines contain COVID-19-related phrases such as “Coronavirus Update” or “2019-nCov: Coronavirus outbreak in your city (Emergency)”.Open a file (such as an email attachment) that contains malware.For example, a malicious Android app purports to provide a real-time coronavirus outbreak tracker but instead attempts to trick the user into providing administrative access to install "CovidLock" ransomware on their device.Click on a link or download an app that may lead to a phishing website, or the downloading of malware, including ransomware.These actors are taking advantage of human traits such as curiosity and concern around the coronavirus pandemic in order to persuade potential victims to: Malicious cyber actors rely on basic social engineering methods to entice a user to carry out a specific action. Attacks against newly-and often rapidly-deployed remote access and teleworking infrastructure.Registration of new domain names containing wording related to coronavirus or COVID-19, and.Malware distribution, using coronavirus- or COVID-19- themed lures,.Phishing, using the subject of coronavirus or COVID-19 as a lure,.Their goals and targets are consistent with long-standing priorities such as espionage and “hack-and-leak” operations.Ĭybercriminals are using the pandemic for commercial gain, deploying a variety of ransomware and other malware.īoth APT groups and cybercriminals are likely to continue to exploit the COVID-19 pandemic over the coming weeks and months. Their activity includes using coronavirus-themed phishing messages or malicious applications, often masquerading as trusted entities that may have been previously compromised. ![]() These cyber threat actors will often masquerade as trusted entities. Individuals and organizations should remain alert to increased activity relating to COVID-19 and take proactive steps to protect themselves.ĪPT groups are using the COVID-19 pandemic as part of their cyber operations. Note: this is a fast-moving situation and this alert does not seek to catalogue all COVID-19-related malicious cyber activity. stix files of this alert are based on analysis from CISA, NCSC, and industry. ![]() The IOCs provided within the accompanying. This alert provides an overview of COVID-19-related malicious cyber activity and offers practical advice that individuals and organizations can follow to reduce the risk of being impacted. At the same time, the surge in teleworking has increased the use of potentially vulnerable services, such as virtual private networks (VPNs), amplifying the threat to individuals and organizations.ĪPT groups and cybercriminals are targeting individuals, small and medium enterprises, and large organizations with COVID-19-related scams and phishing emails. It includes a non-exhaustive list of indicators of compromise (IOCs) for detection as well as mitigation advice.īoth CISA and NCSC are seeing a growing use of COVID-19-related themes by malicious cyber actors. This alert provides information on exploitation by cybercriminal and advanced persistent threat (APT) groups of the current coronavirus disease 2019 (COVID-19) global pandemic. This is a joint alert from the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC).
0 Comments
Leave a Reply. |