• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Jobs
  • Career
    • Cyber Security Training
    • Work from Home
    • Cyber Security Analyst
    • Remote Work – Six Ways to Keep Your Data Safe When Working Remotely
  • Field Guide
  • Newsletter Signup
  • Deals
  • News
AskCyberSecurity.com

AskCyberSecurity.com

Cyber Security News & Information

  • Home
  • Data Privacy
    • Gamers
    • Government Cyber Security
      • Legislation
      • Standards
        • What are the risks of computer security?
        • Medical Cyber Security
    • Social Media
  • Security
    • Data Breaches
    • Scams
    • Malware
  • Software
    • Apps
    • Web Browsers
  • Glossary
    • Cyber Security Acronyms
  • About Ask Cyber Security
    • Authors
    • Contact Us
  • VPN
    • How Do I Know If My VPN is Working?
    • Best Free VPN iPhone
    • Why Use a VPN?
    • NordVPN vs IPVanish
    • Private Internet Access Download
    • Best VPN for Streaming
      • TikTok VPN
    • VPN Porn
    • Computer Security Software – What You Really Need
  • Tutorials
  • ChatGPT
    • Does ChatGPT Save Data?
AskCyber Home » News » Government Cyber Security » DHS and UK Cyber Security Issue Joint Alert on Storm of COVID-19 Themed Cyberattacks

DHS and UK Cyber Security Issue Joint Alert on Storm of COVID-19 Themed Cyberattacks

2020-04-08 by Michelle Dvorak

DHS NCSC Alert COVID-19 Cyberattacks

DHS and UK’s NCSC Warn of Numerous COVID-19 Related Cyberattacks from APT Groups and Other Hackers

It’s a storm of COVID-19 themed cyberattacks. Phishing emails, malicious text messages, malware, spoofed websites, video conferencing app exploits, and VPN vulnerabilities are all in play by hackers trying to exploit COVID-19 fears and the new work-from-home workforce. Every day there is a new variation of COVID-19 cyberattack. As the Coronavirus wears on, hackers are hard at work trying to scam people out of money and data.

The United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC) issued a joint alert concerning numerous cyberattack using COVID-19 themed messaging. Both APT groups and cybercriminals are operating with a growing arsenal of malwares, phishing email campaigns, and conferencing app exploits. The sudden increase in working from home due to COVID-19 and the use of conferencing apps and virtual private networks (VPNs) provides more targets for hackers to exploit.

Both CISA and NCSC are seeing a growing use of COVID-19-related messaging by malicious cyber actors. Individuals, small businesses, medium enterprises, hospitals, and large organizations are all being targeted by hackers. Defense and mitigation advice from DHS and NCSC follow.

The alert states, “To create the impression of authenticity, malicious cyber actors may spoof sender information in an email to make it appear to come from a trustworthy source, such as the World Health Organization (WHO) or an individual with “Dr.” in their title. In several examples, actors send phishing emails that contain links to a fake email login page. Other emails purport to be from an organization’s human resources (HR) department and advise the employee to open the attachment.”

Coronavirus Cyberthreats include, but are not limited to:

  • Phishing emails with COVID-19 messaging
  • Malware attacks using COVID-19 emails impersonating official health agencies or governments
  • Malicious website with coronavirus or COVID-19 themed names
  • Attacks against video conferencing apps, VPNs, and other telecommuting tools

There are two running lists of current threats on GitHub and Reddit

Smartphones are susceptible to these cyberattacks too. A malicious Android app that claims to be a real-time Coronavirus tracker is actually a rogue app that tricks the user into granting admin rights then infects the phone with CovidLock ransomware.

What is an APT Group?

APT Group is short for Advanced Persistent Threat Group. APT groups are organized, professional groups of hackers that work for nation-states. Often these APT groups hack IT networks of major corporations, political organizations, and other governments. APT groups are highly skilled and generally work with a low-and-slow strategy and may steal sensitive data from a target for years before detection. APT groups work to steal money to fund other operations for their sponsoring government or for espionage. Hackers may also impersonate banks or other financial institutions familiar to the target in order to gain trust.

RELATED READS:

  • FBI Reports Rise in Fraud Related to Coronavirus (COVID-19)
  • Saturday Sitrep: Coronavirus and Russian Botnets
  • Chinese Hackers Launch Coronavirus Malware Attacks
  • FormBook Malware Exploits Coronavirus Outbreak Fears

Summary of COVID-19 Related APT Cyberattacks

Currently there are numerous reported phishing emails, malware, and SMS text messages using COVID-19 themed messaging in an attempt to exploit people fears and concerns. Many of the messages are impersonation scams where with phishing emails that purport to be from official agencies, like the World Health Organization (WHO) or US Center for Disease Control (CDC)

COVID-19 Phishing Scams

Both cybersecurity agencies report email phishing campaigns using subject lines with supposed Coronavirus Updates or reports of a confirmed case or outbreak in the recipient’s area. These campaigns are designed to steal sensitive data like account usernames, passwords, or payment card information.

Video Conferencing Apps

The sudden increase in working from home has brought an increase in attacks on conferencing apps and virtual private networks. DHS reports an increase in attacks on Zoom or Microsoft Teams. Hackers send call meeting invitations with spoofed domain names and fake meeting IDS. In other attacks, hacker glean dial in information from unsecured websites and communication and hijack video calls and online classrooms that have been set up without security features like PINS or passwords.

Virtual Private Networks

If that’s not enough, hackers are exploiting known vulnerabilities in Pulse Secure, Fortinet, and Palo Alto virtual private networks (VPN) services. CISA and NCSC both have observed actors scanning for a known vulnerability, CVE-2019-19781, in Citrix which was reported in January 2020.

