US and UK Issue Joint Advisory on COVID-19-Related Cyber Attacks
The US Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) and the UK's National Cyber Security Centre (NCSC) have issued a joint advisory warning of an increasing volume of cyberattacks exploiting the spread of COVID-19. Cybercriminals have been sending phishing emails that pretend to come from the World Health Organization, or claim to be offering medical equipment.
The joint advisory covers 4 vectors of observed attacks taking advantage of the current coronavirus situation: (1) Phishing; (2) Targeted Malware; (3) Registration of phony domain names; and (4) Attacks against VPNs, RDP and remote access in general. There are individual news items in this issue of Newsbites on each area with more detailed comments, but the overall theme should be: crank security up a notch - now is the time to risk more false positives until your organization's work and IT processes/temporary architectures have stabilized. SANS continues to add resources to the free Security Work-From-Home Awareness Deployment kit at https://www.sans.org/security-awareness-training/sans-security-awareness-work-home-deployment-kit and there are daily webcasts on the topic at https://www.sans.org/webcasts/: Webcasts
The CISA bulletin includes fairly comprehensive lists of attacks seen, IOCs, mitigations as well as resources to help mitigate the risks of COVID-19 related malfeasance.
Read more in
Fifth Domain: DHS cybersecurity agency warns of coronavirus phishing attacks
Cyberscoop: U.S., U.K. authorities warn of state-linked and criminal hacking exploiting coronavirus pandemic
ZDNet: Hackers are scanning for vulnerable VPNs in order to launch attacks against remote workers
US-CERT: COVID-19 Exploited by Malicious Cyber Actors