UK and US security agencies issue COVID-19 cyber threat update
16 April 2020
A GROWING number of cyber criminals and other malicious groups online are exploiting the COVID-19 outbreak for their own personal gain, security officials in the UK and the USA have revealed. A joint advisory published by the UK’s National Cyber Security Centre (NCSC) and the US Department of Homeland Security (DHS) Cyber Security and Infrastructure Agency (CISA) shows that cyber criminals and advanced persistent threat (APT) groups are targeting individuals and organisations with a range of ransomware and malware.
Examples of scams include e-mails containing malware which appear to have come from the director general of the World Health Organisation and others which claim to offer thermometers and face masks to fight the pandemic. Elsewhere, the security agencies have detected cyber criminals scanning for vulnerabilities in software and remote working tools as more people work from home during the pandemic.
As well as alerting people to the threat, the advisory directs them to the support available to counter it. This includes the NCSC’s own guidance on dealing with suspicious e-mails and working from home securely.
Paul Chichester, director of operations at the NCSC, said: “Malicious cyber actors are adjusting their tactics to exploit the COVID-19 pandemic. The NCSC is working round the clock with its partners to respond. Our advice to the public and organisations alike is to remain vigilant and follow our guidance. They should only use trusted sources of information on the virus such as the UK Government, Public Health England or NHS websites.”
To date, the agencies are not seeing overall levels of cyber crime increase, but they are witnessing a growing use of COVID-19 themes by malicious cyber actors.
Bryan Ware, CISA's assistant director for cyber security, explained: “As the COVID-19 outbreak continues to evolve, bad actors are using these difficult times to exploit and take advantage of the public and members of the business community. Our partnerships with the NCSC and industry have played a critical role in our ability to track these threats and respond. We urge everyone to remain vigilant to these threats, be on the lookout for suspicious e-mails and look to trusted sources for information and updates regarding COVID-19. We're all in this together and, collectively, we can help defend against these threats."
Techniques used by attackers
The techniques used by the attackers deliberately prey on people’s appetite for information and curiosity towards the outbreak, with phishing e-mails and SMS messages using the virus as a lure to trick people into revealing credentials or downloading malicious software.
Phishing attempts often come from what appears to be a trustworthy sender, such as the ‘World Health Organisation’, or with a subject line such as “2019-nCov: Coronavirus outbreak in your city (Emergency)”.
The NCSC and the CISA have also observed criminals scanning for known vulnerabilities in remote working tools and software, which is evidence that they're looking to take advantage of the increase in people working from home. This includes exploitation of the increased use of video conferencing software, where phishing e-mails with attachments naming legitimate video conference providers aim to trick users into downloading malicious files.
It's expected that the frequency and severity of COVID-19 related cyber attacks will increase over the coming weeks and months.
Readers of Security Matters can access the full assessment here, which includes indicators of compromise for detection in addition to guidance for organisations and individuals alike on how to decrease the risk of cyber attacks.