Homeland Security issues alert on cybercriminals increasingly exploiting COVID-19 pandemic

The U.S. Department of Homeland Security issued an alert April 8 warning that cybercriminals are increasingly exploiting the COVID-19 pandemic to target individuals, small and medium businesses and large organizations.
Cyber criminals and advanced persistent threat groups are deploying a variety of ransomware and other malware for commercial gain, according to a joint alert from the Department of Homeland Security, Cybersecurity and Infrastructure Security Agency and the United Kingdom’s National Cyber Security Centre.
“Both [Cybersecurity and Infrastructure and Security Agency] and [National Cyber Security Centre] are seeing a growing use of COVID-19-related themes by malicious cyber actors,” according to the alert. “At the same time, the surge in teleworking has increased the use of potentially vulnerable services, such as virtual private networks, amplifying the threat to individuals and organizations.”
Cybercriminals are likely to continue to exploit the COVID-19 pandemic over the coming weeks and months, according to the alert. These threats include phishing and malware distribution, using the subject of coronavirus or COVID-19 as a lure; registration of new domain names containing wording related to coronavirus or COVID-19; and attacks against newly — and often rapidly — deployed remote access and teleworking infrastructure.

A phishing email disguises itself as coming from a trustworthy source in an attempt to obtain sensitive information, such as usernames and passwords, by tricking the recipient into clicking on a link or opening a document and then providing sensitive information. Attackers also may use a phishing email to infect computers with ransomware, malware or other computer viruses.

To create the impression of authenticity, cybercriminals spoof sender information in an email to make it appear to come from a trustworthy source, such as the World Health Organization or an individual with “Dr.” in their title, according to the Department of Homeland Security.
“In several examples, actors send phishing emails that contain links to a fake email login page,” the alert said. “Other emails purport to be from an organization’s human resources department and advise the employee to open the attachment.”

Although most phishing attempts come by email, the National Cyber Security Centre has observed some attempts to carry out phishing by other means including text messages.

In addition, as many organizations rapidly deploy new networks, such as VPNs and related information technology infrastructure, to shift their entire workforce to teleworking, cybercriminals are also exploiting a variety of vulnerabilities in VPNs and other remote working tools and software, the Department of Homeland Security said in its alert.

The Federal Bureau of Investigation offered some tips to defend against online meeting hijacking. These include:
• Do not make meetings public. Instead, require a meeting password or use the waiting room feature and control the admittance of guests.
• Do not share a link to a meeting on an unrestricted publicly available social media post. Provide the link directly to specific people.
• Manage screensharing options. Change screensharing to “host only.”
• Ensure users are using the updated version of remote access/meeting applications.
• Ensure telework policies address requirements for physical and information security.

“This is a fast-moving situation and this alert does not seek to catalogue all COVID-19-related malicious cyber activity,” according to the alert. “Individuals and organizations should remain alert to increased activity relating to COVID-19 and take proactive steps to protect themselves.”