Beware: Cyberattacks Targeting Victims Worldwide and Capitalizing on COVID-19 Panic
By: HITACHI SECURITY SYSTEMS
Malicious actors are quick to take advantage of high-profile events, particularly those that cause worry and concern. The Canadian Centre for Cybersecurity has seen an increase in reports of malicious actors using the Coronavirus (COVID-19) in phishing campaigns and malware scams. The Cybersecurity and Infrastructure Security Agency (CISA) is urging individuals to remain vigilant for scams related to COVID-19.
What is happening?
Cyber actors are sending emails with malicious attachments or links to fraudulent websites to trick users into revealing sensitive information or donating to fraudulent charities or causes. Below a sample email.
Another known case: The Johns Hopkins University’s Interactive tool tracking COVID-19 is being used in malicious Web sites (and possibly spam emails) to spread password-stealing malware.
Recommendations
Technical measures to consider:
- Block any source/destination IP/domains on your perimeter Firewalls that are not in use or known malicious for COVID-19 attacks
- Block file extensions such as: mp3, mp4, AVI, pdf, etc. on your email gateways and only allow docx, XLS, and ppt* extensions
- Block any access to Web application processing data (Layer 7) if the referral URL is from a non trusted domain
- Develop a security policy that includes but isn’t limited to password expiration and complexity.
- Deploy a SPAM filter that detects viruses, blank senders, etc.
- Convert HTML email into text only email messages or disable HTML email messages
- Require encryption for employees that are telecommuting
- Use well known proxy server to block and monitor user data input on webpages
- Label emails from outside the organization
- Implement single sign-in to make sure employees do not have to enter credentials multiple times
- Monitor all DNS requests related to known bad IPs and look for beacon activity
- Configure your Endpoint Detection and Antivirus solutions to digest data from any Indicators of Compromise (IOC) coming from reputed threat intelligence
- Raise the threshold in your DDoS protection solution to higher thresholds then usual for external access domains, IP addresses and Websites
- Identify, prioritize and protect your customer or employee confidential data and make sure adequate safeguards are in place minimizing impact to data exfiltration
- Perform regular patch management
Ensure that your Endpoint protection solutions, Intrusion Detection and Prevention systems are up-to-date and operational - Conduct training sessions with mock phishing scenarios
- Review your Incident Response Plan to make sure Business Continuity and Disaster Recovery Plans are up-to-date and effective
- Prepare an awareness training for employees to be more conscious in their daily operations
Measures to be taken by your employees:
- Make sure the address or attachment is relevant to the content of the email
- Make sure you know the sender of an email and it has a valid domain name, especially when you are not expecting an attachment
- Look for typos inside the email as well as in sender’s email
- Use anti-virus or anti-malware software on computers
- Be extra cautious if the email tone is urgent
- Re-check the URL before opening a webpage and use trusted URL’s
- Do not enter any credentials in any webpages that are not related to your organization
Should you require assistance
- Reviewing or developing a Business Continuity Plan to take you through the COVID-19 pandemic as it relates to your cybersecurity approach
- Reviewing the security for remote connections or remote work (example doing some quick infrastructure technical testing against your VPN infrastructure and quickly assessing your cloud infrastructure if you are using Office 365
- Providing guidance or security awareness training for remote workers
- Reviewing or developing an Incident Response Plan to address cyber attacks specifically geared to teleworking scenarios
Source: Hitachi Security Systems