By: Deborah A. Cmielewski
The United States Department of Homeland Security Cybersecurity and Infrastructure Security Agency (“CISA”) and the United Kingdom National Cyber Security Centre (“NCSC”) have issued a joint alert, AA20-0099A, warning of cyber threats related to the COVID-19 global pandemic. Despite the tragic circumstances surrounding the pandemic, cybercriminals have persisted in their efforts to lodge new phishing schemes and to exploit teleworking arrangements against individuals and businesses struggling to remain afloat.

CISA and NCSC have warned that cybercriminals are masquerading as trusted entities in an effort to exploit the curiosity and concern of the unsuspecting public. Current threats include phishing schemes that use COVID-19 as a lure; malware distribution, using coronavirus or COVID-19-themed lures; registration of domain names containing coronavirus or COVID-19 wording; and attacks against newly-instituted remote access and teleworking infrastructures.

In some of the recent campaigns, phishing e-mails appear to have originated from dependable sources (like individuals with “Dr.” in their titles and trusted groups, such the World Health Organization).  E-mails include links to fake login pages and malicious attachments. Other schemes have included links and apps that lead to phishing websites (such as a purported COVID-19 outbreak tracker and emergency notification of a COVID-19 outbreak in the user’s city), which lead to the deployment of ransomware on a user’s device or require the user to insert credit card and other personal information into a malicious website.  Other schemes include e-mail messages that offer thermometers and face masks to fight the pandemic, where images of the medical products contain a loader for malware. 

In addition to e-mail campaigns, CISA and NCSC have become aware of pandemic-related phishing attacks using text messages (“SMS”).  CISA and NCSC point out that SMS attacks have historically used financial incentives, such as tax rebates, as their lure.  Cybercriminals have continued using a financial theme, baiting recipients to provide banking information with promises of government stimulus packages in light of the pandemic.

Likewise, cybercriminals have taken advantage of the rapid shift of workforces to telework arrangements.  While many workforces were ill-equipped to implement immediate across-the-board teleworking, cybercriminals have exploited vulnerabilities in virtual private networks (VPNs) and other remote working tools and software.  Moreover, they have begun to hijack vulnerable teleconferencing platforms and online classrooms established without security controls or with unpatched versions of communications platform software.   

Cybercriminals are becoming increasingly more creative during the pandemic, while individuals and businesses struggle to remain afloat.  Criminals are targeting victims of all sizes and shapes.  Individuals and businesses must remain vigilant in their efforts to safeguard their networks and to educate their staffs in these challenging times.

For more information, contact Deborah A. Cmielewski, Esq. at dac@spsk.com or 973-540-7327.