A global challenge exists with COVID-19 impacting a number of areas. Cyberspace is no different. Where most seek solutions to mitigate or resolve the crisis, others see opportunity.
Cyberspace actors are quick to spread malware and launch attacks, attempting to capitalise on the public’s need for information during the coronavirus outbreak.
Current teleworking limitations present a challenge accessing information securely, extending to several NATO and Allied Command Operations (ACO) Headquarters across Europe and in the United States. There is a clear need for guidance to help educate personnel on working from home safely.
There is no limit on the creativity of hostile actors to exploit any given crisis. Threat actors attempt to gain the trust of victims using branding associated with familiar names, such as the U.S. Centre for Disease Control and Prevention (CDC), the World Health Organization (WHO) and FedEx., as well as country-specific health agencies. In these situations, users are usually directed to malicious sites or drawn to fake online information sources.
The number of newly registered domains related to coronavirus has increased since the outbreak has become more widespread, with threat actors creating infrastructure to support malicious campaigns referring to COVID-19. Spear phishing remains a popular choice of hostile cyberspace actors due to its relative simplicity and need for a low ‘hit’ rate to achieve a high yield and multiple COVID-19 related phishing mails have been seen since the start of the outbreak.
Less likely to impact the user while at work, the actor’s efforts are not limited to emails and websites as several reports of successful telephone scams, seeking donations or disclosure of personal data, have been reported.
While most of these activities are financially motivated, they can target ubiquitously and the COVID-19 situation, combined with organisations actions, has created a potentially softer target. It is highly likely that COVID-19 themed cyberspace activity will increase in the short term, both in terms of volume and sophistication, with a particular focus on those personnel forced to work from home using processes and equipment less familiar to them.
Threat actors will continue to exploit public interest in the ongoing outbreak though conspiracy theories related to future or unreleased vaccinations or alternate protection practices.
Personal vigilance must be maintained against any form of social engineering attempts and the rotational and teleworking mitigation measures introduced pose their own challenges. Personnel working from home must rigorously follow information security policy. They must be aware of how to identify a spear phishing email and be more cautious than before, particularly when the subject relates to COVID-19.
When checking for information updates, use trusted sources, validate information shared on social media and read past the headlines as these can be crafted in a way to grab attention. The whole community is urged to pay particular attention when browsing from any internet facing workstation given the prevalence of activity feeding off the public thirst for information.
The Cyberspace Operation Centre (CyOC) and the NATO Communication and Information Agency (NCI Agency) stand ready to support and act if needed to any cyber situation. Watch the video (below) and learn how in general, and through exercises, NATO and its allies continue to train and improve our ability to counter any cyber threat.
Story by SHAPE CYBER CyOC, shared by SHAPE PAO office.