How Hackers are Spreading the (Corona)virus

Cybersecurity Trends

The WHO has labeled COVID-19 a global pandemic, setting off a wave of sweeping measures that have impacted not only our physical lives, but our digital lives as well.

As millions of businesses around the world shut their doors, companies are leaning heavily on remote productivity tools like video conferencing, VPNs, and screensharing in order to enable employees to keep working from the safety of their homes. As added digital layers, these systems each present a unique set of cybersecurity challenges as well as increase your firm's overall attack surface.

On top of this, several coronavirus tracking maps have been found to be carrying their own viruses designed to infect users' computers. And finally, the US Dept. of Health and Human Services (the agency in charge of the US's coronavirus response efforts) reported that they've been breached by a multi-pronged cyberattack.

To cut through the noise, here is a roundup of everything you need to know:

Government Threats
Aside from the breach that affected the US Dept. of Health and Human services, several other government bodies have been involved in confirmed or suspected cybersecurity incidents.

The Brno University Hospital in the Czech Republic was hit by a cyberattack, forcing them to shut down their entire IT network as well as several other hospital branches. The hospital, one of the Czech Republic's largest COVID testing facilities, cancelled all of their scheduled surgeries and rerouted patients to a nearby hospital.

On the flip side, Iran's official COVID-19 detection app was taken off the Google Play store amid rumors that it contained state-sponsored malicious code designed to harvest user data. However, some claim that the app did in fact ask for users' permission before collected geo-data, and that the app was rather taken down due to false claims about its ability to detect whether the user is carrying COVID-19, something that no application is capable of doing.

Finally, state-sponsored hackers in China, Russia, and North Korea have each been taking advantage of the panic in order to hide malware in coronavirus-related documents. For example, hacking group Mustang Panda (backed by the Chinese government) spread an email in Vietnam with a RAR file attachment which claimed to carry a message from the Vietnamese Prime Minister related to the virus outbreak. Once downloaded, a backdoor trojan was installed on the user's computer.

More: The Politics of Cybersecurity

Corporate Threats
As many companies have shifted to telecommuting, the Cybersecurity and Infrastructure Security Agency (CISA) has reported an uptick in attacks on related systems. In particular, CISA recommends updating "VPNs, network infrastructure devices, and devices being used to remote into work environments with the latest software patches and security configurations."

Furthermore, a swarm of phishing emails has been detected that pretend to provide the user with critical COVID-related information. Accordingly, companies are strongly advised to train staff in spotting and reporting suspicious emails. In particular, hackers are leveraging the general confusion and insecure environment that has resulted from mass telecommuting in order to launch spear phishing campaigns against executive and high-profile individuals.

More: Politely Paranoid, A Guide to Spotting and Responding to Phishing Attempts

Personal Threats
Finally, at least 5,000 websites related to coronavirus have popped up in that last couple weeks, many of which are far from reputable. Coronavirus tracking maps in particular have been known to carry their own viruses that infect users' computers, but that is only the tip of the iceberg. According the Check Point, a full 3% of coronavirus-themed websites are classified as malicious, with up to 5% displaying suspicious activity.

Make no mistake. As one country after another enters lockdown, it has unfortunately become clear that we were physically unprepared for COVID-19. The same is true of our digital preparedness. At Silent Breach, we've been writing for months about the Myth of Cybersecurity as well as covering massive data breaches in healthcare, tech, and government. That being said, now is not the moment to panic, it is the time to take action.

Silent Breach strongly recommends performing a penetration test and/or social engineering exercise if you have not done so already. Furthermore, we have moved to introduce employee training workshops via Zoom that are tailored towards the cybersecurity challenges stemming from the coronavirus outbreak. Finally, building a robust partnership with a cybersecurity firm to cover things like incident monitoring and response will keep you one step ahead of the attackers, and limit your financial risk in the event of a breach.

For more help, please contact Silent Breach for customized measures on how your organization can remain prepared throughout this difficult period.

About Silent Breach: Silent Breach is an award-winning provider of cyber security services. Our global team provides cutting-edge insights and expertise across the Data Center, Enterprise, SME, Retail, Government, Finance, Education, Automotive, Hospitality, Healthcare and IoT industries.