Resources & Publications

23 March 2020

Defending Against COVID-19 Cyber Threats

Cyber-criminals have weaponized ongoing COVID-19 (corona-virus disease) pandemic to targets both individuals and enterprises locally and worldwide. A large number of reported social engineering attacks used COVID-19 aftermath to deliver phishing and malware. Due to restricted movements, people are using more and more online portals to do banking, utility payments, and shopping which are heavily targeted by phishing campaigns. Additionally, the mass implementation of Work From Home has increased the risk of being attacked for enterprise employees. An increase in attacks on enterprise systems was also observed.

Increased Number of Malware Strains & Phishing Attacks

Cyber-criminals have leverage outbreak of COVID-19 as a method of delivering malware and phishing. New strains of old Ransomware and phishing kits were rewritten with using resources of COVID-19. These social engineering attacks are often delivered by Emails, Chat Application and text messages. Such scams and attacks may contain followings, but not limited too.

  • An email with subject COVID-19 related information
  • An email promoting Phishing website appears to a legitimate online portal such as online banking/online shopping cart
  • An email attachment with name of COVID-19 (E.g. COVID-19-new-medicine.zip)
  • Hyperlinks to COVID-19 dashboards and videos (Spread through both emails and Chat messages such as WhatsApp and Viber)

Recommendations Stay Safe from Social Engineering Attacks During COVID-19 Outbreak

  1. Do not click any links on emails. The link location may differ from what it appears to be
  2. Do not click any links on Chat messages (IM) from unknown senders or with unusual descriptions or requests
  3. Use Unique & Strong passwords for all accounts
  4. Use Password Managers and properly secure them
  5. Use Multi-Factor Authentication every possible occasion which often called Two-factor Authentication or Two-Step Verification
  6. Always check for correct URLs multiple times when you do online banking/online shopping and utility bill payments to avoid phishing attacks
  7. Make sure your Antivirus Solution is properly installed and have latest signature updates
  8. Make sure the latest security updates are installed not only for your operating system, but every application installed in your Computer or Mobile Devices.

Increase of Attacks to Enterprise Systems

An increase of attacks on enterprise systems also observed with the outbreak of COVID-19. An increased number of reconnaissance attempts may be an indication that your enterprise IT assets are probed by unwanted actors.

Recommendations for Protect Enterprise Systems During COVID-19 Outbreak

  1. Make sure IPS/IDS functionalities enabled in both perimeter and internal firewalls or other monitoring devices
  2. Make sure IPS/IDS are updated with latest threat signatures
  3. Make sure alerts are generated in an attempt of intrusion and adequate staff is attending to the alert by 24/7
  4. Monitor applications for unusual errors messages which often indicate Business Logic Attacks
  5. Restrict access to external opened systems to only required groups.
  6. If the Work From Home (WFH) required, provide only required systems access adhering to Principle of Least Privilege (PoLP) with data access to Need to Know Basis and Only through VPNs
  7. Make sure any sensitive data is encrypted in both rest and transmitting in any WFH activity
  8. Monitor and log remote access connection strictly
  9. Use Multi-Factor Authentication every possible occasion, especially for remote connection authentication such as for VPNs
  10. Make sure Corporate COVID-19 BCP addressing cyber-security issues

TechCERT strongly advises to stay vigilant for the alerts from your information systems due to the prevailing situation, as there are reports, attackers are using the current window of opportunity to perform cyber attacks. When organizations operate with diverted attention, security-related alerts could be easily missed.

TechCERT is constantly monitoring for possible cyber-attacks and you will be kept informed accordingly.

Read More BACK TO RESOURCES & PUBLICATIONS