Live Updates: COVID-19 Cybersecurity Alerts

Share Blog post

Hackers see any major event as an opportunity for sabotage or manipulation and the global spread of COVID-19 is a prime example of this. Since the first news stories broke, cybercriminals have been active with malware and phishing campaigns using coronavirus-themed lures. In light of this, Cyware has created this resource to collect and share live updates on the latest COVID-19-related threat intelligence, alerts, malware attacks, phishing attacks, scams and more. We are actively working to keep this page updated and accurate in order to ensure that it is timely and relevant to as many people as possible.

_______________________________________________________________________________________

(May 23, 2020)


Six times increase reported in malicious emails amid COVID-19 crisis

The UN disarmament chief warned that cybercrime is on the rise, with a 600% increase in malicious emails during the COVID-19 pandemic. The coronavirus crisis is moving the world toward increased technological innovation and online collaboration. There have also been worrying reports of (cyber) attacks against health care organizations and medical research facilities worldwide. The growing digital dependency has increased the vulnerability to cyberattacks.


_______________________________________________________________________________________

(May 23, 2020)


Around 37 percent increase observed  in cyber attacks in India

India has seen a 37 percent increase in cyberattacks in the first quarter (Q1) of 2020, as compared to the fourth quarter (Q4) of last year, a new report revealed. The Kaspersky Security Network (KSN) report showed that its products detected and blocked 52,820,874 local cyber threats in India between January and March this year (2020).


_______________________________________________________________________________________

(May 23, 2020)


Digital networks having an increased number of cybersecurity challenges

Governments and corporates activated remote work protocols, instructing people to stay home, and practice social distancing. This transition, for the most part, was seamless thanks to its underpinning technology – the internet. That said, this deluge of digitization has, in no small terms, strained the data infrastructures of many nations, as telecom operators scramble to cope with the overwhelming demand for seamless connectivity.


_______________________________________________________________________________________

(May 23, 2020)


Technology professions in high demand despite the Coronavirus pandemic

Cybersecurity is one of those technology professions that have been in high demand despite the pandemic. Businesses have been eagerly looking to hire cybersecurity talent, as evident from thousands of job postings on LinkedIn. Cybersecurity teams may very well be immune to recession and mass layoffs in many sectors. There are many factors for this, and perhaps one of the biggest ones is the sharp rise in cyber attacks in the last six months. 


_______________________________________________________________________________________

(May 23, 2020)


Security officers are now focusing on ‘borderless security’

The COVID crisis has redrawn the boundaries of cybersecurity. Instead of ‘perimeter security’, the chief information security officers (CISOs) are now focusing on ‘borderless security’ as organizations shift to remote working and distributed digital assets. To compound the challenge, crises drive threat levels up and COVID-19 has been no different. There has been a 500% jump in phishing and ransomware attacks.

Ref - TCS

_______________________________________________________________________________________

(May 22, 2020)


IT service providers had to change their day-to-day operations

During COVID-19, Service Providers face various difficulties. Besides infrastructure and resource management, another top priority issue is cyber security. In countries like India, all service providers could not properly adjust to the new circumstances, especially when their contingency plans were not sufficiently robust. In Argentina, general complications of COVID-19 and the subsequent government restrictions are expected to cause difficulties. Similarly, in all other major countries, Service Providers fae issues in coping up with the COVID-19 epidemic.

Ref - Mondaq

_______________________________________________________________________________________

(May 22, 2020)


COVID-19 crisis increases threats to medical IoT

The mere fact of the COVID pandemic’s existence has pushed the American healthcare system to capacity, but another threat to that system has reared its ugly head, cyberattacks. Particularly those based on ransomware have become more common as the disease spread, targeting medical IoT devices and healthcare networks.


_______________________________________________________________________________________

(May 22, 2020)


DNS spoofing attacks on rise amid COVID-19 outbreak

Cybersecurity researchers have found that since early February, the number of Google searches and URL views associated with the Coronavirus has increased significantly. Cybercriminals also use these hot topics as bait to profit from them. The number of domain name registrations related to the new crown virus increased by an average of 656% per day. Also, maliciously registered domain names increased by 569%.

Ref - Lifars

_______________________________________________________________________________________

(May 22, 2020)


ECHO joined forces to establish its COVID-19 cyber defense alliance

Monitoring the cybersecurity landscape and the increase of COVID-19 related cyber crimes reporting by cyber experts and law enforcement agencies worldwide, the ECHO network of cybersecurity centers (ECHO) has joined forces to establish its COVID-19 Cyber Defence Alliance. Its aim is to support all initiatives that aim at protecting the EU Member States, key services, and critical infrastructure from cyber attacks.


_______________________________________________________________________________________

(May 22, 2020)


Cyber threats and attacks during the COVID-19 pandemic

Working from home allows people to minimize social interaction, which limits and slows the spread of COVID-19. But, as highlighted in a recent alert from the North American Electric Reliability Corp. (NERC), the electric power industry is in a period of heightened cyber risk due to a large contingent of industry employees working remotely.


_______________________________________________________________________________________

(May 22, 2020)


Return of COVID-19 lockdown can trigger attacks

Cybercriminals may be waiting for remote workers and compromised endpoints to reconnect to corporate networks before triggering attacks, including the deployment of ransomware. As UK employees return to the office and other workplaces over the coming weeks, Redscan is urging businesses to stay alert to these risks, see all endpoints are sanitized upon their return to the office, and monitor networks for evidence of compromises.


_______________________________________________________________________________________

(May 22, 2020)


Cyber help is a pandemic duty for national guard

Maryland Governor called in the National Guard to aid in the coronavirus pandemic response by executive order. Since then, the Guard has been helping the state increase with COVID-19 tests and screening and assisting but also pitching in with cybersecurity assessments. For Maryland, the need is acute: the state is just a year removed from a devastating ransomware attack that hobbled Baltimore city’s networks.

Ref - TLO

 _______________________________________________________________________________________

(May 22, 2020)


Supercomputers managing COVID-19 data are being targeted

Energy Department officials said they have noticed a spike in cyberattacks on national laboratories and that foreign nations are interested in U.S. coronavirus research. They are seeing some increased activities around the national laboratories in particular, with regard to cyber activity. Slight increases in the number of hits observed at computing facilities. Cyberattacks have increased during the pandemic as the number of people working remotely.


_______________________________________________________________________________________

(May 22, 2020)


Hackers are targeting both individuals and businesses across Canada

While the federal government combats hostile foreign intelligence services seeking the country’s biggest secrets, hackers and fraudsters are keen on cashing in on the fear the novel coronavirus has created, targeting both individuals and businesses across Canada. Meanwhile, work from home policies are in effect across thousands of companies, and the resulting IT sprawl is giving security leaders headaches.


_______________________________________________________________________________________

(May 22, 2020)


Coronavirus pandemic changed the dynamics of security

As employees adapt to the new normal of working from home, there has been a slew of attacks aimed at exploiting their lack of knowledge. According to data from Barracuda Networks, phishing attempts have increased by 600% since February. Organizations globally are conducting regular cybersecurity training with their employees and educating them about the ongoing cyberattacks, and sharing best practices to be secure


_______________________________________________________________________________________

(May 22, 2020)


Protecting educational institutions during COVID-19 pandemic

Following basic security practices, educational institutions can secure their remote endpoint devices: educate the students and faculty members about cyber-attacks, ensure that the online training software used is secured, monitor the endpoints and gain clear visibility, patch applications regularly to prevent vulnerabilities, assess for threats and vulnerabilities and respond to them, and make systems abide by security compliance standards.

Ref - SecPod

_______________________________________________________________________________________

(May 22, 2020)


Beware of the Coronavirus themed phishing attacks

There have been 192,000 coronavirus-related attacks per week, a 30% increase when compared to the previous weeks. The coronavirus-related attacks defined as websites with “corona”/”COVID” in its domain, files with “Corona” related file names, and files that have been distributed with coronavirus-related subjects in their email. So users should beware of lookalike domains, spelling errors in emails or websites, and unfamiliar email senders.

Ref - HcaMag

_______________________________________________________________________________________

(May 22, 2020)


Protect Small Business from Coronavirus-themed cyber attacks

In spite of the seemingly endless arsenal of tools available to threat actors and the explosive growth of COVID-19-themed malware, there are numerous cybersecurity tools and measures available to small businesses that can protect them and help them become more cyber ready. For example, threat detection technology, proper password protocol, Software updates, and avoiding the use of public Wi-Fi while working.

Ref - Medium 

_______________________________________________________________________________________

(May 22, 2020)

Lack of historical data in terms of cyber underwriting in a post-COVID-19 world

From its inception, cyber underwriting has faced difficult challenges including a limited amount of historical data. Now, partly driven by the global pandemic, an increase in cyber-threat levels and demand for protection could represent a prime opportunity for a rethink. The cyber insurance market is growing rapidly and writing billions of dollars for cyber insurance, yet there is a lack of historical data in terms of cyber underwriting. 


_______________________________________________________________________________________

(May 22, 2020)


COVID-19 pandemic will expose organizations to higher cyber risks

The COVID-19 coronavirus pandemic is likely to leave organizations exposed to higher risks of cyber attacks for months or years to come. The number of attacks against organizations grew exponentially to reach a four-month high at the end of April, as the virus spread. But hacking and phishing attacks are likely to become the new norm for many companies, even as the virus infection rate begins to recede. Also, COVID-19 provoked a prolonged recession in the economy.


_______________________________________________________________________________________

(May 22, 2020)


COVID-19 pandemic impact on cybercrime in 2020

The 2020 Cyber Security Breaches Survey published by the UK’s Department for Digital, Culture, Media and Sport (DCMS) reports that 46 percent of UK businesses and 26 percent of charities were victims of cyber-attacks in the past year. Most attacks happen during off-hours, proving that when it comes to doing their dirty work, cybercriminals never sleep.


_______________________________________________________________________________________

(May 22, 2020)


Digital risks faced by children during COVID-19

More than 1 billion children globally have been affected by school closures. Around 60% of 8- to 12-year-olds are exposed to cyber risk, including cyberbullying, according to the Child Online Safety Index. In this time of coronavirus, though, with lockdowns closing schools around the world, keeping children safe online has never been more critical. On 16 May, 69.3% of total enrolled learners were affected by school closures due to the COVID-19 pandemic.

Ref - WeForum

_______________________________________________________________________________________

(May 22, 2020)


Mobile adware now become a new nuisance amid COVID-19 pandemic

According to Check Point Software, 27% of companies worldwide have suffered attacks on their mobile devices, showing a clear upward trend of sixth generation attacks. It only takes one compromised mobile device for cybercriminals to steal confidential information and access an organisation's corporate network. Adware is commonly distributed through mobile apps and developed to sneak onto a device undetected without uninstallation procedures.


_______________________________________________________________________________________

(May 22, 2020)


Privacy concern arises with COVID-19 pandemic

COVID-19 contact tracing is demonstrating some negative effects where it unmasks people’s private activities and leads to backlash. It can become a sophisticated surveillance system, outsourced to private operators, with no institutional oversight. For many years the lack of government tracking programs and the existence of generally permissive societies throughout the Western democracies made it difficult to think that individual people could be threatened by their own government tracking their movements.

Ref - LexoLogy
_______________________________________________________________________________________

(May 21, 2020)


Enterprises now spend more on cyber security due to Coronavirus

According to a new report from LearnBonds, nearly 70% of enterprises are looking forward to increasing cybersecurity spending due to the effects of the COVID-19 pandemic. Cybercriminals are targeting remote workers due to COVID-19. It has changed the security attack surface for all companies. 


_______________________________________________________________________________________

(May 21, 2020)


Three cybersecurity trends emerge from COVID-19 pandemic

Due to COVID-19, here are three positive and lasting trends that are expected to be adopted in post-pandemic reality: the focus will shift to zero-trust principles. Second, biomed and hospital IT professionals will expect a more transparent, simplified security experience. The third is, collaboration around threat intelligence will become a higher priority.

Ref - 24x7mag

_______________________________________________________________________________________

(May 21, 2020)


Cybersecurity risks for enterprises and offices during COVID-19 pandemic

Cyber attacks are accelerating as criminals and other threat actors seek to exploit the disruption caused by the COVID-19 pandemic. Businesses scramble to implement sweeping remote work practices and online-only interactions with employees, customers and vendors, and these changes have come with heightened cybersecurity risks. Some Family Enterprises (FEs) and Family Offices (FOs) are recognizing the danger, and taking steps to increase cybersecurity capabilities, but others need to catch up quickly.

Ref - EY

_______________________________________________________________________________________

(May 21, 2020)


New Data Center-related opportunities created due to the COVID-19 pandemic

The data center security solutions market is expected to grow by USD 5 billion during 2020-2024. The impact can be expected to be significant in the first quarter but gradually lessen in subsequent quarters, with a limited impact on the full-year economic growth, according to the latest market research report by Technavio. The report also provides the market impact and new opportunities created due to the COVID-19 pandemic. 


_______________________________________________________________________________________

(May 21, 2020)

Coronavirus created many new opportunities for threat actors

The global spread of the Coronavirus disease (COVID-19) has created many new opportunities for threat actors. Now, all organizations need to carefully review their multi-layered cybersecurity strategies and arm employees with knowledge of how to protect themselves against these specific attacks. Employees working at home for the first time may not be sufficiently aware of cyberthreats. The monthly detection categories increased by 33%.

