CISA, NCSC Issue Joint Alert on Hackers Exploiting COVID-19: Here’s the Scoop

COVID-19-related cyberattacks

Cybercriminals are taking “never let a crisis go to waste” to another level. The U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC) recently issued a joint alert on the growing number of malicious cyber actors exploiting the COVID-19 crisis. By staying on top of how these malicious actors are infecting networks and systems, small businesses can better protect not only their employees but customers.

Without a doubt, COVID-19-related cyberattacks have been increasing over the past several months. Since the end of February, phishing attempts alone have risen significantly by more than 600 percent. These attacks include scams, brand impersonation, and blackmail attacks, according to a report published by Barracuda Networks, a security, networking, and storage solutions company.

CISA and NCSC’s alerts went beyond just warning the general public about phishing attacks. The document also revealed how hackers are exploiting new teleworking infrastructure being used by businesses with employees working remotely.

The joint alert itself is relatively detailed (here’s the full text if you’re interested in reviewing it), but there are a few key takeaways for business owners.

What’s the overall message?

Both agencies are “seeing a growing use of COVID-19-related themes by malicious cyber actors,” according to the alert. For instance, cybercriminals are using the crisis to target enterprises, SMBs, and individuals with scams and phishing emails. Government officials are encouraging organizations and individuals in our country to remain vigilant for malicious software during the COVID-19 crisis.

Due to many employees now working remotely, there’s also been an uptick of attacks on “potentially vulnerable services,” including virtual private networks (VPNs), which enable businesses to establish secure connections via the internet.

While these cybercriminals are becoming more clever than ever by targeting vulnerable populations amid a crisis, you can protect yourself from many of their attacks by simply being aware of how they’re luring their victims.

What are the top attacks to look out for during the crisis?

Many cybercriminals and APT groups are exploiting the COVID-19 outbreak by targeting their victims with several types of cybersecurity threats. Many of the exploits you’re probably already familiar with, including phishing, malware distribution, and attacks on accessing remote infrastructures.

“These cyber threat actors will often masquerade as trusted entities,” the alert said. “Their activity includes using coronavirus-themed phishing messages or malicious applications, often masquerading as trusted entities that may have been previously compromised. Their goals and targets are consistent with long-standing priorities such as espionage and ‘hack-and-leak’ operations.”

These hackers are also using other known deceitful methods to get their targets to comply with their deceptions.

How are these cybercriminals tricking their targets?

“Malicious cyber actors rely on basic social engineering methods to entice a user to carry out a specific action,” according to the alert. “These actors are taking advantage of human traits such as curiosity and concern around the coronavirus pandemic.”

For example, threat actors are using these attack methods to encourage users to click on a link that may lead to a phishing site or open a file (e.g., an email attachment) that contains malicious software, such as ransomware, which encrypts a user’s data until they pay a ransom.

With the number of COVID-19-related cyberattacks expected to continue to rise, don’t be surprised if CISA and NCSC issue another joint statement on the same topic in the coming months.

Stay up to date with CISA’s alerts by subscribing here.