Both the United States’ Cybersecurity Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC) are seeing a growing use of COVID-19-related themes by malicious cyber actors. Cyber threat actors are acting as trusted entities, sending out phishing messages or malicious applications. Cybercriminals are using the pandemic for commercial gain, deploying ransomware and other malware. These actors are targeting individual users, small- to medium-size enterprises, and large corporations.
Threats that have been observed are:
- Phishing with the subject of COVID-19 as a lure.
- Malware distribution using COVID-19 themed lures.
- Registration of new domain names containing words that are related to COVID-19.
Attacks against newly deployed remote access and teleworking infrastructure.
What Does A Phishing Email Attempt Look Like?
Most companies run cyber security campaigns to educate employees about phishing attempts and how to avoid them. In fact, there’s a pretty big chance you’ve fallen for one of them! (It’s okay, we’ve all been there.) If you’ve ever seen an email like the one below, you were a potential victim of a cyber attack. Sometimes they may even include attachments for a free download, concert tickets, or other things that may seem too good to be true.
Here’s what to look for to spot a phishing email:
- Authority—Is the sender claiming to be someone official (e.g., the CEO of your firm, a lawyer, or client)?
- Urgency—Are you being told you have limited time to respond?
- Emotion—Does the message make you feel panic, fear, hope, or curiosity?
Scarcity—Is the message offering something in short supply?
Unknown Malware Downloads From Seemingly Reputable Senders
A number of threat actors are also using COVID-19-related lures to deploy malware. NCSC observed various email messages that deploy the “Agent Tesla” keylogger malware. The email appears to be from Dr. Tedros Adhanom Ghebreysesus, Director-General of the World Health Organization (WHO). The campaign offers thermometers and face masks to fight the epidemic and attaches images of the medical products, which contain the malware.
Hospitals and health organizations in the US, Spain, and across Europe have all been recently affected by ransomware incidents through downloads of such malicious files as Remote Access Trojans (RATs), desktop-sharing clients, and ransomware.
New Processes Create New Threat Opportunities
With a large majority of the world now working remotely, many organizations were forced to rapidly deploy new networks, including VPNs and related IT infrastructure to shift their entire workforce to teleworking. More specifically, accounting firms, which don’t usually operate remotely, are among organizations that rapidly shifted their work structure to virtual, leaving many of them vulnerable to these attacks.
Now, client meetings are being held over the phone, through communications platforms such as Zoom, and by email. And in the accounting industry, there are countless pieces of fragile information being passed through teleworking.
Cyber actors are also seeking to exploit the increased use of popular communications platforms such as Zoom, Microsoft Teams, Google Hangouts, and more. They’ve been able to hijack teleconferences and online classrooms without any security controls (i.e., passwords) or with unpatched versions of the communications platform software.
Cybersecurity Tips to Prevent—Or Remedy—Attacks
The NCSC’s suspicious email guidance explains what to do if you’ve already clicked on a potentially malicious email, attachment, or link, including who to contact if your account or devices have been compromised.
Here’s some phishing guidance your accounting firm should be following:
4. Respond quickly to incidents. Don’t just mark the email as SPAM or move it to junk. Report it to your IT department as soon as you spot it.
And when it comes to using communications platforms such as Zoom and Microsoft Teams, keep these tips in mind:
- Make the meetings private by requiring a meeting password, or use the waiting room feature and control the admittance of guests.
- Do not share a link to a meeting on an unrestricted, publicly available social media post.
- Manage screen sharing options by changing them to “Host Only.”
- Ensure users are using the updated version of remote access/meeting apps.
- Ensure telework policies address requirements for physical and information security.
Stay Updated And on High Alert
It doesn’t take a fool to fall for a cyber security attack, as cyber criminals are counting on you to be so swept up with busy-ness of your day that they catch you off-guard. But staying on your toes and knowing how to spot an attempt can save you from compromising important information about your company—and you.
If you’re looking for more resources to help you navigate the COVID-19 era a little easier, check out some of the resources we’ve gathered by clicking below.
Source: “Alert (AA20-099A).” COVID-19 Exploited by Malicious Cyber Actors | CISA, www.us-cert.gov/ncas/alerts/aa20-099a.