Coronavirus: UK, US Warn Hackers Are Exploiting Pandemic

Cybersecurity officials in the United States and United Kingdom are warning that state-backed hackers and online criminals are exploiting the Coronavirus pandemic.

This warning echoed other warnings from the cybersecurity sector over the past couple of weeks that hackers are taking advantage of the Covid-19 crisis.

Earlier this week, Europol warned that the Coronavirus pandemic has created a window of opportunity for hackers targeting organisations and critical services via ransomware and denial-of-service attacks.

Joint advisory

And now a joint advisory has been published on Wednesday by the US Cybersecurity and Infrastructure Agency and the UK’s National Cyber Security Centre.

“An increasing number of malicious cyber actors are exploiting the current Covid-19 pandemic for their own objectives,” said the advisory. “In the UK, the NCSC has detected more UK government branded scams relating to Covid-19 than any other subject.”

“Although, from the data seen to date, the overall levels of cyber crime have not increased, both the NCSC and CISA are seeing a growing use of Covid-19 related themes by malicious cyber actors,” stated the advisory. “At the same time, the surge in home working has increased the use of potentially vulnerable services, such as Virtual Private Networks (VPNs), amplifying the threat to individuals and organisations.”

“APT (advanced persistent threat) groups and cyber criminals are targeting individuals, small and medium businesses and large organisations with Covid-19 related scams and phishing emails,” said the advisory.

The advisory is offering security managers an overview of Covid-19 related malicious cyber activity. It also offers practical advice that individuals and organisations can follow to reduce the risk of being affected.

“Malicious cyber actors are adjusting their tactics to exploit the COVID-19 pandemic, and the NCSC is working round the clock with its partners to respond,” said Paul Chichester, director of operations at the NCSC.

““Our advice to the public and organisations is to remain vigilant and follow our guidance, and to only use trusted sources of information on the virus such as UK Government, Public Health England or NHS websites,” said Chichester.

US warning

This was echoed by the US Cybersecurity and Infrastructure Agency.

“As the Covid-19 outbreak continues to evolve, bad actors are using these difficult times to exploit and take advantage of the public and business,” said Bryan Ware, CISA assistant director for cybersecurity.

“Our partnerships with the NCSC and industry have played a critical role in our ability to track these threats and respond,” said Ware.

“We urge everyone to remain vigilant to these threats, be on the lookout for suspicious emails and look to trusted sources for information and updates regarding Covid-19,” said Ware. “We are all in this together and collectively we can help defend against these threats.”

Remote Working, VPN exploits

It seems that hackers are also exploiting growing demand for work-from-home solutions by passing off their malicious tools as remote collaboration software produced by Zoom and Microsoft.

Criminals are also said to be taking advantage of the mass move to home working by exploiting a variety of publicly known vulnerabilities in VPNs.

Security experts have agreed with US and UK officials that vigilance is needed during the pandemic.

“The pandemic is a global problem, and with this joint announcement it is more clear than ever that cyber-attacks threatening governments and corporations alike remain a global challenge,” said Marcus Fowler, director of strategic threat at Darktrace.

“While the warning discusses APT groups targeting government, organisations across industries need to remain alert,” said Fowler. “They could either be caught in the cyber crossfire, or directly targeted, especially if possessing valuable intellectual property, or in the fields of advanced tech or critical infrastructure.”

“The UN called for a global ceasefire for all conflict in the face of the pandemic,” said Fowler. “Cyber-attacks are a form of conflict, and yet it seems they haven’t ceased, but increased. I would urge cyber-adversaries to also heed the UN’s global ceasefire, especially when it comes to national critical infrastructure and organisations on the frontlines of this battle against Covid-19 and coronavirus.”

“While the warning details certain tactics used by APT groups, it’s not enough for businesses to closely monitor for only publicly discussed types of threats,” said Fowler. “APT groups are going to continue to change their tactics as the pandemic evolves and their strategies become well-known. This model is fundamentally broken. IT and security teams simply can’t keep up with the speed with which these sophisticated groups evolve, especially as they struggle with rapid digital transformation and the unique challenges presented by remote workforces.”

“Organisations need to turn towards sophisticated technologies, like AI, that can not only provide visibility across a disparate workforce, but can adapt to changing work environments and business operation needs while detecting tactics leveraged by nation-state actors – even before these joint announcements,” concluded Fowler.

The fact that malicious cyber actors are exploiting a variety of publicly known vulnerabilities in VPNs was noted by Jake Moore, cybersecurity specialist at ESET.

“As VPN usage goes up with increased remote working, this increased threat to cybersecurity causes a further headache to those already struggling to adapt to a new way of working,” said Moore. “This vulnerability lies with the fact many people continue to fall for increasingly well-crafted phishing emails and texts. More targeted than ever, these bad actors are ramping up their attack and going after the bones of a company.”

“Businesses that have moved their entire workforce to home working for the first time are likely to be more vulnerable,” said Moore. “Many employees will be using software that was entirely unknown to them just a few weeks ago. This paves the way for a simple yet effective technique used by criminals: targeting victims who will be worried by the unknown, and therefore who will click on links that they would normally think twice about.”

“Furthermore, I would advise all home users to change their default router password to something long and completely unrelated to you,” concluded Moore.

Do you know all about security? Try our quiz!