Ref - SdcExec

_______________________________________________________________________________________

(May 21, 2020)

Federal agencies issue alert on COVID-19 cares act payment fraud scams

In the latest COVID-19-related fraud scheme, threat actors are looking to exploit the Coronavirus Aid, Relief, and Economic Security (CARES) Act economic impact payments to steal personal and financial information from individuals, according to an alert from the Department of Homeland Security Cybersecurity and Infrastructure Security Agency, Department of the Treasury, the IRS, and the Secret Service.


_______________________________________________________________________________________

(May 21, 2020)

Cyber Security teams should follow security best practices during COVID-19

To deal with increased cyber-risk, organizations should either hire more security professionals to watch over the network 24/7 while an already established security team works on securing the user credentials and login processes. Alternatively, they can adopt an AI system to catch possible threats on the network so security teams can focus their attention where it is needed. In the face of professional and budgetary shortfalls, an AI solution capable of detecting anomalous behavior on a network is an ideal solution.


_______________________________________________________________________________________

(May 21, 2020)

World economic forum cited cybersecurity as top issue from COVID-19

The World Economic Forum mainly concerns itself with high-level macroeconomic issues such as global recessions and world economic development. That’s why it was significant this week when the WEF cited cybersecurity as one of its “Top 10 Fallout” issues from COVID-19 in its Global Risks report. Nearly 38 percent of those surveyed say changing work patterns will lead to increases in cybersecurity and fraud incidents.


_______________________________________________________________________________________

(May 21, 2020)

Adaptability will be key to fight against Coronavirus themed cyber attacks

The COVID-19 pandemic impacted daily lives of millions of people around the world, and now everyone is working from home. So, security was the key issue once everyone was connected. Now, remote monitoring, filtering, restricted access management were all part of the CIOs’ plans to ensure smooth transition of work from office to work from home. It is important to become so adaptive that a user can quickly adapt to new situations.

Ref - ITNext

_______________________________________________________________________________________

(May 21, 2020)

Advanced threat groups are targeting COVID-19 research

Health organizations and other government entities in the United Kingdom and the United States that are involved in the fight against COVID-19 have suffered a slew of cyberattacks. According to the cybersecurity agencies of both countries, many of these cyberattacks originate at the hands of state sponsored hackers, referred to as advanced persistent threats, or APT groups. These APT groups have sought to use the global public health crisis to throw the US and UK’s COVID-19 response efforts into chaos.


_______________________________________________________________________________________

(May 21, 2020)

Mazor increase reported in cyberattacks against financial institutions

VMware, a leading innovator in enterprise software, has released the third annual “Modern Bank Heists” report, produced by VMware Carbon Black. The report combines original VMware Carbon Black threat data analysis with annual survey results featuring responses from 25 leading financial institution CISOs. From the beginning of February to the end of April 2020, attacks targeting the financial sector have grown by 238%.

Ref - AmeInfo

_______________________________________________________________________________________

(May 21, 2020)

Work-from-home increasing cyber attacks during Coronavirus lockdown

Phishing increased by 350% since the coronavirus outbreak started (between January to March 2020), according to data gathered and analyzed by Atlas VPN. It goes without saying that remote work inevitably brings a new set of risks and challenges. While it can’t solely blame the shift from office spaces to work from home for the increase in cyberattacks, organizations need to step up their cyber game to align better to this new way of working.


_______________________________________________________________________________________

(May 21, 2020)

Cybersecurity concern increased during COVID-19 pandemic

Cyber criminals are taking advantage of the COVID-19 crisis, as cybersecurity experts have tracked a rise in online scams related to the novel coronavirus. Using concerns about the novel coronavirus, cyber criminals have launched deceptive phishing and websites related to the pandemic. Bad actors are actively working to take advantage of the uncertainty and shortage of reliable information about topics of urgent interest.


_______________________________________________________________________________________

(May 21, 2020)

Hackers unleashed an unprecedented wave of cyberattacks amid Coronavirus

Cyber criminals have now launched an unprecedented wave of cyberattacks on a new glut of white collar workers operating in insecure home environments. They’re putting a new twist on popular penetration techniques, malicious domains, spam and ransomware, by manipulating fears of the coronavirus. Their intense efforts to exploit weaknesses before businesses can clamp down are keeping cybersecurity companies busier than ever.

Ref - Builtin

_______________________________________________________________________________________

(May 21, 2020)

How healthcare organizations can fight cyberattacks during the Coronavirus

Security is no longer an IT issue; it is a business issue that must be embraced by executives and multiple stakeholders across the organization. In light of the attacks against medical organizations, the following recommendations can be followed by security teams in the healthcare sector: follow basic security hygiene practices, apply a cogent and comprehensive strategy, think like the attackers and invest in the security stack. 


_______________________________________________________________________________________

(May 21, 2020)

Protecting business from cyber spies amid Coronavirus crisis

Following certain security measures can help organizations reduce the risk of cyber crime affecting organisations: revisit information security policy or create one, ensure cybersecurity forms part of the governance framework. Regularly test internet and network security. Update virus and firewall products, test security around remote working. Use a secure VPN and don’t allow staff to send or receive confidential information via their own home internet provider or free public wi-fi.


_______________________________________________________________________________________

(May 21, 2020)


Healthcare sector top target for COVID-19-themed cyber attacks

The healthcare sector has long been a preferred industry for hackers to target. Now that many healthcare systems are under extra strain due to the COVID-19 pandemic, these cyberattacks could prove especially devastating. A patient’s medical file potentially holds a wide assortment of information hackers could sell on the Dark Web. Also, criminals operating online also understand the tremendous urgency healthcare workers deal with daily.


_______________________________________________________________________________________

(May 21, 2020)


Government agencies should be on high alert till end of this year 

The number of cyberattacks using the Coronavirus pandemic first emerged around February 2020. But now such attacks have seen an exponential upswing, stated the latest report ‘The Global Threat Landscape Report Q1 2020’ by Subex. European countries, especially the United Kingdom, are the most attacked. The report warned the government agencies to be on high alert until the end of this year as COVID-19-themed cyberattacks are rising.


_______________________________________________________________________________________

(May 21, 2020)


Kerala In India reported highest number of phishing attacks during Coronavirus lockdown

K7 Computing’s Cyber Threat Report, a comprehensive analysis of cyberattacks during the lockdown, has found that Kerala recorded the highest number of cyberattacks during this period. The report analyses various cyberattacks within India during the pandemic and reveals that threat actors targeted the state with COVID-19 themed attacks aimed at exploiting user trust.

Ref - CRN

_______________________________________________________________________________________

(May 21, 2020)


Cyber security startups are in crisis due to Coronavirus

The Covid-19 pandemic has changed the world of work. It has, almost instantaneously, created a pervasive working from home environment. The statistics show that many startups fail, but new security challenges may well see them replaced with new firms that take on the new challenges. There is also likely to be a time of consolidation as large players look to plug the gaps in their product roadmaps by acquiring some of the minnows in the startup pond.


_______________________________________________________________________________________

(May 21, 2020)


Parliament’s Zoom meeting was defaced with porn image

Due to Coronavirus, the whole world now adopted virtual meetings and hackers are exploiting this opportunity. The National Assembly programming committee’s meeting was hacked with porn images, with the hacker also racially abusing speaker Thandi Modise who was chairing the virtual meeting. The meeting had barely started at 9 am, literally 50 seconds in, and was still dealing with the first item on the agenda when porn images appeared on the screen. 


_______________________________________________________________________________________

(May 21, 2020)


Effects of COVID-19 on global fraud detection & prevention market

With the emergence of the COVID-19 crisis, the world is fighting a health pandemic as well as an economic emergency, almost impacting trillions of dollars of revenues. Fraud detection & prevention market is predicted to grow with a CAGR of 26.5% by generating a revenue of $123,391.8 million by 2026. Artificial intelligence and machine learning is considered to create a huge opportunity for the fraud detection & prevention market investors.


_______________________________________________________________________________________

(May 21, 2020)


Governments agencies now being hit by cyberattacks more harder

Research from Deloitte has found that governments are being held hostage by cyber attacks more frequently, with criminals expanding their attack base and asking for more money. Governments in 2019 reported 163 ransomware attacks and paid over $1.8 million dollars in ransoms, with tens of millions of dollars spent on recovery costs. State and local governments should live and plan with the reality that their critical systems and data will be attacked.


_______________________________________________________________________________________

(May 21, 2020)


Important responsibilities for CISO after COVID-19 pandemic ends

The new cybersecurity priorities post COVID-19 that will become the new normal for most CISOs, will include: Securing remote employees, quick actions required, tackling new attack vectors and security concerns with third-party applications. When employees work from the office, they are protected by a strong security infrastructure. But working from home or a different location, it automatically increases the level of risk.


_______________________________________________________________________________________

(May 21, 2020)


Organizations could increase their cybersecurity budgets to respond COVID-19 crisis

A new study from LearnBonds indicates that 68% of major organisations (public and private) plan to increase their cybersecurity spending as a response to the COVID-19 pandemic, given the intersection of increased Work From Home (WFH) and the growth of data breaches, phishing and ransomware attacks. 


_______________________________________________________________________________________

(May 21, 2020)


Coronavirus relief fund fund now being targeted by fraudsters

Delhi Police is probing two cyber fraud cases where fake Unified Payments Interface (UPI) IDs of the Prime Minister’s Citizen Assistance and Relief in Emergency Situations (PM-Cares) Fund were created to dupe people into parting with money for donations to the fight against Covid-19. Delhi Police cyber cell investigators traced people behind the fraud to some areas in Jharkhand, including Jamtara, which has emerged as a hub of cyber frauds such as phishing in recent years.


_______________________________________________________________________________________

(May 21, 2020)


Several vulnerabilities spotted in NHS COVID-19 contract-tracing app

Wide-ranging security flaws have been flagged in the NHS Covid-19 contact-tracing app, after being piloted in the Isle of Wight. The security researchers involved have warned the problems pose risks to users’ privacy and could be abused to prevent contagion alerts being sent. There has been an increase of concerns from NHS officials, as they are racing to improve the COVID-19 contact-tracing apps privacy safeguards.


_______________________________________________________________________________________

(May 20, 2020)


Coronavirus become double edged sword for Zoom application

Due to Coronavirus, the daily meeting participants on the Zoom platform surged from 10 million in December, 2019 to 200 million in March 2020. However, a plea has been filed in the Supreme Court seeking a direction to the Centre to ban the use of ‘Zoom’ application for official and personal purposes by the public until an appropriate legislation was put in place to ensure adequate cyber security. The petition filed by a homemaker and a part-time tutor.


_______________________________________________________________________________________

(May 20, 2020)


Coronavirus pandemic is boosting cybercrime

Following news of the EasyJet hack and massive information theft in the aviation sector, growing cybersecurity concerns have become one of the leading risks due to the impact of COVID-19, according to the recently released Global Risks Reports by the World Economic Forum. As the COVID-19 crisis accelerates dependency on technology enabled economic processes, it is also exacerbating cyber-risks.


_______________________________________________________________________________________

(May 20, 2020)


Many people working from home have had zero security awareness training

More than 726 million cyber-attacks launched from online resources have been recorded this year. The new research from Kaspersky's cyber threat analysts warns that the COVID-19 outbreak could lead to the destabilisation of the online world. The research has revealed more 75% of people working from home say that they have had zero IT security awareness training since they switched from office working to remote working overnight.

Ref - ITP

_______________________________________________________________________________________

(May 20, 2020)


Phishing attacks during Coronavirus pandemic

Google Trends indicates the searches for COVID-19-related keywords has been increasing dramatically during the past few months. Since February 2020, they have seen reports that COVID-19 has been adopted as a novel theme in phishing attacks. Regular phishing websites existed even before the pandemic started, but the “look” was updated to reflect changes in web sites they imitate.

Ref - LastLine

_______________________________________________________________________________________

(May 20, 2020)


A COVID-19 themed phishing campaign spotted that gain remote access

Microsoft says a massive COVID-19 themed phishing campaign is underway, as a part of which attackers install the NetSupport Manager remote access tool to gain remote access. The new campaign, which was detected by the Microsoft Security Intelligence team, started on May 12. The malware payload comes through malicious Excel attachments that are being sent by the attackers via emails.

Ref - NDTV

_______________________________________________________________________________________

(May 20, 2020)


Security tips for a successful cyber threat intelligence program

COVID-19 has opened the cyberattack floodgates; defenders need strong cyber threat intelligence (CTI) analysis. The CTI program includes practices like leaning on vendors, equating threat intelligence with indicators of compromise, limited use of threat intelligence feeds and focus on internal security data and minimizing threat intelligence analysis. Also, CISOs should take an honest look at their capabilities and outsource CTI analysis and threat hunting.

Ref - CSOOnline

_______________________________________________________________________________________

(May 20, 2020)


Teleworking and cybersecurity risks during Coronavirus pandemic

In the context of the COVID-19 health crisis and various lockdown measures across the globe, companies were quick to react and implement teleworking. In a few days, most employees that could, started working remotely from home. This global practice has maintained a certain continuity of business despite this unprecedented crisis. More specifically, an unsupervised implementation of teleworking could increase IT security risks for companies.

Ref - Winston

_______________________________________________________________________________________

(May 20, 2020)


Healthcare providers are not secured from cyber attacks amid COVID-19 pandemic

Health systems, hospitals and office practices have been relying more on technology and digital tools during the COVID-19 pandemic in ramping up telehealth and engaging staff in teleworking. Making technology more convenient brings an inherent risk of reduced security. There are reports of cybercriminals using certain types of documents (coronavirus coverage maps) on non secure websites to plant malware on computers that access those sites.


