Mitigating Cyber Risk Associated with the Coronavirus Pandemic

With increasing global concerns around the spread of Coronavirus (COVID-19), organizations around the world are seeing a growing use of COVID-19-related themes by malicious cyber actors. At the same time, the surge in remote work has increased the attack surface, potentially exposing employees to known cyberattacks that may have been blocked by security controls set in place within the corporate network.

We recognize the imminent threat posed by Coronavirus to not only the health of the general public but on business operations as well. With this in mind, Herjavec Group has prepared a series of Threat Advisories, Continuity Planning, and Emergency Preparedness Resources in order to reduce the impact that COVID-19 will have on your business.

Subscribe to HG News

Talk to an Expert

Experiencing a Security Incident?

For immediate incident response support please call 1-877-275-5549.

icon-ppc-iresponse

We will be updating this page as the global pandemic and related threats continue to develop. The most up-to-date information will be posted to the top of each category. 

Latest Threat Advisories

April 22, 2020: Emotet Botnet Shows Signs of Life & COVID-19 Phishing Campaigns Target Healthcare

April 22, 2020: Emotet Botnet Shows Signs of Life & COVID-19 Phishing Campaigns Target Healthcare

The FBI has released a flash report outlining phishing campaigns targeting healthcare providers in March 2020. The emails leveraged COVID-19 themed subject lines and content to distribute malicious attachments, such as Microsoft Word documents, 7-Zip compressed files, Microsoft Visual Basic Script, Java, and Microsoft Executables.

READ MORE

April 20, 2020: Re-Emergence of the Maze Ransomware

April 20, 2020: Re-Emergence of the Maze Ransomware

The Maze ransomware was initially discovered in May 2019, and since then the attack frequency has increased and the group behind it has brought new traits to the forefront. The group conducted a large number of campaigns in late 2019 and has not slowed down since the emergence of the COVID-19 pandemic.

READ MORE

April 9, 2020: SMS Phishing Cyber Attacks & Telework Exploits

April 9, 2020: SMS Phishing Cyber Attacks & Telework Exploits

Herjavec Group continues to track COVID-19 related cyberattacks. We have a complete threat advisory tracking various threats, malware types, as well as a summary of IOCs and domains specific to COVID-19. The full advisory can be found here.

Recently, there has been an increase in the use of SMS phishing and Telework Infrastructure Exploits to execute cyber attacks.

READ MORE

April 6, 2020: Updates Regarding COVID-19 Related Cyber Attacks

April 6, 2020: Updates Regarding COVID-19 Related Cyber Attacks

Malware-based phishing campaigns have been on the rise since early March. The campaigns appear to be from a trusted source, such as healthcare organizations, educational institutions, government agencies, or other official sources. The associated emails often contain a link that promises key information, relevant data, or tracking information regarding the Coronavirus.

A number of these emails appear to originate from cdc[.]gov and contain links resembling the Centers for Disease Control and Prevention (CDC) official sites. However, they route to threat actor-controlled websites and may request login credentials, ask for donations in bitcoin, or even serve malware. These links may contain legitimate data, such as live tracking maps, however, propagate malware such as the credential stealer AZORult.

READ MORE

April 2, 2020: Phishing Campaigns Using the Zoom Video Conferencing Platform

April 2, 2020 – Phishing Campaigns Using the Zoom Video Conferencing Platform

With the global situation around COVID-19 shifting organizations to remote work, the number of users utilizing audio/video conferencing tools has greatly increased.

Given this increase in usage, Zoom, a popular video conferencing platform, is being targeted to execute conference hijacking attacks and is being utilized as an infection vector for malware. Additionally, there has also been a large increase in domain registrations in March 2020 with the name “Zoom” that attackers are using as bait in phishing emails.

