CYBERCRIMINALS TAKE ADVANTAGE OF COVID-19 CONCERNS TO SPREAD MALWARE AND FALSE INFORMATION

MONDAY, MARCH 16, 2020 AS OF 4:00 PM EST

With the large increase in the number of confirmed cases since March 13, many nations are tightening social distancing requirements. The number of confirmed cases world-wide is approximately 179,000, with the number of cases in the United States (US) growing from 1,200 to 4,100 over the weekend. The Centers for Disease Control (CDC) released a statement recommending that the US postpone or cancel in-person events of 50 people or more, including conferences, festivals, weddings, sporting events, and concerts, to encourage social distancing in the next 8 weeks. States across the US have drastically escalated their efforts to curb the spread of COVID-19. California, Connecticut, Illinois, Massachetts, New York, New Jersey, Ohio, and Washington are among states that have placed restrictions on night-life, restaurants, and entertainment venues.

CDC Guidance on Social Distancing: Source

Amidst its coordinated response to COVID-19, on March 15, the US Health and Human Services Department (HSS) experienced a cyberattack. The cybercriminals intended to leak false information about a national lockdown to incite mass hysteria. While no data is reported missing at this time, cyberactivity surrounding COVID-19 continues to escalate.

With COVID-19 response operations escalating, individuals, communities, and businesses are increasingly seeking out information about the virus. Cybersecurity experts have observed an emergence of cyberactivity, using malicious URLs and email phishing campaigns to exploit fears of COVID-19 and gain valuable health and financial information from their victims.

Graphical User Interface: Source

Reports have surfaced that a group of cybercriminals has initiated a multi-stage phishing email campaign, claiming to be from public health agencies (i.e., CDC), which first offers health-based weblinks to learn more about the localized COVID-19 threat. The secondary component of this phishing campaign instructs victims to download malicious email attachments, allowing malware access to the recipient’s device and exposing their data.

Reports from Check Point, a technology security firm, have shown that, “since January 2020, there have been over 4,000 coronavirus-related domains registered globally.” Out of these websites, “3% were found to be malicious and an additional 5% are suspicious.” Suspicious domains often have abnormal or uncommon domain names, and could potentially be used to manually or automatically download malware when accessed. Malicious domains are those that actively download malware when accessed. Therefore, “Coronavirus- related domains are 50% more likely to be malicious than other domains registered at the same period,” according to reports. The hacker group orchestrating these cyberattacks may be targeting countries like Mongolia, Italy, Japan, and the US and is slowly turning their efforts into a global offensive campaign. These cyberattacks threaten individual data security and can pose a particular risk to staff of private and public sector entities whose devices may allow access into a larger network, increasing their vulnerability to phishing and malware.

As individuals strive to remain informed about COVID-19, there are steps that can be taken to reduce the risk of becoming victims of a phishing attack, including:

• Check that the email address and domain name of the sender is correct. The address and/or domain name should match or have similar spelling.
• Verify the authenticity of URLs and email attachments before clicking on them.
• Look for spelling errors in the URL or look up the URL independently to confirm it’s correct.
• Be cautious of emails that request personal data or an urgent action, such as purchasing gift cards.
• Ensure that you or your organization maintain updated antivirus software.
• If your organization has a business continuity plan (BCP) or continuity of operations (COOP) plan, review it and understand your role in it.

Public and private entities should exercise caution when interacting with documents and websites centered around COVID-19 and be aware of their risk. Hagerty has the experience and expertise to support organizations in cybersecurity preparedness efforts, as well as pandemic planning, business continuity, and continuity of operations. We stand ready to help with your organization’s planning, training, and exercise needs to enhance cybersecurity and emergency response strategies in the midst of the evolving COVID-19 situation. To learn more about Hagerty’s cybersecurity service line, contact development@hagertyconsulting.com or visit our cybersecurity microsite and use our free Cybersecurity Assessment Tool to evaluate your capabilities.

STAY UPDATED AND LEARN MORE HERE:

• John Hopkins University’s Coronavirus COVID-19 Global Cases Map
• 2019 Novel Coronavirus Situation Updates by CDC
• World Health Organization Coronavirus Information
• Hagerty Consulting Quarantine and Isolation Workshops

 Keep track of Hagerty’s Incident coverage here:

DISASTER DISCOURSE CORONAVIRUS UPDATES