During the COVID-19 crisis, criminals continue to ply their trade and many are trying to exploit the crisis for their gain. As an increasingly large number of employees work from remote locations, it continues to be important for businesses to educate their employees about these kinds of attacks to prevent information systems from being compromised.

The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC) have issued a joint alert about these threats. Common attacks include:
 

• Phishing, using the subject of coronavirus or COVID‑19 as a lure;
• Malware distribution, using coronavirus- or COVID‑19-themed lures;
• Registration of new domain names containing wording related to coronavirus or COVID‑19; and
• Attacks against newly—and often rapidly—deployed remote access and teleworking infrastructures.

Social engineering methods are often at the heart of these activities, relying on curiosity and concern to persuade potential victims to:
 

• Click on a link or download an app that may lead to a phishing website or the downloading of malware, including ransomware.
  • For example, a malicious Android app purports to provide a real-time coronavirus outbreak tracker, but instead attempts to trick the user into providing administrative access to install "CovidLock" ransomware on their device

• Open a file (such as an email attachment) that contains malware.
  • For example, email subject lines contain COVID‑19-related phrases such as “Coronavirus Update” or “2019-nCov: Coronavirus outbreak in your city (Emergency)”

To create the impression of authenticity, malicious cyber actors may spoof sender information in an email to make it appear to come from a trustworthy source, such as the World Health Organization (WHO) or individuals with “Dr.” in their titles. The messages will often contain links to a fake email login page. The emails may also purport to be from an organization’s HR department and advise the employee to open the attachment.

Malicious file attachments containing malware payloads may be named with coronavirus- or COVID-19-related themes, such as “President discusses budget savings due to coronavirus with Cabinet.rtf.”

The CISA and NCSC alert also provides examples of phishing email subject lines:
 

• 2020 Coronavirus Updates
• Coronavirus Updates
• 2019-nCov: New confirmed cases in your city
• 2019-nCov: Coronavirus outbreak in your city (Emergency)

These emails encourage the victim to visit a website that will try to steal valuable data, such as usernames and passwords, credit card information and other personal information.

While most phishing attacks come via email, some malicious cyber actors also use text messages that purport to deal with unemployment benefit applications or government financial support payments, but really link directly to phishing sites.

The CISA/NCSC alert provides many more details and is well worth reading.

If you believe that your business may have been the victim of a cyberattack, it is important to contact your attorney immediately. The Cybersecurity and Privacy and the Criminal Practice Group attorneys at Warner have experience responding to all sorts of cyberattacks. We can assist you with reporting the incident to law enforcement and making any necessary disclosures to stakeholders. Warner can also assist in connecting you with the experts needed to help you identify the attack, neutralize remaining threats and try to locate any valuable data or lost funds, and we can help you take steps to reduce or defend against litigation resulting from a cyberattack.

For questions concerning cybersecurity and privacy, please contact Norbert Kugele, Madelaine Lane or Brian Wassom.