The following information was sent by the US Department of Homeland Security:
This is a joint alert from the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC).
APT groups are using the COVID-19 pandemic as part of their cyber operations. These cyber threat actors will often masquerade as trusted entities. Their activity includes using coronavirus-themed phishing messages or malicious applications, often masquerading as trusted entities that may have been previously compromised. Their goals and targets are consistent with long-standing priorities such as espionage and “hack-and-leak” operations.
Cybercriminals are using the pandemic for commercial gain, deploying a variety of ransomware and other malware.
Both APT groups and cybercriminals are likely to continue to exploit the COVID-19 pandemic over the coming weeks and months. Threats observed include:
Malicious cyber actors rely on basic social engineering methods to entice a user to carry out a specific action. These actors are taking advantage of human traits such as curiosity and concern around the coronavirus pandemic in order to persuade potential victims to:
To create the impression of authenticity, malicious cyber actors may spoof sender information in an email to make it appear to come from a trustworthy source, such as the World Health Organization (WHO) or an individual with “Dr.” in their title. In several examples, actors send phishing emails that contain links to a fake email login page. Other emails purport to be from an organization’s human resources (HR) department and advise the employee to open the attachment.
Malicious file attachments containing malware payloads may be named with coronavirus- or COVID-19-related themes, such as “President discusses budget savings due to coronavirus with Cabinet.rtf.”
For more information on the specific attacks seen and to be on the lookout for these attacks, visit the US Cert government site. The link directly to the bulletin is at the address below (change hxxps to https, [dot] to . when copying or typing the URL in your browser):
If you receive a suspicious email and think it might be a phish – raise the alarm. Click the REPORT PHISH button in your Outlook client. Thanks and be well,
Cheryl O’Dell, MBA, CISSP, GCFE
Incident Response Manager
Cybersecurity & Identity|ITS|
501 127H, 68588-0203
University of Nebraska |nebraska.edu