READ MORE

March 12, 2020: COVID-19 Related Cyber Attacks

March 12, 2020: COVID-19 Related Cyber Attacks

Threat actors are leveraging additional information on COVID-19 to spread malware infections through phishing emails. These emails, particularly the subject lines, are designed to contain valuable information about the current status of the outbreak to lure victims into opening attachments or clicking malicious links. Sample email subject lines include:

  • “COVID-19 – Now Airborne, Increased Community Transmission”
  • “Attention: List Of Companies Affected With Coronavirus March 02, 2020”

READ MORE

Resources

Checklist for Remote WorkAs your trusted partner in cybersecurity, Herjavec Group can support your remote workforce through secure remote access tools, user access controls, emergency preparedness planning, managed services, incident response and more.

We have prepared a detailed checklist for CISOs and CIOs to ensure the preparedness of your teams for remote work. To do a review of your preparedness plans and the security of your remote work, complete the checklist and we will schedule a 15 minute security briefing to go over your team’s remote work readiness and security.

We know that employee safety is of the utmost importance for your enterprise during the COVID-19 pandemic. At the same time, contingency planning is imperative to ensure your organization maintains business continuity, when your employees are required to work from home.

We understand what’s keeping you up at night:

  • safeguarding external threats
  • maintaining regulatory compliance
  • protecting intellectual property
  • stopping malicious insiders
  • preventing employee mistakes
  • maintaining visibility into endpoints and data
  • reducing phishing attacks
  • managing the load on VPN solutions

We have prepared a detailed guide for CISOs and CIOs to ensure you are enabling and securing your remote workforce. To do a review of your preparedness plans and the security of your remote work, download the guide.

COVID-19 Cybersecurity Trends

APT Groups

Advanced Persistent Threat (APT) groups and cybercriminals are targeting individuals, enterprises, and employees working remotely with COVID-19-related scams. Their goals and targets are consistent with long-standing priorities such as espionage and “hack-and-leak” operations.

Phishing Campaigns

While always one of the top attack vectors, phishing has seen a large increase in activity with the global spread of COVID-19. The pandemic has increasingly become the leading lure in phishing campaigns targeting organizations across multiple industries.

Registered Domains

Since mid-January 2020, there has been an increase in COVID-19 related domain registrations. Attackers register new domain names containing wording related to coronavirus or COVID-19, which are then used in phishing campaigns to distribute malware.

Vulnerabilities

As COVID-19 shifts organizations to remote work, malicious actors are exploiting publicly known vulnerabilities in VPNs and other remote working tools and software, i.e Zoom. These vulnerabilities are leveraged as an infection vector for malware or used to gain access to confidential meetings/data.

webinar@6x

Webinar:

CISO Recommendations in Response to COVID-19 and Global Pandemics

In this webinar, we address the top C-level concerns for cybersecurity in light of global pandemics such as COVID-19. The webinar will cover how you can ensure the continuity of your enterprise business operations through planning, remote work access solutions, and 24/7 monitoring to reduce the risk of phishing attacks.

Join JR Cunningham, VP of Strategic Solutions, as he addresses:

  • How can businesses handle remote access and security in light of the threat posed by a global pandemic?
  • What tools do you need to ensure your team is secure against insider threats?
  • What are the challenges to securing remote access?
  • How should you handle onsite work such as Incident Response and deploying security technologies?
  • Do your risk management strategies need to change in response to COVID-19? If so, how?

Thought Leadership

News

Threat Advisory: NSA, ASD Release Guidance for Mitigating Web Shell MalwareThe U.S. National Security Agency (NSA) and the Australian Signals...

Read More | Threat Advisory

Mediaplanet: Robert Herjavec on Digital Transformation and Remote WorkforcesRobert Herjavec, founder and CEO of the Herjavec Group and...

Read More | Robert Herjavec

Blog

Cybersecurity CEO: Identity Management is Here to StayLos Angeles, Calif. – May 25, 2020 Not long ago...

Read More | Cybersecurity CEO

Threat Advisory: Citrix ADC/Netscaler Breach ActivityHerjavec Group has been investigating a spike in Citrix ADC/NetScaler...

Read More | Threat Advisory

CISA Alert: Top 10 Routinely Exploited Vulnerabilities, 2016-2019Recently, the Cybersecurity & Infrastructure Security Agency (CISA), the FBI,...

Read More | Thought Leadership