top of page
  • Writer's pictureJoshua Duvall

CISA Issues COVID-19 Cyber Threat Update (and US-CERT Alert)

Today, the U.S. Cybersecurity and Infrastructure Security Agency ("CISA") published a joint advisory with the UK’s National Cyber Security Centre ("NCSC") in light of cybercriminals exploiting the COVID-19 pandemic by targeting individuals and organizations with a range of ransomware and malware.

According to the joint advisory, some examples include scams with "emails containing malware which appear to have come from the Director-General of the World Health Organization (WHO), and others which claim to offer thermometers and face masks to fight the pandemic."

In addition, the advisory notes that:

  • The techniques used by attackers prey on people’s appetite for information and curiosity towards the outbreak, with phishing emails and SMS messages using the virus as a lure to trick people into revealing credentials or downloading malicious software.

  • Phishing attempts often come from what appears to be a trustworthy sender, such as the ‘World Health Organization’, or with a subject line such as “2019-nCov: Coronavirus outbreak in your city (Emergency)”.

Experts at CISA and NCSC expect that the both the frequency and severity of COVID-19 cyberattacks will continue to increase over the next couple of weeks and months.

CISA also included an assessment from US-CERT (AA20-099A) on COVID-19 cyberattacks, including indicators of compromise ("IOCs") for detection, and guidance for organizations and individuals on how to decrease the risk of cyberattacks.

According to the US-CERT Alert, some of the attacks being used are:

  • Phishing, using the subject of coronavirus or COVID-19 as a lure,

  • Malware distribution, using coronavirus- or COVID-19- themed lures,

  • Registration of new domain names containing wording related to coronavirus or COVID-19, and

  • Attacks against newly—and often rapidly—deployed remote access and teleworking infrastructure.

. . .

Thanks for subscribing!

bottom of page