IntSights
Overview: The COVID-19 pandemic has altered the way business is done around the world. With predominantly remote workforces operating on unsecured home networks, corporate security teams are struggling to gain control of rapidly expanding attack surfaces.
Cybercriminals and state-sponsored advanced threat groups are exploiting the COVID-19 pandemic to attack networks around the world for both financial and strategic gain. Between January and March, coronavirus-themed phishing lures, malware infections, network intrusions, scams, and disinformation campaigns have become rampant across the clear, deep, and dark web.
IntSights researchers put together this report to explore the most prevalent COVID-19 cyber threats: phishing websites and emails, fake coronavirus mobile apps, malware, ransomware, fraud, and disinformation. We also address the criminal and state-sponsored threat actors behind these campaigns, the most common types of targets, and network indicators of compromise.
What started as simple phishing attacks and hand sanitizer scams now involves several well-known threat actors. APT36, FIN7, the Maze ransomware group, and several other nation state actors are now behind attacks related to the coronavirus pandemic. As sophisticated threat actors enter this ring, both the volume and sophistication of the attacks will likely increase.
IntSights recommends the following steps for defense against these threats:
- Update the current threat landscape risk assessment based on new emerging threats to remote workers.
- Closely monitor collaboration and remote working tools.
- Strictly enforce the use of VPNs, encryption, and endpoint security.
- Enforce strong password policy and 2FA.
- Educate end users on the new threat landscape.