Mitigating Cyber Risk Associated with the Coronavirus Pandemic

With increasing global concerns around the spread of Coronavirus (COVID-19), organizations around the world are seeing a growing use of COVID-19-related themes by malicious cyber actors. At the same time, the surge in remote work has increased the attack surface, potentially exposing employees to known cyberattacks that may have been blocked by security controls set in place within the corporate network.

We recognize the imminent threat posed by Coronavirus to not only the health of the general public but on business operations as well. With this in mind, Herjavec Group has prepared a series of Threat Advisories, Continuity Planning, and Emergency Preparedness Resources in order to reduce the impact that COVID-19 will have on your business.

Subscribe to HG News

Talk to an Expert

icon-ppc-iresponse

We will be updating this page as the global pandemic and related threats continue to develop. The most up-to-date information will be posted to the top of each category. 

Latest Threat Advisories

April 9, 2020: SMS Phishing Cyber Attacks & Telework Exploits

April 9, 2020: SMS Phishing Cyber Attacks & Telework Exploits

Herjavec Group continues to track COVID-19 related cyberattacks. We have a complete threat advisory tracking various threats, malware types, as well as a summary of IOCs and domains specific to COVID-19. The full advisory can be found here.

Recently, there has been an increase in the use of SMS phishing and Telework Infrastructure Exploits to execute cyber attacks.

READ MORE

April 6, 2020: Updates Regarding COVID-19 Related Cyber Attacks

April 6, 2020: Updates Regarding COVID-19 Related Cyber Attacks

Malware-based phishing campaigns have been on the rise since early March. The campaigns appear to be from a trusted source, such as healthcare organizations, educational institutions, government agencies, or other official sources. The associated emails often contain a link that promises key information, relevant data, or tracking information regarding the Coronavirus.

A number of these emails appear to originate from cdc[.]gov and contain links resembling the Centers for Disease Control and Prevention (CDC) official sites. However, they route to threat actor-controlled websites and may request login credentials, ask for donations in bitcoin, or even serve malware. These links may contain legitimate data, such as live tracking maps, however, propagate malware such as the credential stealer AZORult.

READ MORE

April 2, 2020: Phishing Campaigns Using the Zoom Video Conferencing Platform

April 2, 2020 – Phishing Campaigns Using the Zoom Video Conferencing Platform

With the global situation around COVID-19 shifting organizations to remote work, the number of users utilizing audio/video conferencing tools has greatly increased.

Given this increase in usage, Zoom, a popular video conferencing platform, is being targeted to execute conference hijacking attacks and is being utilized as an infection vector for malware. Additionally, there has also been a large increase in domain registrations in March 2020 with the name “Zoom” that attackers are using as bait in phishing emails.

READ MORE

March 12, 2020: COVID-19 Related Cyber Attacks

March 12, 2020: COVID-19 Related Cyber Attacks

Threat actors are leveraging additional information on COVID-19 to spread malware infections through phishing emails. These emails, particularly the subject lines, are designed to contain valuable information about the current status of the outbreak to lure victims into opening attachments or clicking malicious links. Sample email subject lines include:

  • “COVID-19 – Now Airborne, Increased Community Transmission”
  • “Attention: List Of Companies Affected With Coronavirus March 02, 2020”

READ MORE

Resources

Checklist for Remote WorkAs your trusted partner in cybersecurity, Herjavec Group can support your remote workforce through secure remote access tools, user access controls, emergency preparedness planning, managed services, incident response and more.

We have prepared a detailed checklist for CISOs and CIOs to ensure the preparedness of your teams for remote work. To do a review of your preparedness plans and the security of your remote work, complete the checklist and we will schedule a 15 minute security briefing to go over your team’s remote work readiness and security.

We know that employee safety is of the utmost importance for your enterprise during the COVID-19 pandemic. At the same time, contingency planning is imperative to ensure your organization maintains business continuity, when your employees are required to work from home.

We understand what’s keeping you up at night:

  • safeguarding external threats
  • maintaining regulatory compliance
  • protecting intellectual property
  • stopping malicious insiders
  • preventing employee mistakes
  • maintaining visibility into endpoints and data
  • reducing phishing attacks
  • managing the load on VPN solutions

We have prepared a detailed guide for CISOs and CIOs to ensure you are enabling and securing your remote workforce. To do a review of your preparedness plans and the security of your remote work, download the guide.

