Security News
Purporting to offer help and info on COVID-19, the apps can let hackers take control of devices to access files, contacts, the calendar, and more, according to Check Point Research. As cyber criminals exploit the coronavirus with phishing emails, ransomware, and other attacks, so too are they concocting phony coronavirus-themed apps to infect mobile devices.
The phishing emails led to malicious websites that used the same HTML and CSS found in actual White House sites, says email security provider INKY. Phishing emails and their associated websites often impersonate well-known organizations, brands, businesses, and other familiar subjects to try to trap potential victims. A series of recent phishing emails examined by INKY targeted people curious or anxious about COVID-19 by impersonating the White House and some in the administration.
US and British cybersecurity agencies warned Wednesday that foreign government-backed hacking groups are using coronavirus themes to ply their way into computers and networks. Some use email and SMS subject lines like "2020 Coronavirus updates" or "Coronavirus outbreak in your city(Emergency)", while others might offer an attached file with purported updates on national policies to deal with the pandemic, said an alert jointly issued by the US Cybersecurity and Infrastructure Agency and Britain's national Cyber Security Center.
In our previous stories, you might have already read about various campaigns warning how threat actors are capitalizing on the ongoing coronavirus pandemic in an attempt to infect your computers and mobile devices with malware or scam you out of your money. Most of the recent cyberattacks are primarily exploiting the fears around the COVID-19 outbreak-fueled by disinformation and fake news-to distribute malware via Google Play apps, malicious links and attachments, and execute ransomware attacks.
While this move by the government was lauded by many, cybersecurity experts noticed that almost immediately, cybercriminals kickstarted efforts to either steal the money coming to people or set up scams using potential stimulus checks as ways to steal people's information. A number of cybersecurity experts said the scams will resemble the typical IRS and tax season scams that have become increasingly common over the past decade.
A memo sent out this week to all NASA personnel warns that the agency has seen a significant increase in cyberattacks, including phishing and malware attacks, while its employees work remotely during the COVID-19 outbreak. The memo, obtained by space news website SpaceRef, reveals that the number of email phishing attempts doubled in the past few days and there has been an "Exponential increase" in malware attacks on NASA systems.
The agency that oversees online addresses on Tuesday called for those issuing website addresses to vigilantly thwart cyber scams exploiting coronavirus fears. The Internet Corporation for Assigned Names and Numbers took the unusual step of firing off a letter to "Registrars" entrusted with the business of issuing website names around the world.
Many companies are offering free cybersecurity tools and resources to help organizations during the COVID-19 coronavirus outbreak. Tens of companies have announced over the past weeks that they are offering free tools and services to organizations impacted by the pandemic.
Increased phishing attacks have been widely reported throughout the media, but it seems from this survey that more than half of all IT/security professionals have experienced them at first hand. In recent separate research, Check Point found that new coronavirus-themed domains are 50% more likely to be malicious than other domains; and that in the early days of the pandemic there was a huge surge in the number of new domain registrations - almost 10 times the number in earlier weeks.
Among the 411 IT and security professionals surveyed by Check Point and Dimensional Research, 71% said they've seen an increase in security threats or attacks since the start of the COVID-19 outbreak. Some 56% pointed to the task of securing remote access as the top challenge, 55% mentioned the need for remote access scalable solutions, and 47% pointed to remote workers finding and using untested tools and services.