Q2 Security Update: Hackers Never Let a Good Crisis Go to Waste

Concerns over the COVID-19 pandemic are, understandably, distracting your users. Remind them that hackers, on the other hand, are laser-focused on their objectives.

With businesses completely shut down, people working from home, some ordered to stay at home, kids home from school or homeschooling, friends and family falling ill and people wondering when the COVID-19 pandemic will end, there’s a lot that can distract users from following cybersecurity best practices. Unfortunately, this hasn’t escaped hackers’ attention, and they’re doing all that they can to take advantage of it.

Touch base with your clients and share this information to remind them not to let their guards down.

Cybercriminals Capitalize on the Vulnerable During the Coronavirus Crisis

The U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the UK’s National Cyber Security Centre (NCSC), issued an alert on April 8, 2020, warning of cyberattacks related to the coronavirus crisis.

The agencies report at the same time more people are working remotely, and criminals are ramping up attacks with COVID-19 themes. The alert provides a summary of attacks that you and your customers should stay alert to:

  • Phishing attacks using coronavirus-related content, targeted and specific, using information that makes them look like known or official sources
  • SMS phishing using texts to try to get banking or contact information
  • Malware delivered using COVID-19-themed emails, offers, apps or websites
  • Attacks targeting new remote access and teleworking infrastructure.

Action Items

Review and share this guidance available from CISA and NCSC:

CovidLock Ransomware Emerges

DomainTools reports that after COVID-19 cases began to spread, more people claimed domain names that had different versions of “coronavirus” or “COVID” in them. In mid-March, DomainTools reported this activity peaked, and many of the domain names were linked to scams. The company’s security team began investigating these domains and found that (coronavirusapp[.]site) is offering a “real-time coronavirus outbreak tracker” available through an Android app download.

When users download the app, it deploys Android ransomware dubbed “CovidLock.” The malware encrypts users’ phones and gives them 48 hours to pay $100 in bitcoin. The encryption warning also states, “Your GPS is watched and your location is known. If you try anything stupid, your phone will be automatically erased.”

Action Items:

  • Android Nougat has protection against this type of attack, but it only works if the user has set a password.
  • DomainTools reminds users to only use trusted sources for health information and to not allow fear to overcome phishing prevention best practices.
  • Only download Android applications from the Google Play store.
  • Follow DomainTools for decryption keys and technical details.

Microsoft AccountGuard Is Free to Healthcare Providers on COVID-19 Front Lines

If you work with healthcare providers, make sure they know they can take advantage of Microsoft AccountGuard for Healthcare to protect themselves from cyberthreats during the coronavirus crisis. Hospitals, clinics, labs, clinicians and life sciences and medical device companies researching and developing treatments are invited to take advantage of this offer.

The service includes notification of threats to their Office 365 accounts, recommendations for remediations if there is a compromise, support from Microsoft’s team, and access to numerous resources.

Action Items:

  • Check with Microsoft for eligibility for this free service.

Don’t Take Your Eye Off the Ball

While the COVID-19 coronavirus monopolizes attention, it’s also important not to overlook other newly discovered vulnerabilities and threats. Make sure you address these risks as well:

For more security news and insights, visit XaaS Journal’s Security as a Service resource page.