_______________________________________________________________________________________

(May 20, 2020)


Coronavirus themed cyber attacks on rise

Whether it’s a hurricane, an election, or the current state of a pandemic, cyber criminals take advantage of disorder. An increase in activity surrounding cybercrime due to COVID-19 has been observed. Now malware and phishing attacks are becoming more prevalent than before. Also, ransomware attacks are becoming a new trend.

Ref - Cybergrx

_______________________________________________________________________________________

(May 20, 2020)


Organisations are at greater risk due to Coronavirus

A new report from the Mimecast Threat Intelligence Centre, entitled 100 Days of Coronavirus, tracks cybercrime activity since the start of the outbreak. It found that between January and March 2020, global monthly volumes of spam and opportunistic cybercrime detections increased by 26.3%, impersonation fraud detections increased by 30.3%, malware detections increased by 35.16% and the blocking of URL clicks increased by 55.8%. 


_______________________________________________________________________________________

(May 20, 2020)


Australia worried about global cyberattacks on healthcare sector

Australia has expressed concern over "malicious" hacking attacks across the world by cybercriminals and state-based actors targeting hospitals, medical services and facilities as well as crisis response organizations amid the COVID-19 pandemic. Australia had agreed with other countries at the United Nations to co-operate on cybercrime and not knowingly allow their territory to be used for "international wrongful acts."

 
_______________________________________________________________________________________

(May 20, 2020)


CCCS Curates Cyber Security Resources For Businesses Facing Heightened Risk

The COVID-19 crisis has seen an increase in opportunistic attacks from bad actors seeking to take advantage of employee fear and curiosity about the pandemic. So, the Canadian Centre for Cyber Security (CCCS) has responded to the crisis by marshaling new and existing cyber security insights into two curated portal sites: one aimed at the needs of research and development organizations, and another aimed more generally at Canadians and Canadian business.

Ref - Mondaq

_______________________________________________________________________________________

(May 20, 2020)


Organizations are at increased risk due to Coronavirus pandemic

Organisations are already facing business challenges in the wake of the coronavirus pandemic, and a rapid rise in COVID-19 related cyberattacks is causing additional stress. Between March 9th and 20th alone, a 234% increase was seen in daily registrations of new coronavirus-related web domains and subdomains, at more than 6,100 a day.

Ref - AmeInfo

_______________________________________________________________________________________

(May 20, 2020)


Cyber attacks are now evolving at much faster rate due to COVID-19 pandemic

Digital technology provider Subex said that it has detected 46 per cent increase in attacks on smart homes, enterprises and control systems connected to critical infrastructure as the global cyber threat landscape alters amid the ongoing coronavirus pandemic.The company also detected and reported a spurt in deceptive attacks on critical infrastructure elements across the world, especially in Eastern Europe, where these attacks are growing in volume.

Ref - AniNews

_______________________________________________________________________________________

(May 20, 2020)


Cyber Security Malta joins Interpol initiative against COVID-19’s cyber attacks

Malta’s cybersecurity agency Cyber Security Malta and the Police Force are joining a global alliance led by Interpol to create awareness about cyber-safety during the COVID-19 pandemic with the aptly-named #WashYourCyberHands campaign.The alliance is formed by global law enforcement and cybersecurity communities to protect the public from data fraud.


_______________________________________________________________________________________

(May 20, 2020)


Practical advice to deal with security breaches and cyber fraud during Coronavirus pandemic

Asset Management Firms should have a comprehensive, documented and Board-approved IT and cybersecurity strategy. The cybersecurity risk management framework should ensure related risks are identified, assessed and monitored. Firms must conduct and maintain a thorough inventory of IT assets and document cybersecurity incident response and recovery plans in place outlining what actions will be taken during and after a security incident.

Ref - MonDaq

_______________________________________________________________________________________

(May 20, 2020)


A breach report highlights public sector risk during Coronavirus

Public sector organisations are more vulnerable to cyber-attacks during the COVID-19 pandemic as a result of the rapid shift to the cloud and staff working from home. A report by Verizon cybersecurity painted a common picture of the cybersecurity threat space from recent years, with the majority of attacks being financially motivated and carried out by external actors, despite public perceptions about the prevalence of insider attacks and cyber espionage.


_______________________________________________________________________________________

(May 20, 2020)

Serco leaked contact tracers’ personal email addresses

Outsourcing business Serco has apologised after it accidentally leaked the email addresses of nearly 300 people training to become contact tracers. The Government says it has hired more than 21,000 people who will manually trace the movements of people with coronavirus in an attempt to monitor the spread of coronavirus.

Ref - TeleGraph

_______________________________________________________________________________________

(May 19, 2020)


Increased traffic reported in financial services, sports and travel industries during Coronavirus

Imperva, Inc., a cybersecurity firm published its April 2020 Cyber Threat Index Report, revealing that COVID-19 continues to affect overall traffic and attack trends, industries such as financial services, sports, and travel are showing early signs of recovery. The monthly report also showed retail traffic is peaking at Black Friday-level volume, application DDoS attacks increased in both volume and size, and the overall Cyber Threat Index score continues to be at a ‘high’ level.


_______________________________________________________________________________________

(May 19, 2020)


Lessons learnt from Coronavirus pandemic

Chief Technology Officer at Palo Alto Networks highlights various threats that the digital world is facing during the ongoing COVID-19 crisis and various prevention methodologies that can be adopted. One lesson could be taken away is to be prepared for the unimaginable in cybersecurity in the same way people should have been prepared for this pandemic. Another lesson is that adopting a Zero Trust security model is key to prevention and response.


_______________________________________________________________________________________

(May 19, 2020)


Cyber risks could increase if employees continue to work from home even after COVID-19 ends

The insurance boss of technology giant Fujitsu has warned that home working will become standard practice beyond Covid-19, leaving firms exposed to cyber risk that likely won’t be covered under their existing policies. The company’s EMEA Insurance CTO believes the increased risk could threaten the recovery effort of countries as they seek to bounce back after the pandemic.


_______________________________________________________________________________________

(May 19, 2020)


Cyberattacks against financial sector increased after Coronavirus pandemic

The Financial Services Information Sharing and Analysis Center, and particularly smaller firms, reported substantial increase in attempted cyberattacks since the start of the COVID-19 pandemic. In particular, cyber-attacks targeted at bank employees rose in the first quarter of 2020. As of early April, FS-ISAC had also over 1,500 fraudulent or phishing websites designed to look like pandemic-related lending or financial support programs to deceive visitors.

Ref - ICLG

_______________________________________________________________________________________

(May 19, 2020)


Cyber criminals are still exploiting fear surrounding Coronavirus pandemic

Since the global proliferation of COVID-19 from February onwards, the number of cyber-attacks has risen by over a third year-on-year. This increase in malicious cyber-attacks has primarily had an impact on organizations on the frontline of the global response, including the World Health Organization (WHO), healthcare services and charities addressing the pandemic.

Ref - RigZone

_______________________________________________________________________________________

(May 19, 2020)


Coronavirus pandemic increasing risk posed by cyber attacks

There has been a rapid surge in online activity outside the workplace: a significant increase in internet shopping; more time for people to spend online. Adding a rapidly changing environment and global crisis presents openings for cyber criminal opportunists. In light of (and despite) this unfamiliar landscape, it is important that businesses do not lose sight of the risk of cyber security and the damage it could cause.


_______________________________________________________________________________________

(May 19, 2020)


Cerberus is stealing credit card details using COVID-19 information

A malicious software called Cerberus is stealing financial data such as credit card details by luring people with COVID-19 related information, the Central Bureau of Investigation has warned states, Union territories and agencies after receiving Interpol inputs. The Trojan virus contacts smartphone users via text messages and asks to click on a link saying it will provide COVID-19 updates. When clicked, the link installs a malicious application on their phones.

Ref - NDTV

_______________________________________________________________________________________

(May 19, 2020)


Working from home and remote interactions is become the new norm

In recent months, the Coronavirus virus has changed the world. Now, the cyber attack landscape has also changed and it is important to know what is different and how to react to it. During the pandemic work-from-home, it is a lot harder to beware of suspicious links when the kids want attention. More than ever, it is now crucial to train employees to detect phishing campaigns.

Ref - RadWare

_______________________________________________________________________________________

(May 19, 2020)


Cyber criminals using COVID-19 pandemic to target vulnerable organizations

NTT Ltd, the leading global technology services provider, has launched its 2020 Global Threat Intelligence Report (GTIR), which reveals that despite efforts by organizations to layer up their cyber defences, attackers are continuing to innovate faster than ever before and automate their attacks. Referencing the current COVID-19 pandemic, the report highlights the challenges that businesses face as cyber criminals look to gain from the global crisis and the importance of secure-by-design and cyber-resilience.

_______________________________________________________________________________________

(May 19, 2020)


Hackers accessed details of millions of EasyJet passengers amid Coronavirus

British budget airline easyJet said that hackers had accessed the email and travel details of around 9 million customers, and the credit card details of more than 2,000 of them, in a “highly sophisticated” attack. The airline, which has grounded most of its flights due to the COVID-19 pandemic and is locked in a long-running battle with its founder and biggest shareholder.

Ref - France24
_______________________________________________________________________________________

(May 19, 2020)

Cybersecurity in post COVID-19 pandemic era

As COVID-19 reshapes social interactions and transforms work environments to more digital settings, the threat landscape in cyberspace is also evolving with new vulnerabilities emerging. The synapse between the COVID-19 pandemic and cybersecurity imperatives can be addressed with a call to action that the new Cyber Security Strategy on the anvil can address.

Ref - MediaNama

_______________________________________________________________________________________

(May 19, 2020)


Cyber attacks increased due to innovation and automation 

NTT Ltd., launched its 2020 Global Threat Intelligence Report (GTIR), which reveals that despite efforts by organizations to layer up their cyber defences, attackers are continuing to innovate faster than ever before and automate their attacks. Referencing the current COVID-19 pandemic, the report highlights the challenges that businesses face as cyber criminals look to gain from the global crisis and the importance of secure-by-design and cyber-resilience.


_______________________________________________________________________________________

(May 19, 2020)


UK public sector is highly exposed to ransomware attack amid Coronavirus

Clearswift research reveals a lack of cyber security awareness among public sector workers, with almost half unaware of ransomware. The research with 1,000 public sector employees, revealed that almost half of respondents (47%) have either not heard of, or do not know what ransomware is, with 42% not having heard of, or what two-factor authentication (2FA) is. Also, the coronavirus crisis is bringing increased cyber-attacks.

Ref - PressReleases

_______________________________________________________________________________________

(May 19, 2020)


Cyber attacks worry business leaders around the world

Executives whose job it is to identify risks are also concerned about a related surge in bankruptcies, high levels of youth unemployment and increased cyber attacks arising from a shift to remote working, according to a report by the World Economic Forum (WEF), Marsh & McLennan and Zurich Insurance Group. The authors surveyed nearly 350 senior risk professionals from large companies around the world.

Ref - Edition

_______________________________________________________________________________________

(May 19, 2020)


A fake government website taking advantage of COVID-19

A fake website claiming to be from the federal government of Canada is preying upon those seeking financial relief from the COVID-19 pandemic. In a recent blog report, security vendor Proofpoint warned that multiple “threat actors” across the world have created fake websites posing as fronts for pandemic financial assistance programs, including Canada’s very own Emergency Response Benefit (CERB) website.


_______________________________________________________________________________________

(May 19, 2020)


Cyber attackers now exploiting new avenues of attack

The pandemic, and specifically, the lockdowns resulting from it, has spurred criminals to shift their cyber fraud schemes to exploit new avenues of attack. Fraud and hacking are becoming most prevalent in areas like card attacks, account attacks and, in a nod to the pivot toward eCommerce, delivery attacks. The waves of new account creation are thus a concern.

Ref - Pymnts

_______________________________________________________________________________________

(May 19, 2020)

COVID-19 themed ransomware attacks causing more damage

Cybercriminals are using the COVID-19 pandemic to full advantage, increasing the frequency of attacks and using ransomware, causing more damage. As the COVID-19 virus wreaks havoc on the world’s economy, businesses continue to suffer from the relentless spread of a different kind of “virus,” ransomware attacks, which deploy malware to render IT systems inoperable or data inaccessible unless and until a ransom is paid.


_______________________________________________________________________________________

(May 19, 2020)


Money is biggest motive for cyber criminals around the world

Verizon Business 2020 Data Breach Investigations Report found that confirmed data breaches doubled from the prior year. As the coronavirus pandemic has forced people indoors, cyber attacks on businesses are expected to climb. The report found that 86% of breaches were for money, not for purposes of spying. Credential theft, phishing and compromising business emails caused 67% of the cyber attacks.

Ref - News18

_______________________________________________________________________________________

(May 18, 2020)


Security tips to stay protected while working from home

Organise employee security awareness training and spear-phishing stimulation to educate them on how to recognise and report attacks. Reconsider access policies to enforce two-factor authentication for email accounts of all employees, Ensure users connect to the company-provided VPN to secure remote access and avoid unauthorized exposure of user credentials or other sensitive data and other basic practices.


_______________________________________________________________________________________

(May 18, 2020)


Staying safe from COVID-19 phishing scams and cyberattacks

As employees continue to work from home, employees are reminded to assess home security measures on a weekly basis to update and/or add any defenses accordingly. Such practices include, look out for tell-tale signs such as poor spelling and grammar, keep operating systems and applications up to date, use an anti-malware solution on your endpoints, making sure all features are enabled and definitions are up to date, etc.

Ref - MassBio

_______________________________________________________________________________________

(May 18, 2020)


Electric power industry is at risk during COVID-19 pandmeic

Working remotely during the COVID-19 pandemic has been a lifesaver, but it has also brought new threats. Working from home allows people to minimize social interaction, which limits and slows the spread of COVID-19. But, as highlighted in a recent alert from the North American Electric Reliability Corp. (NERC), the electric power industry is in a period of heightened cyber risk due to a large contingent of industry employees working remotely.


