Beware: Cyberattacks Targeting Victims Worldwide and Capitalizing on COVID-19 Panic

By: HITACHI SECURITY SYSTEMS

Malicious actors are quick to take advantage of high-profile events, particularly those that cause worry and concern. The Canadian Centre for Cybersecurity has seen an increase in reports of malicious actors using the Coronavirus (COVID-19) in phishing campaigns and malware scams. The Cybersecurity and Infrastructure Security Agency (CISA) is urging individuals to remain vigilant for scams related to COVID-19.

What is happening?

Cyber actors are sending emails with malicious attachments or links to fraudulent websites to trick users into revealing sensitive information or donating to fraudulent charities or causes. Below a sample email.

Another known case: The Johns Hopkins University’s Interactive tool tracking COVID-19 is being used in malicious Web sites (and possibly spam emails) to spread password-stealing malware.

Recommendations

Technical measures to consider:

Block any source/destination IP/domains on your perimeter Firewalls that are not in use or known malicious for COVID-19 attacks
Block file extensions such as: mp3, mp4, AVI, pdf, etc. on your email gateways and only allow docx, XLS, and ppt* extensions
Block any access to Web application processing data (Layer 7) if the referral URL is from a non trusted domain
Develop a security policy that includes but isn’t limited to password expiration and complexity.
Deploy a SPAM filter that detects viruses, blank senders, etc.
Convert HTML email into text only email messages or disable HTML email messages
Require encryption for employees that are telecommuting
Use well known proxy server to block and monitor user data input on webpages
Label emails from outside the organization
Implement single sign-in to make sure employees do not have to enter credentials multiple times
Monitor all DNS requests related to known bad IPs and look for beacon activity
Configure your Endpoint Detection and Antivirus solutions to digest data from any Indicators of Compromise (IOC) coming from reputed threat intelligence
Raise the threshold in your DDoS protection solution to higher thresholds then usual for external access domains, IP addresses and Websites
Identify, prioritize and protect your customer or employee confidential data and make sure adequate safeguards are in place minimizing impact to data exfiltration
Perform regular patch management
Ensure that your Endpoint protection solutions, Intrusion Detection and Prevention systems are up-to-date and operational
Conduct training sessions with mock phishing scenarios
Review your Incident Response Plan to make sure Business Continuity and Disaster Recovery Plans are up-to-date and effective
Prepare an awareness training for employees to be more conscious in their daily operations

Measures to be taken by your employees:

Make sure the address or attachment is relevant to the content of the email
Make sure you know the sender of an email and it has a valid domain name, especially when you are not expecting an attachment
Look for typos inside the email as well as in sender’s email
Use anti-virus or anti-malware software on computers
Be extra cautious if the email tone is urgent
Re-check the URL before opening a webpage and use trusted URL’s
Do not enter any credentials in any webpages that are not related to your organization

Should you require assistance

Reviewing or developing a Business Continuity Plan to take you through the COVID-19 pandemic as it relates to your cybersecurity approach
Reviewing the security for remote connections or remote work (example doing some quick infrastructure technical testing against your VPN infrastructure and quickly assessing your cloud infrastructure if you are using Office 365
Providing guidance or security awareness training for remote workers
Reviewing or developing an Incident Response Plan to address cyber attacks specifically geared to teleworking scenarios

Source: Hitachi Security Systems