Seyfarth Synopsis: As individuals and businesses continue to focus on the rising number of confirmed Coronavirus cases throughout the world and what steps they can take to guard against infection, malicious actors are exploiting those very same fears for their own profit. A dramatic increase in the number of employees working from home coupled with overworked business and commercial IT staff has resulted in a higher likelihood that security best practices may be forgotten or disregarded entirely.
A number of recent examples are discussed below:
While the U.S. Treasury has issued a relatively simplistic notice warning of an increase in phishing communications with instruction to simply disregard them, the FCC has provided a number of recordings of phishing attempts related to obtaining a complimentary COVID-19 testing kit and scheduling HVAC cleaning to protect against the spread of COVID-19.
Other phishing attempts seen in recent weeks involve the threat actor posing as members of the Center for Disease Control and Prevention or the World Health Organization in an attempt to legitimize their scams. A common tactic is for these scammers to register malicious domain names (cdc-gov.org and cdcgov.org) that are similar to valid domains (cdc.gov) in order to confuse already worried recipients.
A number of recent articles have provided further detail regarding these specifics attempts, including:
Threat actors have jumped on the bandwagon by quickly developing COVID-19-related malware. They are attempting to take advantage of individuals seeking the most updated information regarding the spread of the virus. In one instance, an interactive dashboard and map of real-time COVID-19 infections and deaths provided by John Hopkins University has been weaponized to spread password-stealing malware:
Late last month, a member of several Russian language cybercrime forums began selling a “digital Coronavirus infection kit” that uses the Hopkins interactive map as part of a Java-based malware deployment scheme. The kit costs $200 if the buyer already has a Java code signing certificate, and $700 if the buyer wishes to just use the seller’s certificate.
“It loads [a] fully working online map of Novel Coronavirus infected areas and other data,” the seller explains. “Map is resizable, interactive, and has real time data from World Health Organization and other sources. Users will think that PreLoader is actually a map, so they will open it and will spread it to their friends and it goes viral!”
See https://krebsonsecurity.com/2020/03/live-coronavirus-map-used-to-spread-malware/; see also https://www.forbes.com/sites/zakdoffman/2020/03/11/warning-you-must-not-download-this-dangerous-coronavirus-map/.
In addition to an increase in phishing activity and distribution of malware, there have also been reports of cyberattacks targeting industries or governments wrestling with COVID-19.
Recently, the U.S. Department of Health and Human Services noticed a large spike in activity across their infrastructure indicating a Distributed Denial of Service attack meant to overwhelm their network, although it does not appear that any actual outages were reported. Interestingly, although a small number of well-known cybercrime groups stated in interviews that they would not attack health organizations during the COVID-19 pandemic, it appears that this either does not extend to attacks that occurred before these statements were made or the potential for financial gain was too high for these groups to resist.
The U.S. Cybersecurity and Infrastructure Security Agency (“CISA”) has identified a number of precautions that users and organizations should take to avoid scams related to COVID-19, including:
- Avoid clicking on links in unsolicited emails and be wary of email attachments.
- Use trusted sources—such as legitimate, government websites—for up-to-date, fact-based information about COVID-19.
- Do not reveal personal or financial information in email, and do not respond to email solicitations for this information.
- Verify a charity’s authenticity before making donations.
- Review CISA Insights on Risk Management for COVID-19 for more information.
 Defending Against COVID-19 Cyber Scams, https://www.us-cert.gov/ncas/current-activity/2020/03/06/defending-against-covid-19-cyber-scams; see also Cyber-Attack Hits U.S. Health Agency Amid Covid-19 Outbreak, https://www.bloomberg.com/news/articles/2020-03-16/u-s-health-agency-suffers-cyber-attack-during-covid-19-response.
 Ransomware Gangs to Stop Attacking Health Orgs During Pandemic, https://www.bleepingcomputer.com/news/security/ransomware-gangs-to-stop-attacking-health-orgs-during-pandemic; see also https://www.forbes.com/sites/daveywinder/2020/03/19/coronavirus-pandemic-self-preservation-not-altruism-behind-no-more-healthcare-cyber-attacks-during-covid-19-crisis-promise/.
 COVID-19 Vaccine Test Center Hit By Cyber Attack, Stolen Data Posted Online, https://www.forbes.com/sites/daveywinder/2020/03/23/covid-19-vaccine-test-center-hit-by-cyber-attack-stolen-data-posted-online.
 HHS Hit With Cyber ‘Incident’ Amid Coronavirus Outbreak, https://www.law360.com/articles/1253530/hhs-hit-with-cyber-incident-amid-coronavirus-outbreak.