_______________________________________________________________________________________

(May 18, 2020)


Why business are so vulnerable amid COVID-19 pandemic

Businesses are just trying to make it through the pandemic. Due to businesses focusing on keeping basic operations up and running, proactive security measures may not be at the top of the agenda. This is something that hackers are counting on. As terrible as it sounds, successful attackers look for the soft spot for an attack, and a corporation with little to no security.


_______________________________________________________________________________________

(May 18, 2020)


COVID-19 themed cyber attack could hit diverse targets

Besides hospitals and academic institutions, dozens of nonprofits, including so-called "nongovernmental organizations," or NGOs, around the world must protect their COVID-19 research and related activities from those seeking to steal data or disrupt their operations. A wide variety of these nonprofit organizations are potential targets for cyberattacks during the COVID-19 pandemic. Attacks on these organizations could affect their partners as well.


_______________________________________________________________________________________

(May 18, 2020)


Healthcare and research institutions are now at high risk due to Coronavirus

The United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom's National Cyber Security Centre (NCSC) recently issued an alert warning that malicious cyber actors are targeting health care and other essential services related to COVID-19. Health care providers, pharmaceutical companies, academia, medical research organizations and local governments face heightened risks.


_______________________________________________________________________________________

(May 18, 2020)


Cyber policy during working from home

Working from home has quickly become the new normal, but it may also be the reason your cyber insurer denies coverage for the next cyberattack. In the meantime, policyholders would be well-advised to review their cyber insurance policies and consider whether they have adequate coverage for cyberattacks in the current work-from-home environment.


_______________________________________________________________________________________

(May 18, 2020)


Crisis response for healthcare’s security during COVID-19 pandemic

The Healthcare and Public Health Sector Coordinating Council (HSCC) and the Health Information Sharing and Analysis Center (H-ISAC) jointly released guidance for healthcare entities on ways to manage their cybersecurity tactical crisis response during an emergency, such as the COVID-19 pandemic. The guidance was developed amid the COVID-19 pandemic, which HSCC noted resulted in a rise in telemedicine visits and telework.


_______________________________________________________________________________________

(May 18, 2020)


COVID-19 pandemic changed the cyber threat scenario

With the global health crisis forcing huge numbers of people to work from home, businesses must make some important considerations to protect themselves from malicious cyber attacks. The COVID-19 pandemic has impacted the cyber security landscape, as threat actors are now taking advantage of the crisis and exploiting the situation to prey on remote workers. There has been a noticeable shift in the tactics used by existing threat actors..


_______________________________________________________________________________________

(May 18, 2020)

COVID-19 pandemic become a golden opportunity for cyber criminals

Coronavirus-related cyberattacks have proliferated since the first COVID-19 cases emerged in Wuhan, China. According to a recent Microsoft analysis, every country in the world has now experienced at least one such cyberattack, with the number of successful intrusions increasing daily. In a heightened state of confusion and stress, security gaps stemming from human vulnerabilities, such as email scams and unmonitored malware intrusions, have inevitably escalated.


_______________________________________________________________________________________

(May 18, 2020)


Criminals are hacking Indian cooperative banks using a COVID-19 Trojan

Cybersecurity services company Seqrite claims to have detected a new wave of Adwind Java Remote Access Trojan (RAT) campaign targeting Indian co-operative banks using COVID-19 as a bait. Researchers at Seqrite warned that if attackers are successful, they can take over the victim’s device to steal sensitive data like SWIFT logins and customer details. They can also launch large scale cyber attacks and commit financial frauds.


_______________________________________________________________________________________

(May 18, 2020)


Impact of COVID-19 pandemic on cyber security

As businesses around the world implemented a work from home (WFH) operating model, IT, security and management teams worked hard to facilitate a strong and secure infrastructure. WFH operations present significant cyber risks if all aspects of security were not properly considered. In a recent Fast Fast Forward Live webinar, cybersecurity experts from AXA XL, S-RM and Mullen Coughlin discuss the impact of COVID-19 on cyber security.

Ref - Axaxl

_______________________________________________________________________________________

(May 18, 2020)

Cybercriminals are taking advantage of COVID-19 in many ways

Cybercriminals are again showing their true colors in the COVID-19 pandemic. Their attacks have always been socially engineered to prey on people’s fears, but the exploitation in the COVID-19 era is nothing short of sinister. Perhaps what’s most shocking in the development of COVID-19-themed attacks is the behavior of larger ransomware organizations ( “Doppelpaymer” and “Maze”) themselves. These groups are now even offering discounts on ransom in this COVID-19 era.


_______________________________________________________________________________________

(May 18, 2020)

COVID-19 pandemic changed the way the world works

In a very short span of time, COVID-19 has dramatically changed the way the world operates. As governments worldwide mandate social distancing to prevent disease transfer, there has been a significant rise in remote working. This has resulted in a range of issues for many SMEs, because while working from home, the required levels of corporate safety precaution are difficult to maintain.


_______________________________________________________________________________________

(May 18, 2020)

Phishing attacks now using Aarogya Setu application name

Phishing attacks in the name of Aarogya Setu app are on the rise, as cybercriminals take advantage of the COVID-19 pandemic for their vested interests. In its latest warning, the Indian Computer Emergency Response Team (CERT-IN) says there has been a major increase in phishing attacks in the name of Aarogya Setu contact tracing app, as well as video calling apps such as Zoom, Microsoft Teams, and Google Meet.


_______________________________________________________________________________________

(May 18, 2020)

Protecting smart infrastructure amid the COVID-19 pandemic

Securing smart homes and smart buildings from cybersecurity risks becomes more relevant than ever in the light of the COVID-19 pandemic crisis. ENISA presents some fundamental measures for securing smart devices. This includes the use of long and different passwords, performing updates on a regular basis, configuring multiple networks on the router, leveraging user guides for enabling the relevant security features, and using secure wipe smart devices, etc.

Ref - ENISA

_______________________________________________________________________________________

(May 18, 2020)

Google and KPMG share their insights for securing accounts and access during Coronavirus pandemic

Many prolific fraud cyber attacks are on the rise since COVID-19 pandemic, and best was to handle them is of urgent importance for both the organizations and the people. It is essential for organizations to continuously promote the importance of cybersecurity threats to internal staff as well as to the public through Info Security Awareness. The government should also consider establishing an extensive Cyber Security Awareness Program that could be easily replicated across to all government agencies.


_______________________________________________________________________________________

(May 18, 2020)

Security Tips to protect trading firms from cyber attacks during Coronavirus

There are five areas, where commodity trading businesses should look to mitigate the key risks. This includes 1) Review, test and revise fraud response plan, 2) Scrutinize risk indicators, and investigate exceptions promptly and thoroughly, 3) Keep the firm’s teams talking about what’s going on, given the current disruption to markets and operations. 4) Review and revise incentives to reduce the trading related fraud risks and 5) Look after people for signs of stress and general health and wellbeing.

Ref - PWC

_______________________________________________________________________________________

(May 18, 2020)

Stay vigilant of cyber fraudsters during COVID-19 lockdown

A study on trending cybercrime shows cybercriminals are taking advantage of the situation as a large number of people are using online banking services to be updated with their banking updates. Cybercriminals are attacking the computer networks and systems of individuals, businesses and even global organizations at a time when cyber defenses might be lowered due to the shift of focus to the health crisis

Ref - SiaSat

_______________________________________________________________________________________

(May 18, 2020)

Attacks on financial institutions doubled in three months

The COVID-19 has provided cyber attackers with ample opportunity to ramp up their operations as the world engages online more than any other time in history. Attacks targeting the financial sector at large have swelled by 238% in the months from February through to the end of April 2020, while 80% of surveyed financial institutions reported an increase in cyber attacks over the last 12 months, according to a report released from VMware Carbon Black.


_______________________________________________________________________________________

(May 18, 2020)

Police catch suspects planning ransomware attack on a hospital 

Police in Europe has swooped on a cybercrime gang that they suspect of planning ransomware attacks using COVID-19 lures against hospitals. The four-man “Pentaguard” group was formed at the start of the year, according to the Romanian Directorate for Investigating Organized Crime and Terrorism (DIICOT). They intended to launch ransomware attacks, in the near future, on some public health institutions in Romania.


_______________________________________________________________________________________

(May 18, 2020)

India’s e-commerce growth pushed by COVID-19 pandemic along with cyber attacks

Fraud instances could possibly rise at an even quicker pace as India’s e-commerce market propelled by the COVID-19 outbreak. The rapid growth of the e-commerce sector has also inadvertently led to a rise in fraud. The number of online shopping frauds registered with the National Consumer Helpline has jumped nearly six times from 977 cases in FY17 to 5,620 cases in FY20 till November 2019, taking the total count of cases since FY17 to 13,993.


_______________________________________________________________________________________

(May 18, 2020)

Cybercriminals now targeting supercomputers in Europe

Supercomputers across Europe were infected with cryptocurrency mining malware, forcing operators to shut the systems down to investigate the attack. Many of the impacted systems are used to run workloads that hope to help in the fight against COVID-19, along with other important research. The University of Edinburgh was the first to declare that something was wrong.


_______________________________________________________________________________________

(May 18, 2020)

Remote working increasing security incidents amid Coronavirus lockdown

Many people work from home due to the COVID-19 pandemic, and cybersecurity in quarantine is a new topic often on the minds of information technology (IT) professionals. A workplace gives a relatively controlled environment where an organization can enforce regular password changes, monitor for new devices connecting to the network and exercise other precautions to keep cybercriminals at bay. But these are difficult to follow which working from home.


_______________________________________________________________________________________

(May 18, 2020)

Security tips to protect network against COVID-19-themed cyber attacks

Users are suggested to take steps to reduce the risk of malware and other cyber threats. Here are some tips to consider: equipping systems with the latest firewalls and anti-virus software, using a virtual private network, ensuring that all company-issued devices are protected and provide training for employees, so they know how to recognize and report suspicious activity.


_______________________________________________________________________________________

(May 17, 2020)

Trusted Business Insights published their latest study on railway cybersecurity

Trusted Business Insights presents an updated and Latest Study on Railway Cybersecurity Market Market 2019-2026 ((including the Business Impact of COVID-19)). The report contains market predictions related to market size, revenue, production, CAGR, Consumption, gross margin, price, and other substantial factors. While emphasizing the key driving and restraining forces for this market, the report also offers a complete study of the future trends and developments of the market.


_______________________________________________________________________________________

(May 17, 2020)

People should be vigilant during the COVID-19 pandemic

The COVID-19 pandemic renders individuals and society extremely vulnerable in all respects. Safety4sea highlights the importance of being vigilant during the COVID-19 pandemic, reminding that cybercriminals don’t take breaks, as mentioned by Interpol. The COVID-19 has set the world into a frenzy, with high levels of anxiety and citizens trying to find ways to keep themselves and their families safe and healthy.

Ref - Mfame

_______________________________________________________________________________________

(May 17, 2020)

Insurance bosses proposed a scheme to cover the costs of future pandemics

A state-sponsored cyber attack could cause economic damage on a scale equal to COVID-19, overwhelming the insurance industry and requiring the Government to step in to cover the losses, the chairman of Lloyd’s of London has warned. It would be a good idea for any government-backed program to address future pandemic risk to include a mechanism to deal with rare but catastrophic events such as a large cyber attack.

Ref - Telegraph

_______________________________________________________________________________________

(May 16, 2020)


Cyber criminals are targeting European supercomputers researching COVID-19

Supercomputers in Europe (including ARCHER) that are used to research COVID-19, were hacked this week, according to several laboratories. Some of the computers remain offline following the attack. Supercomputers in Switzerland, Germany, and the U.K. were affected. It’s not clear if the attacks were linked or who was behind them.


_______________________________________________________________________________________

(May 16, 2020)

COVID-19 related applications are not being tested properly 

Every Indian state is using its own set of apps for various [COVID-19 related] purposes, maybe for tracking, for keeping accounts or any other activity. These apps have not gone through the required process, like a set of security testing, etc. This is cause of major concern because if any app gets hacked it might result in trouble for its users who are using the apps and providing their sensitive information to these apps.

Ref - Medianama

_______________________________________________________________________________________

(May 16, 2020)

Coronavirus pandemic will boost the calls to overhaul the digital defenses

The lawmakers behind an ominous report about America’s lack of preparedness for a major cyberattack are hoping the coronavirus pandemic will boost their calls to overhaul the nation’s digital defenses. The Cyberspace Solarium Commission on March 11 released its 182-page report calling for a far more muscular stance against U.S. digital adversaries such as Russia and China.


_______________________________________________________________________________________

(May 15, 2020)

Cyber security challenges for healthcare amid Coronavirus pandemic

It is tough to maintain security with so many devices connecting to the network at such a rapid pace. It is important for CISOs to adapt their strategies to account for this growing attack surface with capabilities like continuous device visibility and control along with dynamic asset management, network access control, and network segmentation. Just as it’s being recommended that strong personal hygiene practices will help prevent the infection and spread of COVID-19.


_______________________________________________________________________________________

(May 15, 2020)

Cybercrime trend and type of attacks amid COVID-19

Over the past few months an increased amount of malicious attempts have been reported and many threat actors have started to abuse the panic and discomfort of the COVID-19 pandemic to conduct specially crafted cyber attacks. A significant spike has been recorded in activity on Brute-Force attacks (authentication issues), attempts for exploits (viruses) and increased access to malicious / suspicious IPs / URLs.


