COVID-19 Cyber Security Threats

The COVID-19 outbreak is a crisis on a global scale, with reverberations and impacts on almost every element of daily life. From personal relationships to businesses, the outbreak has impacted people’s lives well beyond the sphere of health. 

As companies attempt to readjust to new ways of working and a new business landscape, they face a number of new challenges and unexpected impacts due to the COVID-19 crisis. One of the less well-discussed and understood secondary impacts of the current crisis is the increased vulnerability of businesses to cyberattacks.

As a matter of course, at VC3, we stay up to date with the latest cybersecurity issues, and during these difficult times, we follow new issues and occurrences on a daily basis. In the world of cybersecurity at the moment, there are huge concerns around phishing and hospitals vulnerable to ransomware, as bad actors and cybercriminals take advantage of global insecurity and use fear and panic to profit. 

Many businesses and companies are now working from home for the first time, which brings with it a raft of new cybersecurity issues. Employees distracted by a never-ending sea of ‘breaking news’ and COVID-19 updates are less likely to be hyper-vigilant when it comes to cybersecurity and more likely to let their guard down on phishing emails.

We thought it would be a good idea to compile some of the threats and vulnerabilities that we are seeing out there at the moment. Take a look below at the list below, which we have collected and confirmed as the most pressing risks to businesses as a result of the pandemic. 

• Bad actors are creating fake COVID-19 monitoring and information sites. These sites lure people in with ‘breaking news’ and ‘latest updates,’ exploiting concerns about the outbreak. They then contain malware and use vulnerabilities in Flash, Java, and Adobe PDF to exploit weaknesses in systems. Older and non-updated browsers are particularly vulnerable to these attacks.

• There has been a very high number of new domains registered in the last few months, nearly 10 times the normal amount (Hacker News). Of these new sites, around 20% are considered suspicious. The majority of these domains are being used as “online retailers” to sell COVID-19 cures, immune system-boosting products, and so on. Non-official websites of this sort should be treated with the utmost caution.   

• There have already been a number of incidents where hospitals and medical facilities have been phished and attacked. One secondary phishing issue has seen bad actors take control of a medical email (a doctor or doctor’s receptionist, for example) and use it to access a patient list to send out further phishing attempts, as well as spread fear and panic. This can be a significant problem, as emails from medical professionals are likely to be implicitly trusted at this time. Still, users should be extra vigilant and wary of any email that does not sound 100% legitimate. 

• A fake “real-time” pandemic tracking app called COVID19 Tracker is locking phones & asking for ransom.  Clients using Android should be advised to only use “trusted app platforms” such as Google Play. 

• There have been a number of phishing attempts using the names and spoofed domains of various health agencies, again capitalizing on the implicit trust that people have in health professionals.

• The Canadian Cyber Security Centre has identified a long list of vulnerabilities and recommends the immediate patching of the below. More information can be found at https://cyber.gc.ca/en/alerts-advisories.
  • AL19-009 Critical Microsoft Remote Desktop Vulnerability
  • AL19-010 Active Exploitation of the Telerik UI for ASP.NET AJAX
  • AV19-167 Microsoft Security Advisory - August 2019 Monthly Rollup
  • AL19-016 Active exploitation of VPN vulnerabilities
  • AL20-003 Citrix Exploitation
  • AL20-004 Microsoft Internet Explorer 0-Day
  • AL20-005 Detecting Compromises relating to Citrix CVE-2019-19781
  • AL20-006 Microsoft Exchange Validation Key RCE Vulnerability
  • AL20-007 Microsoft SMBv3 Vulnerability
  • AV20-010 Microsoft Security Advisory - January 2020 Monthly Rollup
  • AV20-032 Microsoft Security Advisory - February 2020 Monthly Rollup
  • AV20-044 Apache Tomcat Security Advisory
  • AV20-053 Lets Encrypt Certificate Advisory
  • AV20-064 Microsoft Security Advisory - March 2020 Monthly Rollup

• Public Safety Canada’s Cyber Security Centre has released some excellent guidance on “Telework Security Issues,” which can be found here. 

• There has been a noted increase in emails claiming to provide a “COVID-19 cure” being used to phish and infect machines. Clients should be wary of any/all information via email and on Facebook and other social media platforms unless it’s from an official government authority.

These are the main threats that we have witnessed and confirmed ourselves at the moment. We also suspect that we’re going to see CRA & Service Canada phishing scams related to applying for EI and sickness benefits. In general, our advice is to practice good online hygiene and be hyper-vigilant when it comes to links, downloads, and emails, even when they purport to come from trusted sources. If in doubt, it is always worth checking or confirming that an email is genuine.

For more information, Public Safety Canada (Canadian Centre for Cyber Security) is a great place to start.