Threat Intelligence

How Safe Are You? Learn How Cyber Attackers Are Exploiting COVID-19 to Undermine Your Security

Author
Oscar Franco
Senior Cybersecurity Specialist
SHARE:

The Fidelis Cybersecurity Threat Research Team (TRT) monitors and tracks emerging and evolving threats and Fidelis uses the threat intelligence they develop to generate new policies, detections, and rules for our Network, Endpoint, and Deception products. This ensures that our customers’ networks remain protected as cyber threats continue to evolve. As an example of how the TRT keeps our customers safe from evolving threats, the TRT monitors the registration of new domain names, looking for domains that have the potential to be used maliciously.

As the COVID-19 pandemic was ramping up, the TRT began focusing on COVID-19 themed domain names and identified over 2400 suspicious coronavirus-themed domains¹ created during a single week. The TRT quickly researched these domains and rolled out updates to Fidelis products ensuring malicious domains could not be used to undermine the security of our customers’ networks. The TRT has similar efforts to track system vulnerabilities (CVEs) that are being actively exploited, track the evolution of Phishing and Ransomware campaigns, and track the evolving Technologies, Techniques, and Procedures (TTPs) being used by cyber criminals and nation-state actors. The TRT’s research and insights play a key role in ensuring that Fidelis’ products maintain robust protections against the threats that pose the greatest risk to our customers. Together, we must remain vigilant to these new and emerging threats: read on to see what has changed, what you should expect and how you should prepare.

What has changed?

COVID-19 has rocked everyone’s world in some way or another. Whether it’s working from home, wearing masks and gloves to go to the grocery store, or practicing social distancing, we’re adapting to a new “normal”. One thing that hasn’t changed is that cyber criminals and nation-state actors continue to take advantage of local, national, and global events to attack, disrupt, steal from, and extort commercial industry, critical infrastructure providers, healthcare providers, research and education institutions, and Government and military organizations.

In response to the COVID-19 pandemic, organizations have instituted work from home policies to keep their employees safe and healthy while continuing to move business operations forward. As countries and states begin to allow businesses to reopen, organizations are planning their physical return to the workplace. This transition will take time as many companies will be allowing some or all of their employees to continue working from home for the foreseeable future. This hybrid work environment presents a unique set of challenges as employees move between on-premise and work from home environments. Is your company ready to make this transition? If not, watch our on-demand webinars to learn more about Securing your Company’s Assets and Remote Workforce Against the Latest Threats.

What can you expect?

Cyber-criminals and nation-state sponsored attackers will continue to exploit Virtual Private Network (VPN) technologies, tele-work solutions, and the mobile endpoints used by work-at-home employees to deliver malware via phishing attacks and drive by downloads. Examples of COVID-19 themed attacks include:

  • Ransomware: REvil/Sodinokibi, Ryuk, CoronaVirus Ransomware; file encryption and data leakage threats.
  • Commodity Malware: Fake coronavirus maps and trackers on mobile applications and browser sites, phishing attachments and malware families including AZORult, Hawkeye and Parallax RAT.
  • Nation-State Sponsored Attacks: Nation-state groups assessed to be leveraging COVID-19 are reported to be associated with Russia, North Korea and China. These activities, primarily via phishing, are targeting organizations and victims in Vietnam, South Korea, Mongolia and Ukraine. Nation-state actors are also increasingly interested in U.S., U.K., and European COVID-19 vaccination research projects.
  • Disinformation Campaigns: on our podcast with our Sr. Intelligence Analyst, he discusses disinformation campaigns occurring to stoke people’s fears of the virus. One such campaign was reported to hit Ukraine in February 2020. Listen to the podcast to hear the full story!

How Should You Prepare?

Fidelis Cybersecurity can help you evolve your cyber defense strategy to provide robust protection for your organization’s critical assets from cyber criminals and nation- state actors. Our integrated Network Traffic Analysis, Endpoint Detection and Response, and Deception technologies will enable your organization to move from a reactive security posture to a proactive one. As cyber threats continue to grow more pervasive and sophisticated, organizations must evolve their security strategies to emphasize holistic visibility, increased automation, and detection and response of attacks across the cyber terrain. Our CISO, Chris Kubic, offers advice on Maintaining Your Cybersecurity Focus as you work from home.

For a full report on COVID-19 Threats from our Threat Research Team, please check out their post here. Contact us if you have any specific questions/needs or schedule a demo with us to find out how our solutions can help you detect, hunt and respond to these unprecedented threats. During this pressing time, the Cyber Warriors at Fidelis Cybersecurity are here to help you stay safe and secure.

¹ https://1984.sh/covid19-domains-feed.txt

Browse our blog