_______________________________________________________________________________________

(May 15, 2020)

Hackers keep hacking during Coronavirus pandemic

Cybercriminals haven’t hit the brakes for COVID-19. Hackers are installing malware on cell phones via fake coronavirus tracking apps and fake COVID-19 maps. The malware can steal bank details, passwords and login information from the victim’s device. And these are just a short list of cyber attacks, just a tip of the iceberg.

Ref - CSBJ

_______________________________________________________________________________________

(May 15, 2020)

How machines can protect themselves post COVID-19 era

In near future, machines would be able to protect themselves automatically, where a client that is an integral part of any operating system will act as an intermediary that establishes a trusted identity for each client system on a network. The client would then be able to authenticate every login attempt and request for resources by verifying each login through an authoritative security management platform such as Active Directory (AD).


_______________________________________________________________________________________

(May 15, 2020)

A significant number of new malicious domains related to COVID-19 appeared

Cybercriminals, who are notorious for riding trending news and emerging issues, have been watching matters unfold and developing their attacks in context with a large variety of updates and initiatives lined with the current pandemic. As a result, IBM X-Force Research has been seeing a significant number of new malicious domains related to COVID-19 appear in the wild since late February 2020.


_______________________________________________________________________________________

(May 15, 2020)

Coronavirus diverted the focus of world toward Cyber security

5 March 2020 marked an important milestone in multilateralism and for cyber as an issue. It was the moment when cyber was, for the first time ever, officially discussed at the UNSC. Previously there had only been theoretical discussions about cyber during informal Security Council meetings, and this was the first time that malicious behaviour in cyberspace had been put formally on the table.

Ref - ICDS

_______________________________________________________________________________________

(May 15, 2020)

British Supercomputer become a victim of cyber attack

British Supercomputer ARCHER, which is used for academic research by Universities operating in the U.K., has been hit by a cyberattack, forcing the admin to reset all user passwords and SSH keys. ARCHER provides invaluable resources for researchers who study problems with a global impact. The UK National Supercomputing service also serves a National Health Service (NHS) project working on developing a Coronavirus vaccine.


_______________________________________________________________________________________

(May 15, 2020)

Staying protected amid COVID-19 pandemic

Today, as the world grapples with the COVID-19 pandemic, hackers are trying to take advantage of the rapid changes happening across industries. To stay protected, lock arms with IT to secure software-as-a-service (SaaS) applications via cloud access security brokers for configuration, security and data loss prevention and reduce the access to IaaS providers by using jump boxes, and follow other basic security hyzine.

Ref - CXOToday

_______________________________________________________________________________________

(May 15, 2020)

Cyber criminal exploiting the global pandemic

More than 60 percent of phishing expeditions are now COVID-19 related as criminal hackers exploit the global pandemic, producing malicious emails dressed up as legitimate correspondence and attempt to gain access to companies’ computer systems. Cybercriminals are using the public’s “great thirst” for information about everything related to COVID-19 to their advantage.

Ref - National

_______________________________________________________________________________________

(May 15, 2020)

UK’s electrical grid targeted by a cyber attack

The UK’s electrical grid has been targeted by a potentially disruptive cyber attack on the systems of Elexon, a key cog in the electricity trading system. During the COVID-19 coronavirus pandemic, they present an even more critical target. An electrical black-out affecting a hospital or care home could have severe consequences, and attackers, particularly those backed by nation states, will be well aware of that.


_______________________________________________________________________________________

(May 15, 2020)

Demands for cyber insurance are on rise after COVID-19 cyber attacks

Companies are looking to cyber insurance to help manage the fallout from a wave of COVID-19 related cyberattacks, highlighting the need for businesses to pay close attention to internal data security shortcomings and policy limits that could spark coverage fights. Now with the massive abrupt change of so many working from home, that’s just thrown gas on the fire.


_______________________________________________________________________________________

(May 15, 2020)

Educational infrastructures could be targeted by invasive breaches amid Coronavirus

A report put out by Netwrix highlights the growing data and security risks that educational organizations are vulnerable to during this time of COVID-19, distance learning, and an increase in cloud technology activity. The report states that 54% of educational sector IT professionals are aware that district employees are compromising sensitive data by utilizing cloud apps unknown or unapproved by IT.

Ref - CSHub

_______________________________________________________________________________________

(May 15, 2020)

Fearware now become a new trend amid Coronavirus pandemic

A new term, Fearware, has come up and there are more than 3000 websites online available related to Coronavirus. These websites are created by amateur hackers who want to take money from user's bank account if a user clicks on their websites. They either take money from a user or give them false information.

Ref - Inventiva

_______________________________________________________________________________________

(May 15, 2020)

Cybersecurity legal Implications for businesses amid Coronavirus pandemic

Among the myriad challenges faced by businesses arising out of the global COVID-19 pandemic is the amplification of cybersecurity vulnerabilities and resulting increased risk of data breach and malware incidents. There is no single set of cybersecurity laws. Nor is there a single government agency responsible for enforcing cybersecurity practices or investigating data breaches. 

Ref - ICLG

_______________________________________________________________________________________

(May 15, 2020)

Cyber-attacks happening during COVID-19 in Spain

Due to the COVID-19 pandemic and the legislative measures adopted, many companies have been forced to implement teleworking measures or to intensify the use of the systems they already had. Now, it is the INCIBE (the Spanish "National Institute for Cybersecurity") through its publication of March 18, which is warning that a campaign consisting on sending fraudulent emails has been detected.


_______________________________________________________________________________________

(May 15, 2020)

Coronavirus become a golden opportunity for cyber criminals

With COVID-19 seemingly bringing the world to a halt and more than 50% of the globe’s population engaging in some form of lockdown, cyber criminals have viewed the pandemic as a golden opportunity. Interpol, Europol, Governments and other organisations around the globe have warned of an uptick in cyber activity amid the pandemic.

Ref - FSMatters
_______________________________________________________________________________________


(May 15, 2020)


Cyber attacks on Australian companies are on the rise amid Coronavirus crisis

BlueScope and MyBudget are the latest to confirm they have been subjected to a cyberattack, following Toll Group and Services New South Wales being hit. The attackers steal data and threaten to publish or use the information against the victim if they do not pay up. Attacks using ransomware are happening more often and businesses needed to beef up their security.

Ref - ABC

_______________________________________________________________________________________

(May 15, 2020)


An increase in malicious behaviour related to coronavirus pandemic is reported

The Canadian Centre for Cyber Security has reported an increase of malicious behaviour in terms of the coronavirus pandemic being used in phishing campaigns and malware scams. Essentially, cybercriminals know that a simple mention of “COVID-19” or “coronavirus” will instantly get attention. While this isn’t the first time cybercriminals have used national or global headlines to their advantage, it’s essential to keep an eye out.


_______________________________________________________________________________________

(May 15, 2020)


QNodeService Trojan is promising victims for COVID-19 tax relief

A new Trojan malware sample has appeared on the radar of cybersecurity researchers following evidence it may be used in coronavirus-related phishing schemes. The Trojan sample was connected to a file, "Company PLP_Tax relief due to COVID-19 outbreak CI+PL.jar," and was only detected at first by ESET's antivirus engine. 

Ref - ZDNet

_______________________________________________________________________________________

(May 15, 2020)


WHO released an application for health workers fighting against COVID-19 pandemic

A new World Health Organization (WHO) mobile app provides vital information to health workers battling the COVID-19 pandemic, delivering critical and timely knowledge resources in six languages- Arabic, Chinese, English, French, Russian and Spanish- directly to the health workers’ mobile phones and tablets.

Ref - WHO
_______________________________________________________________________________________

(May 15, 2020)


Thousands of cybercriminals are taking advantage of coronavirus pandemic

M3 Networks said there had been a huge increase in coronavirus-themed phishing attacks – in which fraudulent emails are sent to induce individuals to reveal personal information, such as passwords and credit card numbers. Over the past five weeks, the tech firm has identified 100,000 suspect website addresses linked to COVID-19 phishing emails.

_______________________________________________________________________________________

(May 15, 2020)


COVID-19 pandemic can reshape cybersecurity frameworks

COVID-19 disruption has exposed gaps in the security mechanisms and crisis response plans for many businesses, according to partner & lead for cybersecurity at PwC India Siddharth Vishwanath. Speaking to Express Computer, he highlighted how responding to this scenario presents an opportunity. The biggest learning for organisations from this crisis is to consider Black Swan scenarios seriously while drafting and testing the crisis strategy.


_______________________________________________________________________________________

(May 14, 2020)

Cybersecurity risks enterprises and offices facing amid COVID-19 pandemic

Cyber attacks are accelerating as criminals and other threat actors seek to exploit the disruption caused by the COVID-19 pandemic. Businesses scramble to implement sweeping remote work practices and online-only interactions with employees, customers and vendors, and these changes have come with heightened cybersecurity risks. Some Family Enterprises (FEs) and Family Offices (FOs) are recognizing the danger, and taking steps to increase cybersecurity capabilities, but others need to catch up quickly.

Ref - EY

_______________________________________________________________________________________

(May 14, 2020)

Microsoft’s decision will Impact everyone fighting against COVID-19 cyber threats

From May 14, Microsoft has introduced new COVID-19 threat intelligence sharing feeds for Azure Sentinel customers and this will also be made available publicly for everyone on GitHub. The move means that even if a user isn't a Microsoft customer, a user can hugely improve their protection against a fast-growing number of COVID-19 themed cyber-attacks.

Ref - Forbes

_______________________________________________________________________________________


(May 14, 2020)

COVID-19 is responsible for 238% surge in cyberattacks against the financial sector

The coronavirus pandemic has been connected to a 238% surge in cyberattacks against banks, new research claims. The VMware Carbon Black released the third edition of the Modern Bank Heists report, which says that financial organizations experienced a massive uptick in cyberattack attempts between February and April this year, the same months in which COVID-19 began to spread rapidly across the globe.

Ref - ZDNet

_______________________________________________________________________________________

(May 14, 2020)


In just two weeks over 4 lakh coronavirus related cyber-attacks recorded

Around 20,000 coronavirus-related domains have been registered globally in the past three weeks, including in India. The theme “Corona Cure” has the largest number of domain registrations.
Out of them, around 2% (354) are deemed malicious while another 15% (2,961) are considered suspicious.  

Ref - Digit

_______________________________________________________________________________________

(May 14, 2020)


COVID-19 is helping to increase the digital outreach

The COVID-19 is rapidly accelerating digital transformation. At the same time, the threat landscape is also evolving and posing new challenges. Organizations need to take appropriate steps to protect their business-critical infrastructures and applications.

Ref - RadWare

_______________________________________________________________________________________

(May 14, 2020)


Publicly sharing COVID-19-related threat intelligence

Microsoft, a tech giant, has published detailed guidance to help organizations combat current threats (Responding to COVID-19 together). Their threat experts are sharing examples of malicious lures and enabled guided hunting of COVID-themed threats using Azure Sentinel Notebooks. Microsoft processes trillions of signals each day across identities, endpoint, cloud, applications, and email, which provides visibility into a broad range of COVID-19-themed attacks.

Ref - Microsoft

_______________________________________________________________________________________

(May 14, 2020)


The complete evolution of COVID-19-themed cyber attacks

The United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC) released a statement warning of a cybercriminal and advanced persistent threat groups (APT) exploiting the COVID-19 pandemic. The statement provided that the surge in teleworking and virtual private networks use would amplify the existing cyber threat to individuals and organizations.


_______________________________________________________________________________________

(May 14, 2020)


Chinese hackers are attacking COVID-19 researchers via IT suppliers

Hackers working on behalf of the Chinese government are exploiting customer relationships between IT service providers and the healthcare, pharmaceutical and medical research sectors working on the global COVID-19 coronavirus response, according to a public service announcement issued by the US Cybersecurity and Infrastructure Security Agency (CISA).


_______________________________________________________________________________________

(May 14, 2020)


Challenges during staying connected amid the COVID-19 pandemic

The COVID-19 pandemic that is sweeping the globe has effectively put a stop to the bulk of face-to-face interactions. With this new and unexpected reliance on connectivity, both companies and consumers should take extra precautions in ensuring that their data is protected. Cybercriminals are using this chaotic situation to try to obtain sensitive materials.

Ref - ATT

_______________________________________________________________________________________

(May 14, 2020)


Financial cybercrime happened during COVID-19 pandemic

Criminals are exploiting vulnerabilities opened up by the COVID-19 lockdown, increasing the risks of cyber attacks, money laundering (ML) and terrorist financing (TF). Authorities worldwide have responded by drawing financial institutions' attention to these threats and by providing guidance on ways to improve cybersecurity and mitigate ML and TF risks.

Ref - BIS

_______________________________________________________________________________________

(May 14, 2020)

Cybersecurity practices for the Pharma Sector during COVID-19 pandemic

The key to fight against COVID-19 related cyber threats for the pharma sector will be to evolve an intelligence-based mindset, leveraging defence-in-depth principles that take advantage of detection and mitigation capabilities for the entire lifecycle of a cyberattack. Alternatively, these pharmaceutical companies can find a partner currently operating with this mindset.


_______________________________________________________________________________________

(May 14, 2020)

Cybercrime in India on rising since Coronavirus lockdown

Cybercrime in India has surged amidst the country’s unprecedented coronavirus lockdown. As COVID-19 cases in the country continue to climb, New Delhi has sought to aggweourressively contain the spread of the deadly disease by essentially shutting down the world’s second most populated nation. Attacks have soared 86% in the four weeks roughly between March and April, according to a recent Reuters report quoting Indian Home Ministry officials.

