Cyber criminals are exploiting the COVID-19 pandemic for commercial gain using a variety of ransomware and phishing attacks. The CISA issued an activity alert titled COVID-19 Exploited by Malicious Cyber Actors. According to the alert, the most common threats include:
- Phishing, using the subject of coronavirus or COVID-19 as a lure
- Malware distribution, using coronavirus or coronavirus-themed lures
- Registration of new domain names containing wording related to coronavirus or COVID-19
- Attacks against deployed remote access and teleworking infrastructure.
These attacks rely on basic social engineering methods to entice a person to carry out a specific action. C Spire CISO Conrad Bell warns that the cyber criminals are taking advantage of curiosity and concern around the COVID-19 pandemic. He points to the CISA alert's warning, saying that the criminals want victims to:
- Click on a link or download an app that may lead to a phishing website, or the downloading of malware, including ransomware.
For example, a seemingly informative Android app claims to provide a real-time coronavirus outbreak tracker but instead attempts to trick the user into providing administrative access to install "CovidLock" ransomware on their device.
Open a file (such as an email attachment) that contains malware.
For example, email subject lines contain COVID-19 phrases such as “Coronavirus Update” or “2019-nCov: Coronavirus outbreak in your city (Emergency)”
The CISA alter says that, in order to create an impression of authenticity, cyber criminals may spoof sender information in an email to make it appear as if it came from a trustworthy source, such as the World Health Organization (WHO), an individual with “Dr.” in their title, or even an executive from within your company leadership team.
Conrad says the first line of defense against phishing is to be aware and cautious. If you receive a suspected phishing email message, here’s what to do:
- Do not respond to it, Report it to your IT Team, and delete it.
- Approach links in email messages with caution.
- Approach images in e-mail with caution.
- Approach attachments in email messages with caution
- Don't trust offers that seem too good to be true.
- Don't share personal or financial information
READ NEXT: Learn how to spot a phishing attack.