COVID-19 Cybersecurity Trends

APT Groups

Advanced Persistent Threat (APT) groups and cybercriminals are targeting individuals, enterprises, and employees working remotely with COVID-19-related scams. Their goals and targets are consistent with long-standing priorities such as espionage and “hack-and-leak” operations.

Phishing Campaigns

While always one of the top attack vectors, phishing has seen a large increase in activity with the global spread of COVID-19. The pandemic has increasingly become the leading lure in phishing campaigns targeting organizations across multiple industries.

Registered Domains

Since mid-January 2020, there has been an increase in COVID-19 related domain registrations. Attackers register new domain names containing wording related to coronavirus or COVID-19, which are then used in phishing campaigns to distribute malware. 

Vulnerabilities

As COVID-19 shifts organizations to remote work, malicious actors are exploiting publicly known vulnerabilities in VPNs and other remote working tools and software, i.e Zoom. These vulnerabilities are leveraged as an infection vector for malware or used to gain access to confidential meetings/data. 

Cyber Hygiene Tips During COVID-19

Organizations

  • Maintain up-to-date antivirus signatures & engines and keep operating system patches up-to-date.
  • Disable File and Printer sharing services. If these services are required, use strong passwords or Active Directory authentication.
  • Restrict users’ ability (permissions) to install and run unwanted software applications. Do not add users to the local administrators group unless required.
  • Enforce a strong password policy and implement regular password changes.
  • Be cautious when opening email attachments even if the attachment is expected and the sender is known.
  • Enable a personal firewall on agency workstations, configured to deny unsolicited connection requests.
  • Disable unnecessary services on agency workstations and servers.
  • Scan for and remove suspicious e-mail attachments; ensure the scanned attachment is its “true file type” (i.e., the extension matches the file header).
  • Monitor users’ web browsing habits; restrict access to sites with unfavorable content.
  • Exercise caution when using removable media (e.g., USB thumb drives, external drives, CDs, etc.).
  • Scan all software downloaded from the Internet prior to executing.
  • Maintain situational awareness of the latest threats and implement appropriate Access Control Lists (ACLs).

Individuals & Employees

  • Maintain up-to-date antivirus signatures & engines and keep operating system patches up-to-date.
  • Disable File and Printer sharing services. If these services are required, use strong passwords or Active Directory authentication.
  • Restrict users’ ability (permissions) to install and run unwanted software applications. Do not add users to the local administrators group unless required.
  • Enforce a strong password policy and implement regular password changes.
  • Be cautious when opening email attachments even if the attachment is expected and the sender is known.
  • Enable a personal firewall on agency workstations, configured to deny unsolicited connection requests.
  • Disable unnecessary services on agency workstations and servers.
  • Scan for and remove suspicious e-mail attachments; ensure the scanned attachment is its “true file type” (i.e., the extension matches the file header).
  • Monitor users’ web browsing habits; restrict access to sites with unfavorable content.
  • Exercise caution when using removable media (e.g., USB thumb drives, external drives, CDs, etc.).
  • Scan all software downloaded from the Internet prior to executing.
  • Maintain situational awareness of the latest threats and implement appropriate Access Control Lists (ACLs).

Thought Leadership

Blog

Cybersecurity CEO: Cyber Insurance, COVID-19, and Resilient Security ProgramsTune into Cybercrime Radio for Our Advice for CISOs and...

Read More | Cybersecurity CEO

Threat Advisory: Microsoft Releases Patch for DNS Server Vulnerability (CVE-2020-1350)Microsoft has released a patch for a critical vulnerability in...

Read More | Threat Advisory

Threat Advisory: Critical Vulnerability in SAP NetWeaver AS Java (CVE-2020-6287)SAP has released a security update to address the critical...

Read More | Threat Advisory

News

Erin McLean, SVP at Herjavec Group, Named One of Top 100 Women in Cybersecurity by Cyber Defense MagazineHerjavec Group is proud to announce that Erin McLean, SVP...

Read More | Security News

CNBC Squawk Alley: Robert Herjavec on the Twitter Hack and Importance of Identity SecurityRobert Herjavec, CEO & Founder of Herjavec Group, appeared on...

Read More | Robert Herjavec

Herjavec Group Accelerates Growth with Acquisition of Award-Winning Identity Management Firm, SecurienceLOS ANGELES, CA – Robert Herjavec, leading investor on the...

Read More | Security News