Ref - Forbes

_______________________________________________________________________________________

(May 14, 2020)

China denying hacking attempts on US agencies for COVID-19 vaccine data

China termed as “slanderous” the US accusation that hackers backed by Beijing may be attempting to steal COVID-19 related research and vaccine materials. Chinese officials said that "smearing and scapegoating" others will not make the deadly virus go away. The US claims have added fuel to tensions between the two nations, which are engaged in a war of words over the origin of the coronavirus that has killed 300,000 people globally.

Ref - TheWeek

_______________________________________________________________________________________

(May 14, 2020)

Analysis of COVID-19 effect on the security software market

A research report elucidates a precise competitive summary of the business outlook stressing on expansion strategies adopted by key contenders of the ‘COVID-19 Impact on Security Software market’. The ‘ COVID-19 Impact on Security Software market’ study, available with Analytical Research Cognizance, is a systematic detailing of the potential factors driving the revenue statistics of this industry. 

Ref - 3WNews

_______________________________________________________________________________________

(May 14, 2020)

Cybersecurity challenge while working from home

Relying on technology is one way to combat cybercriminals, but cybersecurity is a shared responsibility. This pandemic has made us even more dependent on technology to stay connected, emphasising the need for everyone to be aware of cyber-security best practices. Every individual has a role to play so let’s ensure cyber safety while working from home.


_______________________________________________________________________________________

(May 14, 2020)

Around 46% of companies reported cyberattacks during COVID-19 pandemic

A recent report found that almost half of all companies have experienced at least one cybersecurity incident during the COVID-19 lockdown. There are a number of factors leading to these numbers: Rapid remote deployments, reliance on digital communications, disruption to security processes, different risks in remote environments and shift to cloud-based infrastructures.


_______________________________________________________________________________________

(May 14, 2020)

Cyberattacks on healthcare systems will continue even after COVID-19 pandemic stops

With the scale and complexity of cybercrime increasing, and the fact that hospitals are moving toward digitalization and remote patient care, the number of cyberattacks on healthcare systems will continue to increase, says GlobalData, a leading data and analytics company. Hackers will continue to target vulnerable systems as long as there are profits to be made: from selling the stolen patient’s data or ransom demands.


_______________________________________________________________________________________

(May 14, 2020)

Security measures that can help business during COVID-19 pandemic

Businesses can take these few steps to protect themselve: review policies and procedures, Check remote working systems, secure devices by updating them, make sure employees are backing up their work regularly, give proper training to staff about phishing emails and responses, provide IT support, and report any breaches.


_______________________________________________________________________________________

(May 14, 2020)

Email frauds are the biggest threat for working professionals amid Coronavirus pandemic

Email frauds have emerged as the biggest threat for working professionals with almost 60 per cent businesses believing that they are exposed to it, a new survey has revealed. These threats are also a result of the crisis created by coronavirus. Cybercriminals are taking advantage of the discussions around the outbreak and tricking users to click on malicious links or attachments in emails which has even resulted in an increase in phishing attacks.

Ref - ZeeBiz

_______________________________________________________________________________________

(May 14, 2020)

Aon launched a cyber security application with cyan amid Coronavirus pandemic

Aon and cyan offer a new kind of preventive, digital security with the introduction of Aon's CySec App. The app is now available in Aon's corporate design in the Android Play Store and iOS App Store, initially in Austria and Switzerland, and protects Android and iOS devices against online threats such as viruses, malware or phishing attacks. Due to COVID-19 pandemic, cyber attacks on smartphones increased drastically.


_______________________________________________________________________________________

(May 14, 2020)

Cybersecurity professionals are more concerned than before due to Coronavirus outbreak

According to the survey, 94% of cybersecurity professionals are more concerned about security now than before the COVID-19 pandemic. In assessing their security programs, 89% said COVID-19 has been a stress test for every security control and policy within their organisations. Security teams’ top areas of increased concerns include: employee home network security (58%); keeping remote systems configured securely (41%), and keeping remote systems compliant (38%).

Ref - Teiss

_______________________________________________________________________________________

(May 14, 2020)

Soon more details to be revealed regarding Chinese hackers targeting US agencies

Beyond confirming the hacking attempt to steal COVID-19 research, the FBI-CISA warning does not tell much about the attack or the organization(s) targeted. However, the agencies asserted that they would release more technical details in the coming days, which may reveal how the Chinese threat actors tried to break into the systems of American companies researching COVID-19 vaccines, treatments.


_______________________________________________________________________________________

(May 14, 2020)

New Zealand’s GCSB condemnd cyberattacks during Coronavirus pandemic

New Zealand’s Government Communications Security Bureau (GCSB) has criticised the reported cyber attacks on critical infrastructure taking advantage of the COVID-19 pandemic, but revealed the nation has been spared such attacks so far. The intelligence agency’s Director-General, called on all threat actors, including those linked to foreign nation states, to refrain from attack activity during the crisis.


_______________________________________________________________________________________

(May 14, 2020)

US released public announcement on threat posed by Chinese hackers

The US formally accused China of backing attempts to hack the country’s coronavirus research data. The US’ cybersecurity agency released a public service announcement to raise awareness about a “threat to COVID-19 related research.” The FBI is investigating the targeting and compromise of US organizations conducting COVID-19-related research by PRCaffiliated cyber actors and non-traditional collectors.


_______________________________________________________________________________________

(May 13, 2020)

Pharmaceutical companies are vulnerable to cyber attacks due to Coronavirus pandemic

Although many cyber criminals have pledged not to attack healthcare providers during the COVID-19 pandemic, one expert told a news agency that this may not extend to pharmaceutical companies. Recently, hackers published internal data from ExecuPharm back on March 13 following a ransomware attack.

Ref - BioSpace

_______________________________________________________________________________________

(May 13, 2020)

Cyber attack on Tajik journalist reporting on COVID-19 pandemic

The media is literally under attack in Tajikistan. There were a total of over 80 attacks of all kinds, physical and non-physical, including cyber-attacks and attacks via judicial or economic means, on journalists in the country from 2017 to 2019. After a journalist reported on COVID-19, government-linked online trolls called him a traitor.

Ref - HRW

_______________________________________________________________________________________

(May 13, 2020)

Cyber criminals could have infiltrated office computer during lockdown

Any individual moving back to office after working at home, beware that criminals may have been in their workplace. Office computers could be vulnerable because no one may have been in the office to make sure their operating systems were up to date and verify that backups happened. Some people who took their work computers home with them may have found they were already infected with malware.

Ref - Fox10TV

_______________________________________________________________________________________

(May 13, 2020)

COVID-19-themed ransomware attacks increased in Canada

A 4,000 per cent increase in ransomware emails is reported, and 53 per cent of these inbound emails were junk phishing emails. About a 250 to 350 per cent increase[in ransomware-related attack attempts is reported in the last three weeks alone with COVID-19 themed cyberattacks. And at last count, there are 13,000 website domain names using some form of the name COVID-19 that are malicious websites.

Ref - Uzado

_______________________________________________________________________________________

(May 13, 2020)

APWG revealed the evolution of identity theft attacks amid COVID-19 pandemic

The APWG’s new Phishing Activity Trends Report for Q1 2020 reveals several ways in which cybercriminals have taken advantage of the COVID-19 pandemic. These include coronavirus-themed phishing and malware attacks against workers, healthcare facilities, and the recently unemployed. The report also documents how criminals have used COVID-19 as a way to trick companies into transferring money.


_______________________________________________________________________________________

(May 13, 2020)

A report released by Bitdefender on Coronavirus-related cyber threats

Bitdefender threat intelligence data on Coronavirus-related cyber threats between March and April reveals that COVID-19-themed threat reports are becoming the new norm. Since the Coronavirus outbreak, cybercriminals have continuously leveraged this global crisis by focusing on cyberattacks designed to compromise victims data and security.

Ref - SANS

_______________________________________________________________________________________

(May 13, 2020)

Cyber-attacks targeting hospital construction companies ammid Coronavirus pandemic

Two companies involved in building emergency coronavirus hospitals have been hit by cyber-attacks this month. Interserve, which helped build Birmingham's NHS Nightingale hospital, and Bam Construct, which delivered the Yorkshire and the Humber, have reported the cyber incidents to authorities. The separate attacks were not linked.

Ref - BBC

_______________________________________________________________________________________

(May 13, 2020)

Fighting against cyber threats during COVID-19 pandemic

As experts have reported significant increases in the frequency of cyber attacks of all kinds, now is a good time for businesses to take stock of their defenses against such unauthorized intrusions, which include: emails from “spoofed” email addresses and emails that try to fool workers into clicking on links to malware that infects computers.


_______________________________________________________________________________________

(May 13, 2020)

Most Common attacks during Coronavirus pandemic

The most common attacks seen by Cybersecurity Agencies during the COVID-19 crisis are designed to take advantage of the increase in remote work. Two common styles of attack organizations face are (1) phishing attacks, a form of social engineering that exploits the human link in the chain, and (2) technical exploits, which rely on newly deployed or stressed telework infrastructure.

Ref - JDSupra

_______________________________________________________________________________________

(May 13, 2020)

Awareness campaign for cyberthreats happening during the COVID-19 outbreak

The International Criminal Police Organisation has launched an awareness campaign on cyber threats during the COVID-19 outbreak. The campaign is taking place from May 4 to May 31. It is in coordination with law enforcement agencies across the world. Basic cyber hygiene advice is being provided through the international network.

Ref - TheHindu

_______________________________________________________________________________________

(May 13, 2020)

COVID-19-themed malware and spam are on the rise

COVID-19 related malware and spam are on the rise globally, according to new research by Trend Micro Incorporated. The firm has uncovered a variety of malicious campaigns including email spam, BEC, malware, ransomware and malicious domains. Across the board, COVID-19 related spam has seen a 220-fold increase from February to March this year.


_______________________________________________________________________________________

(May 13, 2020)

Cybercriminals doubled their COVID-19-themed cyber attacks

New research suggests that coronavirus-related cybercrime still dominates the present threat landscape, and could even be accelerating. According to a new report from cybersecurity researchers at Check Point, the number of coronavirus-related cyberattacks has reached 192,000 per week, a jump of almost a third (30 percent) over the previous two weeks.


_______________________________________________________________________________________

(May 13, 2020)

Chinese and Iranian hacking hampering efforts for Coronavirus vaccine

Chinese and Iranian hackers are aggressively targeting American universities, pharmaceutical and other health-care firms in a way that could be hampering their efforts to find a vaccine to counter the coronavirus pandemic. These two countries have waged cyberattacks against a range of American firms and institutions that are working to find a vaccine for COVID-19.

Ref - WSJ

_______________________________________________________________________________________

(May 13, 2020)

Coronavirus-related cyber attacks rise up to 30% in three weeks

Check Point Software Technologies have seen 192,000 coronavirus-related cyber-attacks per week over the past three weeks, a 30 per cent increase compared to previous weeks. In the past three weeks, almost 20,000 new coronavirus-related domains were registered, about 17 percent of which are malicious or suspicious.


_______________________________________________________________________________________

(May 13, 2020)

COVID-19 pandemic is accelerating the requirement for more tough cybersecurity

GlobalData’s report, ‘UK Health & Social Care – Cybersecurity’, notes that, in the event of a pandemic, the speed at which a nation responds is crucial to learning more about the threat and ultimately taking measures to minimise or, if possible, eradicate it. Data plays a pivotal role in this scenario and so. The COVID-19 has the potential to change this mindset.

Ref - VarIndia

_______________________________________________________________________________________

(May 13, 2020)

Bam Construct become a victim of cyber attack amid Coronavirus outbreak

Bam Construct has shut down some of its computer systems after falling victim to a cyber attack. A spokesman said the firm had “stood up well” to the attack, and it remained “business as usual” for its operations. The spokesman said there had been a wave of attacks on firms helping in the national effort to fight coronavirus.


_______________________________________________________________________________________

(May 13, 2020)

Digital data can help into finding an effective cure for COVID-19 disease

Researchers will now use data from NHS Digital to help find the most efficient treatment for each patient. This project, called The Randomised Evaluation of COVID-19 (RECOVERY) will be trialled by scientists at the University of Oxford. Data sets from NHS Digital, including Secondary Uses Services (SUS+) will be used in the process to help find the most effective potential treatment. 


_______________________________________________________________________________________

(May 13, 2020)

Centralized versus decentralized data storage factor in Tracking Apps

The track and trace apps are in various stages of deployment in different countries. The biggest debate that has emerged is centralized versus decentralized tracking. The overreliance on fallible apps, that in themselves pose risks, is not the solution either. In centralized tracking, all the data is uploaded to a centralized database, whereas with decentralized tracking, the data remains on the users’ own device.


_______________________________________________________________________________________

(May 13, 2020)

EventBot Trojan is targeting Android devices amid COVID-19 outbreak

Amid Coronavirus pandemic, Indian Computer Emergency Response Team (CERT-In) has issued a warning about a banking trojan called EventBot, which is affecting users of financial transaction apps worldwide. In a statement, CERT-In says, it has been observed that a new Android mobile malware named EventBot is spreading.

Ref - MoneyLife

_______________________________________________________________________________________

(May 13, 2020)

A surge in malware and financial frauds due to COVID 19 is predicted 

McAfee Labs, a Cybersecurity research division of McAfee has predicted that there could be a surge in malware and finance-related frauds during the COVID 19 Pandemic spread. A report titled “COVID-19: Malware makes Hay during a Pandemic” says that the threat will emerge mainly in the form of phishing attacks where hackers will send bulk emails filled with coronavirus themes and messages.


