Overall cyber crime volumes have remained relatively constant as the Covid-19 coronavirus pandemic takes hold, but this could change and there are no grounds for complacency, according to the UK’s National Cyber Security Centre (NCSC) and its US counterpart, the Cybersecurity and Infrastructure Agency (CISA) at the Department of Homeland Security (DHS), which have issued a new update on the rapidly evolving threat landscape.
As has been widely observed in the past month, cyber criminals and other threat actors have been quick to pivot and adapt existing tools to exploit the crisis, which has forced the unprecedented emergency shutdown of swathes of the world’s economies.
However, according to the NCSC, much of the noise around cyber security in recent weeks has been down to retooling as the criminal underground pivots to coronavirus.
“Malicious cyber actors are adjusting their tactics to exploit the Covid-19 pandemic, and the NCSC is working around the clock with its partners to respond,” said NCSC operations director Paul Chichester.
“Our advice to the public and organisations is to remain vigilant and follow our guidance, and to only use trusted sources of information on the virus, such as the UK government, Public Health England or NHS websites.”
Bryan Ware, CISA assistant director for cyber security, added: “As the Covid-19 outbreak continues to evolve, bad actors are using these difficult times to exploit and take advantage of the public and business. Our partnerships with the NCSC and industry have played a critical role in our ability to track these threats and respond.
“We urge everyone to remain vigilant to these threats, be on the lookout for suspicious emails and look to trusted sources for information and updates regarding Covid-19. We are all in this together and, collectively, we can help to defend against these threats.”
The agencies highlighted several areas that are of particular concern to them: phishing, and malware and ransomware distribution using coronavirus as a lure; the registration of malicious domains using coronavirus-related keywords; and attacks on newly and often rapidly deployed remote access or remote working infrastructure and services.
Owing to the fact that many of the coronavirus-related threats and scams currently active in the wild are repurposed versions of old favourites, the majority can be dealt with by remaining appropriately vigilant and applying the tenets of basic cyber security hygiene at all times – advice that applies equally to businesses and consumers alike, because good organisational practice relies on users being able to spot threats and deal with them to a certain extent.
Users can best prepare themselves by trying to remain aware that cyber criminals will take advantage of basic human traits and emotions, such as curiosity, concern or even fear, and to be wary of any new coronavirus-related email, website or app that plays up to this. Such threats could present as an app that purports to track coronavirus cases in the victim’s local area, or masquerade as important information from a government body or healthcare organisation.
The full advisory document, including further guidance for both businesses and consumers, and indicators of compromise (IOCs) for detection, can be downloaded from the NCSC’s website.