COVID-19 SMS Phishing Scams

Britain’s NCSC reports that hackers are also using SMS text messages with UK government and stimulus payment themed messaging.

NCSC COVID-19 Phishing Text Message
Image Credit: NCSC COVID-19 Phishing Text Message

Tapping the link in the text message sends the victim to a fake UK government themed website that steals emails, physical addresses, names, and banking information when the user enters the information on the website.

NCSC COVID-19 Phishing Spoof Website
Image Credit: NCSC COVID-19 Phishing Spoof Website

Messaging apps like WhatsApp have also been used to send scam messages.

Credential Phishing

Hackers use the phishing emails and messages to send victims to spoofed websites. These scam websites are designed to look just like banks, government websites, Gmail, or Microsoft email services. The websites may appear legitimate and contain COVID-19 information in an attempt to trick the reader into thinking the website is legitimate.
If the user enters any information such as bank account details, passwords, or other sensitive data it is sent to the hacker.

Malware Attacks

Still other spoof website may download malware to the readers computer or phone. Malwares seen in attacks include Agent Tesla and HawkEye, both of which are keylogger malwares (a type of malware that records all keystroke from the infected device) Email attachments have installed Get2 loader malware which in turn downloads GraceWire Trojan. TrickBot malware has also been observed. According to the alert, “In many cases, Trojans—such as Trickbot or GraceWire—will download further malicious files, such as Remote Access Trojans (RATs), desktop-sharing clients, and ransomware.”

DHS NCSC Alert Phishing Message
Image Credit: DHS NCSC Alert Phishing Message

Typical Phishing Tactics

Beware of emails, texts, messages or websites that use:

  • Authority – COVID-19 phishing emails frequently claim to be from the CDC, WHO, doctors, or agencies to fool the reader into following their directions
  • Urgency – Do you have to act now or face a penalty?
  • Emotion – Does the message incite panic, fear, worry, or other emotion. Beware of threats or false claims
  • Scarcity – Fear of missing out can cause you to act without thinking

Mitigation

These cyberattacks rely the target following instructions in a phishing email – like click on a link or download an email attachment – to further the attack. Phishing emails are worded to frighten the recipient or lure the reader with curiosity.

READ our other posts on economic stimulus payment scams and other details on Coronavirus scams.

  • Be especially cautious with any email or SMS text message that uses subject lines that contain COVID-19-related phrases such as “Coronavirus Update,” “2019-nCov: Coronavirus outbreak in your city (Emergency),” “Stimulus Checks,” “Stimulus Payment,” or “Coronavirus stimulus payment”
  • NEVER click on any links in email from people you don’t know, even if the email claims to be from a doctor or other health organization
  • Do not tap links in apps that may lead to a phishing website
  • Never click on or download email attachments from people you don’t know or if you were not expecting something to be sent to you. Email attachments can be used to send malware, including ransomware

Filed Under: Government Cyber Security

About Michelle Dvorak

Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers


LinkedInTwitterFacebook

Primary Sidebar

Subscribe to Our Free Newsletter

We Don't Share or Sell Your Info

Web Browsers

Where Are My Saved Passwords in Chrome?

Google Removes 70 Malicious Browser Add-ons from Chrome Web Store

Firefox 75 Reports Your Browser Settings to Mozilla

Categories

Cyber Security Field Guide

Computer Security While TravelingGet Our Cyber Security Field Guide - Available on Amazon!

Recent Posts

Security Marketing Manager – Remote

Sr. Associate, Cybersecurity Architect – Pfizer

Strategic Customer Success Manager – Cybersecurity – Opportunity for Working Remotely

Top 20 Passwords Leaked on Dark Web

ISU Cybersecurity Leader Job Opening

Cyber Security News

Top 20 Passwords Leaked on Dark Web

… [Read More...] about Top 20 Passwords Leaked on Dark Web

Apple Warns of Actively Exploited Zero-Day Flaw

… [Read More...] about Apple Warns of Actively Exploited Zero-Day Flaw

IRS Stops Facial Recognition System for Online Access

… [Read More...] about IRS Stops Facial Recognition System for Online Access

National Cybersecurity Alliance Announces Data Privacy Week

… [Read More...] about National Cybersecurity Alliance Announces Data Privacy Week

More Cyber Security News

Tags

amazon Android Apple bitcoin China chrome CISA credit card DarkSide DHS DOJ Equifax Europe Facebook facial recognition FBI Firefox FTC games GDPR Google Government hacker identity theft India iPhone Iran IRS LinkedIn Microsoft North Korea PayPal phishing phishing email ransomware REvil Russia smartphone T-Mobile TikTok tutorial VPN WhatsApp WiFi Windows

Government

CBP Looks to Access Airline Passenger Data

FTC Releases Cyber Threat Video Playlist

Malware Found on US Government Funded Phones

UK NCA Reaches Out to Youth to Deter Cybercrimes

More Posts from this Category

Footer

Menu

  • Home
  • About
  • Authors
  • Newsletter Signup
  • PRIVACY POLICY

Search

Why Use a VPN?

NordVPN vs IPVanish VPN Review

NAVIGATION

  • Data Breaches
  • Data Privacy
  • Gamers
  • Scams
  • Malware

MEMBER NJCCIC

New Jersey Cybersecurity & Communications Integration Cell

STAY CONNECTED

  • Facebook
  • Instagram
  • Pinterest
  • YouTube
  • Twitter
  • RSS

Copyright © 2023 · AskCyberSecurity.com · METRONY, LLC

Go to mobile version