Check out all of our upcoming events

Blog

Latest cybersecurity news, insights and commentary by Telesoft engineers and specialists

Covid-19 and the evolving cyberthreat landscape

Written by Robert Fitzsimons on Monday, 23 March 2020. Posted in Cyber

The World Health Organisation has categorised the Coronavirus (Covid-19) as a pandemic and it is changing the lives of everyone across the world. While the U.K. government announced on Monday that people should work from home many organisations, Telesoft Technologies included, had already started putting plans in place and taking action to adapt their networks and infrastructure so that their employees are able to work from home. This enforced digital transformation doesn’t come without risks though. As organisations try to rapidly enable their staff to remain working, it can be easy to lose sight of the importance of system and network security and simply focus on usability and accessibility.

covid 19 cyber timeline iamge

Chart showing the global impact of Coronavirus cases and deaths, taken from https://experience.arcgis.com/experience/685d0ace521648f8a5beeeee1b9125cd [Last updated 17th March 2020.]

In the words of Albert Einstein, “In the middle of difficulty, lies opportunity,” and there will always be people, organisations and governments that will take advantage in challenging circumstances like those we face today. Indeed malicious groups have already launched attacks to leverage the Covid-19 pandemic, including alleged state-sponsored attacks [5]. While focus will understandably be on saving lives and adapting to the significant changes in our daily lives, we need to ensure that cybersecurity remains a priority and is part of this process.

Cyber Threat Timeline

MARCH 2020

  • Certain Ransomware groups, such as DoppelPaymer and Maze, have said that they won’t target healthcare organisations during the Covid-19 pandemic [9]
  • Malicious attacks are being reported to target the areas worst hit by Covid-19 as reported in both Italy and three U.S. states [7] [8]
  • Pakastani-linked APT36 has been using a decoy health advisory to spread the Crimson RAT off the back of Coronavirus [6]
  • Cyber attack on U.S. Health and Human Services department computer systems to cause disruption and spread of disinformation [5]
  • DDoS attack on Shanghai company Worldometer which charts details of the Coronavirus cases around the world and a further attack that caused the site to show incorrect data [4]
  • Phishing campaigns delivering malware while posing as Healthcare and Government organisations providing advice about Covid-19 [3]

 

FEBRUARY 2020

  • World Health Organisation issue advise over Phishing communications [2]
  • Coronavirus malicious e-mails identified as being used to spread infection through the Emotet Trojan [1]

Cybercriminals have been quick to act on the Covid-19 pandemic. In this section, we will be maintaining a timeline of real-news events for Covid-19 from a cybersecurity perspective and keeping this updated as the cyber threat landscape evolves. If you believe we’ve missed something please contact ___________ to help us keep this up-to-date.

Updates

23/03/2020

Many organisations, Telesoft included, have transitioned to remote working over the past week, and schools closing in the U.K. from today there has been a widely reported increase in network traffic. As the amount of data flowing through the network increases so too does the threat surface which malicious groups can exploit. Furthermore, as organisations have rushed to enable their employees to work from home at short notice they should ensure that they have adequate security measures in place to protect against cyber threats.

There are reports that cyber-attacks are being targeted at the areas hardest hit by the Covid-19. For example, in Italy there have been reports of a sharp rise in Phishing attacks targeting remote workers at companies with higher instances of the virus and also weaponised e-mail attacks looking to exploit weaker e-mail security on workers personal devices than they may have on their work device. The FBI has also warned of a significant spike in scams relating to the Coronavirus targeting three U.S. states with the highest Covid-19 infection rates.

18/03/2020 

In the U.K. the government has taken rapid action this week that will lead to a large number of people remaining at home. Networks have the capacity to cope with these changes but the increased traffic does create more noise that will make it more difficult to detect cyber threats.  It’s thus crucially important network providers have tools that can handle these data volumes at speed to identify malicious activity within the network flow.

We will almost certainly see more Phishing attempts and DDoS attacks around the world over the coming weeks and the Healthcare sector and Government Agencies will continue to be targets for malicious groups looking to take advantage of the pandemic to encourage disruption and the spread of disinformation. Governments will need to be rational and take an evidence-based approach to prevent suggestion of foreign-state action escalating tensions between nations. 

The Covid-19 pandemic is going to have a huge impact on everyone’s lives and drive us into a more digital and technology-connected world. As we are being reminded to protect ourselves and others by taking care of our personal hygiene we should also do the same for our digital hygiene to protect against the growing cyber threat landscape.

NCSC guidance:

References

[1] https://securityintelligence.com/posts/emotet-activity-rises-as-it-uses-coronavirus-scare-to-infect-targets-in-japan/

[2] https://www.who.int/about/communications/cyber-security

[3] https://www.bbc.co.uk/news/technology-51838468

[4] https://www.republicworld.com/technology-news/other-tech-news/attempts-to-hack-website-publishing-coronavirus-statistics.html

[5] https://www.bloomberg.com/news/articles/2020-03-16/u-s-health-agency-suffers-cyber-attack-during-covid-19-response?sref=BWbpWjRm

[6] https://threatpost.com/apt36-taps-coronavirus-as-golden-opportunity-to-spread-crimson-rat/153776/

[7] https://www.forbes.com/sites/daveywinder/2020/03/21/fbi-coronavirus-warning-significant-spike-in-covid-19-scams-targeting-these-three-states/#2b16e4c543ee

[8] https://www.intelligentcio.com/eu/2020/03/23/rise-in-cyberattacks-in-italy-prove-covid-19-is-impacting-cybersecurity/

[9] https://www.forbes.com/sites/daveywinder/2020/03/19/coronavirus-pandemic-self-preservation-not-altruism-behind-no-more-healthcare-cyber-attacks-during-covid-19-crisis-promise/#414cd81d252b

About the Author

Robert Fitzsimons

Robert Fitzsimons

Rob is a Field Applications Engineer with a background in Military Intelligence who recently completed his BSc (Hons) Intelligence and Cyber Security degree.

Information cookies

Cookies are short reports that are sent and stored on the hard drive of the user's computer through your browser when it connects to a web. Cookies can be used to collect and store user data while connected to provide you the requested services and sometimes tend not to keep. Cookies can be themselves or others.

There are several types of cookies:

  • Technical cookies that facilitate user navigation and use of the various options or services offered by the web as identify the session, allow access to certain areas, facilitate orders, purchases, filling out forms, registration, security, facilitating functionalities (videos, social networks, etc..).
  • Customization cookies that allow users to access services according to their preferences (language, browser, configuration, etc..).
  • Analytical cookies which allow anonymous analysis of the behavior of web users and allow to measure user activity and develop navigation profiles in order to improve the websites.

So when you access our website, in compliance with Article 22 of Law 34/2002 of the Information Society Services, in the analytical cookies treatment, we have requested your consent to their use. All of this is to improve our services. We use Google Analytics to collect anonymous statistical information such as the number of visitors to our site. Cookies added by Google Analytics are governed by the privacy policies of Google Analytics. If you want you can disable cookies from Google Analytics.

However, please note that you can enable or disable cookies by following the instructions of your browser.