_______________________________________________________________________________________

(May 12, 2020)

ETSI group developing standardization framework to break COVID-19 transmission chains

In response to the global coronavirus pandemic, the new ETSI Industry Specification Group “Europe for Privacy-Preserving Pandemic Protection” (ISG E4P) has been established to provide a standardization framework that will enable developers to build interoperable mobile apps for proximity detection and anonymous identification.

Ref - TotalTele

_______________________________________________________________________________________

(May 12, 2020)

CISOs are focusing on cloud security and cyber resilience during Coronavirus pandemic

The COVID-19 pandemic and new geopolitical risks are challenging CISOs to adapt their management to the current climate. With a sudden increase in remote working, more employees were falling for phishing messages as malicious attacks. About 40% of material incidents are caused by malicious outsiders, while 42% by non-malicious insiders.


_______________________________________________________________________________________

(May 12, 2020)

Top industry sectors hit by COVID-19 Lockdown

While it is difficult to pinpoint industries which are more likely to be affected by this flurry of attempted breaches, the logistics, healthcare, e-commerce, banking, and financial sectors look to be the worst-hit while accounting for a majority of the attacks. Hence, it is no wonder that new-age enterprises are sincerely considering to include cybersecurity budgets as an integral part of their capital expenditure.


_______________________________________________________________________________________

(May 12, 2020)

Indians users targeted by 9,100 COVID-19-themed cyber attacks 

Cyber crooks have been taking advantage of the COVID-19 crisis to defraud people using ransomware and phishing attacks on people. More than 9,000 coronavirus-themed attacks were detected in India between February 2 and May 2. India was actually one of the countries least affected among those that Microsoft tracks.


_______________________________________________________________________________________

(May 12, 2020)

Organisation’s cyber risk and data privacy response measures during Coronavirus outbreak

A team of experts discussed the short- and long-term effects that coronavirus will have on organisations. Some of the effects are: making sure employees are equipped to manage threats, keeping an eye on offices, incident response plans and using the disruption as a learning opportunity. There’s a danger that organisations will overlook the continued challenges that employees face.


_______________________________________________________________________________________

(May 12, 2020)

Security precautions to minimize risk and protect data amid Coronavirus pandemic

Companies need to think fast and smart when it comes to cybersecurity in order to prevent disruption and protect the valuable data businesses rely on and are responsible to protect. For example: tighten remote access security, Emphasize employees’ cybersecurity savvy, Monitor system access, improve incident response, and more.


_______________________________________________________________________________________

(May 12, 2020)


UK banks are exposing companies to the risk of COVID-19-themed scams

In the UK, only 22 percent of banks accredited to hand out coronavirus business loans have implemented the strictest protocols preventing cybercriminals from spoofing an organisation’s identity, leaving customers at greater risk of email fraud. Also, seventy-eight per cent of banks accredited for the Coronavirus Business Interruption Loan Scheme (CBILS) have not implemented the strictest level of DMARC (Domain-based Message Authentication, Reporting & Conformance) protection.


_______________________________________________________________________________________

(May 12, 2020)


US maritime stakeholders launch a cybersecurity centre

A group of American seaports and maritime stakeholders joined forces and launched a new non-profit, the Maritime Transportation System Information Sharing and Analysis Center (MTS-ISAC), to address cybersecurity issues and raise awareness on the matter. Specifically, the new centre aims to promote cybersecurity information within the shipping industry, in efforts to alert the sector about the challenges arising.


_______________________________________________________________________________________

(May 12, 2020)


Businesses are underestimating COVID-19 cybersecurity risks

COVID-19 has been impacting the world for at least five months, and cybercriminals have not let up in their attempts to manipulate the crisis for their own gain. Despite the increase in attacks, and despite concerns that remote workers aren’t practising good cybersecurity hygiene, companies aren’t properly educating employees about emerging threats.

Ref - ZephyrNet

_______________________________________________________________________________________

(May 12, 2020)


Pool Re report highlights COVID-19’s global impact on terrorism

A new report from Andrew Silke, a Professor for Pool Re and Cranfield University, has highlighted the ways in which the COVID-19 pandemic is impacting terrorism around the world. There are currently mixed opinions on the pandemic’s short-term impact on the level of attacks in the short-term. It’s understood that lockdown measures will tend to inhibit attacks but terrorist propaganda calling for action while authorities are distracted will incite some incidents.
 
_______________________________________________________________________________________

(May 12, 2020)


Zeus Sphinx is being used in Coronavirus-themed attacks

The Zeus Sphinx banking Trojan continues to evolve while receiving new updates, while it is employed in ongoing coronavirus-themed scams. The Zeus Sphinx banking Trojan is based on the code of the Zeus v.2 Trojan that was leaked online. At the end of March, a hacking campaign was spotted employing the Zeus Sphinx malware that focused on government relief payment.
 
_______________________________________________________________________________________

(May 12, 2020)


RDP attacks increased drastically amid COVID-19 lockdown

Remote Desktop Protocol (RDP) cyber-attacks have increased in tandem with the shift to more people working from home in response to the COVID-19 pandemic. RDP ports are often exposed to the internet, a factor that has made the technology the target of various forms of either malware attacks or attempts to break into internal networks.


_______________________________________________________________________________________

(May 11, 2020)


Contact Tracing work posing security concerns about privacy

Contact tracing has been one of the tools a few governments around the world adopted in their responses to the COVID-19 pandemic, with an impressive amount of resources thrown into the development and implementation of this technology. But, it also brings up questions about governments tracking movements.


_______________________________________________________________________________________

(May 11, 2020)


Cybersecurity could be elevated to a much higher level because of the Coronavirus outbreak

COVID-19 obliterated societal norms and standard business practices. It is possible, if not probable, that an accelerated rate of adoption of cyber hygiene best practices could be witnessed, as well as more intensive use of leading-edge security tools and services. And this positive upswing could be reinforced by stricter adherence to data security laws already on the books in several nations.


_______________________________________________________________________________________

(May 11, 2020)


Security tips to stay protected while working from home due to Coronavirus pandemic

Most important tip regarding safety is to step up authentication mechanisms and management of passwords e.g., policy around passwords. Ensure that Endpoint Protection (AV/AM) or EDR (End-point detection and response) system is in place and up to date all the time. Also ensure to use a secure Wi-Fi network at home and avoid public Hotspots or open Wi-Fi.


_______________________________________________________________________________________

(May 11, 2020)


US going to warn China to stop 'stealing' research data on COVID-19 vaccine

Top US agencies are preparing to issue a stern warning urging China to stop stealing research on COVID-19 vaccine. Everybody involved in finding a cure for the deadly virus will be alerted, including hospital labs. China’s most skilled hackers mount cyber-attacks on America to steal research on coronavirus vaccine.

Ref - WIONNews


_______________________________________________________________________________________
(May 11, 2020)


Companies adopted exceptional measures during COVID-19 outbreak

Following the outbreak of the novel coronavirus (COVID-19) and its development into a global pandemic, companies and governments have adopted exceptional measures to safeguard employees, customers, and the public. Some of these measures include the use of technology to enable remote workplaces, and to collect, process, and share personal information in new ways.

Ref - RBCGam

_______________________________________________________________________________________

(May 11, 2020)


COVID-19 response will be a lesson for the future to fight against cyberattacks

By following all precautionary measures taken to deal with the pandemic, the cybersecurity sector could learn a lesson to develop their own cyber strategies. Overall, the first steps taken by an organization attacked by a computer virus or malware incidents is to isolate and contain the problem. Future attacks could now use ransomware designed specifically to freeze industrial control systems.


_______________________________________________________________________________________

(May 11, 2020)


Chinese cybercriminals are trying to steal COVID-19 vaccine work data

The US Federal Bureau of Investigation and cybersecurity experts believe Chinese hackers are trying to steal research on developing a vaccine against coronavirus. The FBI and Department of Homeland Security are planning to release a warning about the Chinese hacking as governments and private firms race to develop a vaccine for COVID-19.

Ref - NDTV

_______________________________________________________________________________________

(May 11, 2020)


Cybersecurity challenges for healthcare sector during COVID-19 pandemic

The COVID19 pandemic has created a new reality for the healthcare sector globally testing its limits. Adding to the overwhelming situation it is currently facing, the sector has become a direct target or collateral victim of cybersecurity attacks. Malicious actors taking advantage of the COVID19 pandemic have already launched a series of phishing campaigns and ransomware attacks.

Ref - ENISA

_______________________________________________________________________________________

(May 11, 2020)


Cyberattacks increasing companies expenditure amid COVID-19 outbreak

At a time when revenues have dried up, Indian companies are seeing a significant rise in their expenditure owing to a massive wave of cyberattack as most of their employees work from home amid the covid-19 lockdown. Many companies had witnessed a 100% increase in attacks between 17 and 20 March.

Ref - LiveMint

_______________________________________________________________________________________

(May 11, 2020)


Cyberattacks are mutating along with the COVID-19 pandemic

As cyberattacks and threats continue to grow and mutate along with the COVID-19 pandemic, three security reports from CrowdStrike, McAfee, and Palo Alto Networks shine a spotlight and how these attacks are evolving and they indicate that businesses aren’t as prepared to secure their now-remote workforce as they think.


_______________________________________________________________________________________

(May 11, 2020)

Hackers are taking advantage of fear surrounding COVID-19 Outbreak

Fraudsters have stepped up cyberattacks taking advantage of the fear over the coronavirus, and there is a new term in the officialdom to describe the malware: Fearware. There are more than 3,000 new web sites related to COVID-19 with several hundred of them being fake, either with dangerous content or incorrect information. The cyber attackers are exploiting the fear of the coronavirus to cause the victim to fall prey to cyberattacks.


_______________________________________________________________________________________

(May 11, 2020)

Cybersecurity for shipping industry amid COVID-19 pandemic

Organisations across industries are rightly focusing on their employees’ well-being, whilst making sure that their operations continue undisrupted and at the same time, adapting to the new ways of operating. The shipping industry has already suffered from cyber attacks and some recent examples that have been made public include, email scams, ransomware attacks, and malware attacks.


_______________________________________________________________________________________

(May 11, 2020)


COVID-19-themed malware and spam on the rise

Malware and spam related to the COVID-19 pandemic are on the rise globally, according to new research from Trend Micro. The cybersecurity solutions firm has released an update on COVID-19 related cyber threats and fraudulent activity, which uncovers global statistics and country threat rankings, garnered from its Trend Micro user base.

Ref - ITBrief

_______________________________________________________________________________________
(May 11, 2020)


Security challenges that COVID-19 outbreak is posing

Amidst the spread of the coronavirus, security agencies are having a nightmare. There are various threats that have emerged due to the pandemic. Phishing, cyber-attacks, infodemic and malware just to name a few. The prime targets have been health organisations such as the WHO. Here the attacker impersonates through a spamming email and message in the context of a perceived authority across the world.

Ref - OneIndia

_______________________________________________________________________________________

(May 11, 2020)


ECEC may not be considering COVID-19-themed cyber attacks

Early childhood education and care (ECEC) is facing threats on a number of fronts since the advent of the COVID-19 pandemic. But there is one threat which may not have been fully considered, which is being actively pitched at the education and care sector - cyber crime. Cyber criminals are asking for ransom to restore access to the data upon payment were launched against the Australian education sector between 13–30 March.

Ref - TheSector

_______________________________________________________________________________________

(May 11, 2020)


New cyber threats trend after COVID-19 outbreak 

Due to COVID-19 pandemic, people are expected to switch to tools that facilitate working from home and virtual contact to suit social distancing guidelines, and will inevitably end up living a greater part of their lives online. The government and businesses must be kept abreast of new tricks which cyber-criminals are using to attack financial institutions and national infrastructure around the world.


_______________________________________________________________________________________

(May 11, 2020)


Cybercriminals are taking advantage of COVID-19 pandemic

The FBI anticipates that cyber actors will exploit increased use of virtual environments by government agencies, the private sector, private organizations, and individuals as a result of the COVID-19 pandemic. Cyber actors are expected to target individuals and businesses by exploiting vulnerabilities in these systems to steal sensitive information, initiate or perform fake financial transactions, and even engage in extortion.

Ref - PNCGuam

_______________________________________________________________________________________

(May 11, 2020)


Using the automation tech to maximize security budgets

With the economic impact of COVID-19 increasingly looking like an imminent recession and the way organizations do work altered perhaps forever, CIOs and CISOs will most likely be managing reduced budgets and a vastly different threat landscape. Automation can both mitigate inherent risks incurred from rapid ecosystem shifts as well as help IT teams re-evaluate long term spending once operations return to normalcy.



_______________________________________________________________________________________

(May 11, 2020)


Black Hat and DEFCON 2020 to go Virtual due to Coronavirus outbreak

Two of the biggest Cybersecurity conferences- Black Hat and DEFCON have been forced to go virtual due to the COVID-19 crisis. Factually speaking, the said two conferences were scheduled to be held in Las Vegas in Aug’2020 with Black Hat scheduled from Aug 1st to Aug 6th and DEFCON from Aug 7th to Aug 9th. 


_______________________________________________________________________________________

(May 11, 2020)


Cyber threats and challenges during COVID-19 pandemic for Nepal

The world is badly affected by COVID-19 and most of the developed countries of the world have been badly affected by the virus. Compared to other countries, the number of infected people in Nepal is low. When the world is in a lockdown state, hackers feel like they are not in lockdown. This allows hackers to steal important data from Internet users or even control a user's device and use it for future cyber attacks.


_______________________________________________________________________________________

(May 10, 2020)

The U.S. is accusing China of trying to steal vaccine data

The F.B.I. and the Department of Homeland Security are preparing to issue a warning that China’s most skilled hackers and spies are working to steal American research in the crash effort to develop vaccines and treatments for the coronavirus. The efforts are part of a surge in cybertheft and attacks by nations seeking advantage in the pandemic.

