Covid-19 and the evolving cyberthreat landscape
The World Health Organisation has categorised the Coronavirus (Covid-19) as a pandemic and it is changing the lives of everyone across the world. While the U.K. government announced on Monday that people should work from home many organisations, Telesoft Technologies included, had already started putting plans in place and taking action to adapt their networks and infrastructure so that their employees are able to work from home. This enforced digital transformation doesn’t come without risks though. As organisations try to rapidly enable their staff to remain working, it can be easy to lose sight of the importance of system and network security and simply focus on usability and accessibility.
Chart showing the global impact of Coronavirus cases and deaths, taken from https://experience.arcgis.com/experience/685d0ace521648f8a5beeeee1b9125cd [Last updated 17th March 2020.]
In the words of Albert Einstein, “In the middle of difficulty, lies opportunity,” and there will always be people, organisations and governments that will take advantage in challenging circumstances like those we face today. Indeed malicious groups have already launched attacks to leverage the Covid-19 pandemic, including alleged state-sponsored attacks . While focus will understandably be on saving lives and adapting to the significant changes in our daily lives, we need to ensure that cybersecurity remains a priority and is part of this process.
Cyber Threat Timeline
- Certain Ransomware groups, such as DoppelPaymer and Maze, have said that they won’t target healthcare organisations during the Covid-19 pandemic 
- Malicious attacks are being reported to target the areas worst hit by Covid-19 as reported in both Italy and three U.S. states  
- Pakastani-linked APT36 has been using a decoy health advisory to spread the Crimson RAT off the back of Coronavirus 
- Cyber attack on U.S. Health and Human Services department computer systems to cause disruption and spread of disinformation 
- DDoS attack on Shanghai company Worldometer which charts details of the Coronavirus cases around the world and a further attack that caused the site to show incorrect data 
- Phishing campaigns delivering malware while posing as Healthcare and Government organisations providing advice about Covid-19 
- World Health Organisation issue advise over Phishing communications 
- Coronavirus malicious e-mails identified as being used to spread infection through the Emotet Trojan 
Cybercriminals have been quick to act on the Covid-19 pandemic. In this section, we will be maintaining a timeline of real-news events for Covid-19 from a cybersecurity perspective and keeping this updated as the cyber threat landscape evolves. If you believe we’ve missed something please contact ___________ to help us keep this up-to-date.
Many organisations, Telesoft included, have transitioned to remote working over the past week, and schools closing in the U.K. from today there has been a widely reported increase in network traffic. As the amount of data flowing through the network increases so too does the threat surface which malicious groups can exploit. Furthermore, as organisations have rushed to enable their employees to work from home at short notice they should ensure that they have adequate security measures in place to protect against cyber threats.
There are reports that cyber-attacks are being targeted at the areas hardest hit by the Covid-19. For example, in Italy there have been reports of a sharp rise in Phishing attacks targeting remote workers at companies with higher instances of the virus and also weaponised e-mail attacks looking to exploit weaker e-mail security on workers personal devices than they may have on their work device. The FBI has also warned of a significant spike in scams relating to the Coronavirus targeting three U.S. states with the highest Covid-19 infection rates.
In the U.K. the government has taken rapid action this week that will lead to a large number of people remaining at home. Networks have the capacity to cope with these changes but the increased traffic does create more noise that will make it more difficult to detect cyber threats. It’s thus crucially important network providers have tools that can handle these data volumes at speed to identify malicious activity within the network flow.
We will almost certainly see more Phishing attempts and DDoS attacks around the world over the coming weeks and the Healthcare sector and Government Agencies will continue to be targets for malicious groups looking to take advantage of the pandemic to encourage disruption and the spread of disinformation. Governments will need to be rational and take an evidence-based approach to prevent suggestion of foreign-state action escalating tensions between nations.
The Covid-19 pandemic is going to have a huge impact on everyone’s lives and drive us into a more digital and technology-connected world. As we are being reminded to protect ourselves and others by taking care of our personal hygiene we should also do the same for our digital hygiene to protect against the growing cyber threat landscape.
- Dealing with Phishing E-mails: https://www.ncsc.gov.uk/guidance/suspicious-email-actions
- Mitigating Malware and Ransomware Attacks: https://www.ncsc.gov.uk/guidance/mitigating-malware-and-ransomware-attacks
- All Guidance: https://www.ncsc.gov.uk/section/advice-guidance/all-topics