Ref - NyTimes

_______________________________________________________________________________________

(May 10, 2020)

Protecting crypto from cyberattacks amid COVID-19 outbreak

Users can follow basic cybersecurity practices to protect their crypto such as enabling multi-factor authentication. According to Microsoft, 99.9% of compromised accounts did not have multi-factor authentication activated. Use a different password for every single account. Many people re-use the same five passwords (notwithstanding the fact that the average business user has over 190 logins to track) and good password hygiene.


_______________________________________________________________________________________

(May 10, 2020)

McAfee surveys cyber-threats ongoing during Coronavirus pandemic

McAfee Labs released a report entitled “COVID-19: Malware Makes Hay During a Pandemic” to highlight the last few months of pandemic-themed threat landscape activity. The threats typically leverage a phishing email delivery method, with Coronavirus themes and messages developed to lure employees and family members into engaging with and enabling threats to gain a foothold on their systems.

Ref - VarIndia

_______________________________________________________________________________________

(May 10, 2020)

Advanced hackers are actively targeting healthcare entities

Sophisticated hackers are “actively targeting” healthcare entities, pharmaceuticals, local governments, medical researchers and academics working to blunt the coronavirus (COVID-19) pandemic, the U.S. and United Kingdom (U.K) cyber agencies said in a joint alert. Government agencies warned that advanced persistent threat (APT) actors are probing for COVID-19 intellectual property on national and international healthcare policy along with sensitive research data.

Ref - MSSPAlert

_______________________________________________________________________________________

(May 9, 2020)


Zero-day vulnerabilities challenge during mass remote work due to Coronavirus outbreak

Due to Coronavirus, many organizations have enacted company-wide work-from-home policies to help slow the spread of the virus. For many organizations the sudden requirement to support home working en masse has exposed an uncomfortable reality: critical visibility gaps are everywhere such as Zero-day vulnerabilities, and they could seriously escalate cybersecurity risk. 


_______________________________________________________________________________________

(May 9, 2020)

Around 363 cases registered over social media posts on COVID-19

Maharashtra Cyber has registered 363 offences of rumour-mongering, spreading misinformation, hatred and fake news on social media during the COVID-19 lockdown. The state police's cyber wing has been monitoring online activities to prevent the spread of misinformation about the COVID-19 pandemic. As many as 196 persons were arrested for sharing or uploading objectionable posts, videos, and photographs on social media.


_______________________________________________________________________________________

(May 9, 2020)

SME’s should focus on cybersecurity or be prepared for challenges due to COVID-19 pandemic

As the economic realities of COVID-19 become clear, small and medium enterprises (SMEs) across the country urgently want to get back to business. While still needing to adhere to social distance restrictions, for many this means rapidly pivoting to online means of doing business, something many may never have considered before. It’s important SMEs focus on cybersecurity before they take a hit not only on profit but on their entire business.

Ref - Stuff

_______________________________________________________________________________________

(May 9. 2020)

APT32 is behind a cyber-attack that targeted China’s Ministry of Emergency Management (MoEM)

A spear-phishing based cyber-attack was launched by “APT32” that targeted China’s Ministry of Emergency Management (MoEM) and the provincial government of Wuhan. The aim was to collect information about coronavirus, a disease about which little was known at the time, its origins, and its impact shrouded in mystery. 


_______________________________________________________________________________________

(May 9, 2020)

Interpol is warning of more cyber threats during the Coronavirus pandemic

Interpol has launched an awareness campaign on cyber threats during the COVID-19 outbreak, in coordination with law enforcement agencies across the world. Threats targeting people working from home during the lockdown will also be addressed and there will be prevention tips for companies, said the Interpol statement.

Ref - TheHindu

_______________________________________________________________________________________

(May 9, 2020)

McAfee Labs released a report entitled “COVID-19: Malware Makes Hay During a Pandemic”

McAfee Labs, a security firm, issued a report entitled “COVID-19: Malware Makes Hay During a Pandemic” to highlight the last few months of pandemic-themed threat landscape activity. The threats typically leverage a phishing email delivery method, with coronavirus themes and messages developed to lure employees and family members into engaging with and enabling threats to gain a foothold on their systems.

Ref - CXOToday

_______________________________________________________________________________________

(May 8, 2020)

New cyber risks emerged for automotive repair shops due to the COVID-19 outbreak

In addition to the risk COVID-19 poses to people’s individual health, shop owners and personnel should also be aware that the global pandemic poses increased risks for cybercrime. The largest risk is to the shops that have a higher number of employees working on their personal devices. Shop owners are exposed to cyber-risk when working on-site, but if they’re operating remotely, they do not have the same amount of protection that they’d have while working on-site.


_______________________________________________________________________________________

(May 8, 2020)

Healthcare providers reminded for the importance of data security and privacy protections

As they work to combat the surging COVID-19 virus, healthcare providers recently were reminded by legislators and regulators of the importance of data security and privacy protections. Beyond their general call for action, the Senators offered specific measures CISA and the Cyber Command should adopt to protect healthcare providers’ data security.


_______________________________________________________________________________________

(May 8, 2020)

Coronavirus pandemic proved that cybercriminals have no moral code

In April, when the UK was on the absolute frontline in its fight against COVID-19, the country’s National Cyber Security Centre was forced to take decisive, rarely seen action against the rapidly rising tide of Coronavirus-related scams and phishing emails hitting people’s inboxes. It’s blatantly clear that cybercriminals have no moral code. Worse still, they actually thrive off the fear and panic that catastrophic events create, and prey on these emotions in order to achieve their own, single objective, making money.


_______________________________________________________________________________________

(May 8, 2020)

Local associations are discussing the impact of COVID-19 on organizations

Collision repair industry associations around the country may take different stances on various matters, but one shared commonality is the intent of improving the businesses of their members. Several association leaders graciously agreed to discuss some of the challenges they’ve seen, as well as some of the solutions they’ve presented, while helping member shops navigate the current situation to the best of their ability.


_______________________________________________________________________________________

(May 8, 2020)

Organizations can limit risk of cyber threats for work from home employees

The concept of working from home and remote workforces is not new. However, with unforeseen circumstances of COVID-19, most of the organizations are suddenly forced to practice this work from home culture. Therefore, it is imperative that organizations implement business contingency plans that prioritize protecting remote workforces from attacks.

Ref - INC42

_______________________________________________________________________________________

(May 8, 2020)

Coronavirus drugmaker “Gilead” targeted by Iran-linked hackers 

Hackers linked to Iran have targeted staff at U.S. drugmaker Gilead Sciences, Inc. in recent weeks, according to publicly-available web archives reviewed by Reuters and three cybersecurity researchers, as the company races to deploy a treatment for the COVID-19 virus. A fake email login page designed to steal passwords was sent in April to a top Gilead executive.

Ref - Reuters

_______________________________________________________________________________________

(May 8, 2020)

Cybercrimes against children receiving more cybersecurity tips

There is a whole other parallel world online, where a user can shop, meet friends, or even find love, but it is not always safe for kids, which is why it is important to keep an eye on kids when they are using smart devices. While adults can often fall into internet scams, children can easily fall prey to predators on the web. So, the best thing they can do is monitor their kid’s behaviour and a lot of that comes through talking with their kids.


_______________________________________________________________________________________

(May 8, 2020)

Vietnamese state-backed hacker looking for COVID–19 intelligence from Chinese authorities

APT32, a cyber threat actor with suspected links to the Vietnamese state, has been found to be targeting local government institutions in Wuhan as COVID–19 began spreading in the Chinese city. The episode also covers the cyber capabilities of Southeast Asian states and the Chinese cyber-surveillance of Taiwan. This incident is part of a global increase in cyber espionage related to the crisis.


_______________________________________________________________________________________

(May 8, 2020)

An awareness campaign launched by Interpol that is focused on COVID-19 cyber threats

In response to the rapidly changing cybercrime landscape during the COVID-19 pandemic, global law enforcement and cybersecurity communities have formed an alliance to protect the public. Harnessing the expertise of this alliance, Interpol has launched a global awareness campaign to keep communities safe from cybercriminals.

Ref - FSMatters

_______________________________________________________________________________________

(May 8, 2020)

Canadian government’s pandemic payments program hit by COVID-19 cheque fraud

Cybercriminals are taking advantage of the Canadian government’s multi-billion-dollar pandemic payments program for consumers. Cheques under the Canada Emergency Response Benefit, or CERB, began rolling out in early April. But, criminals soon began selling editable digital copies of cheques on the Dark Web. A criminal can either purchase a digital file and fill in their own name or have a criminal service do the editing for them.


_______________________________________________________________________________________

(May 8, 2020)

Insurance for increased cyber risk in the COVID-19 outbreak

A few months into the COVID-19 pandemic, the insurance focus (understandably) has been on business interruption and event cancellation coverage. However, cyber risks are also highly salient for companies in this “new normal,” and companies must consider the role their insurance plays in preparing for and responding to those risks.

Ref - JDSupra

_______________________________________________________________________________________


(May 8, 2020)

The impact on the remote working infrastructure amid COVID-19

Most organizations, and certainly the more mature ones, had a Business Continuity Plan (BCP) or an IT DR strategy in place. However, most, if not all, did not consider a crisis like this pandemic. This pandemic has forced almost all organizations to turn en masse to virtual alternatives. The uncertainty around COVID-19 has also caused stress among people affecting their morale. The anxiety and fear in people make them vulnerable to cyber attacks more than ever.


_______________________________________________________________________________________

(May 8, 2020)

New cyber risks occurred due to COVID-19 outbreak 

While several organizations have been reacting in real-time to the workforce transitioning into the work-from-home-force, in many ways, cybersecurity experts were already developing potential responses despite not knowing the specific circumstances behind this unprecedented global crisis. It is a new reality in which everyone is working from home isn’t all that different from other imagined scenarios.


_______________________________________________________________________________________

(May 7, 2020)

Cybersecurity must adapt to new threat amid Coronavirus pandemic

Change is a constant in technology, and the greatest changes are often driven by major events that fundamentally reshape how people work and conduct business. In the Age of Coronavirus, more than ever, technology and cybersecurity must keep pace with disruption and change, adapt to adversity, and even accelerate their development wherever possible.


_______________________________________________________________________________________

(May 7, 2020)


SilverTerrier threat group is targeting COVID-19 key workers

Organizations on the front line in the fight against coronavirus are under attack from Nigeria’s SilverTerrier criminal gang. SilverTerrier actors/groups have launched a series of 10 COVID-19 themed malware campaigns. These campaigns have produced over 170 phishing emails. These actors have exercised minimal restraint in terms of targeting organizations that are critical to COVID-19 response efforts.


_______________________________________________________________________________________

(May 7, 2020)


Office for Civil Rights shared a list of COVID-19-related cyber threats

The Office for Civil Rights issued a list of COVID-19-related cyber threat resources for covered healthcare providers to help the sector best prevent, detect, respond, and recover from privacy and security threats. There’s been an increase in targeted attacks against the healthcare sector, with threat actors taking advantage of the pandemic and the increase in remote work.


_______________________________________________________________________________________

(May 7, 2020)


Ransomware attacks hit major healthcare supplier in Europe amid COVID-19 outbreak

Ransomware attackers have breached Europe’s largest private hospital operator, affecting not just its European branches, but every part of the company’s operations around the globe. Fresenius Group, Europe’s largest private hospital operator and a major provider of dialysis products and services, had been hit by ransomware, affecting operations worldwide.


_______________________________________________________________________________________

(May 7, 2020)


Around 292 COVID-19-themed phishing websites removed in two months

Her Majesty’s Revenue and Customs (HMRC) has formally asked UK Internet Service Providers (ISPs) to remove 292 websites exploiting the coronavirus outbreak since the national lockdown began on March 23. Out of nearly 300 fraudulent webpages, 237 were proactively identified by HMRC, while the remaining 55 were flagged directly by consumers via phishing@hmrc.gov.uk.


_______________________________________________________________________________________

(May 7, 2020)


Security misconfigurations represented the greatest risk during Coronavirus outbreak

IBM revealed a 424 percent increase in data breaches due to cloud misconfigurations were caused by human error in 2018, and now managing firewalls or cloud security group configurations is even more vital. COVID-19 has brought these risks into stark relief, as IT teams struggle to keep up with massive network change and accelerated cloud adoption associated with remote work.


_______________________________________________________________________________________

(May 7, 2020)


Coronavirus outbreak response increases state cyber challenges

State and local governments, along with hospitals and critical infrastructure, have borne the brunt of ransomware, which has not been considered a national security risk by federal policymakers until recently. An attack on an ill-protected municipality, health care facility, a small company, or other organizations wasn't at the same level.

Ref - GCN

_______________________________________________________________________________________

(May 7, 2020)


Ransomware type attacks success declines amid COVID-19 outbreak

Successful ransomware attacks on the US healthcare sector are in decline with just 25 providers impacted during the first quarter of 2020, compared to a total of 764 events, or an average of 191 per quarter, in 2019. Ransomware attacks had reached crisis levels by the end of 2019, with early indications that this year would bear similar results. Instead, with the rise of the pandemic, the pace has leveled to numbers not seen in years.


_______________________________________________________________________________________
(May 7, 2020)


A consumer survey shows poor password hygiene among remote workers

Entrust Datacard’s survey found that an astounding 42 percent of employees surveyed still physically write passwords down, 34 percent digitally capture them on their smartphones, and 27 percent digitally capture them on their computers. Additionally, nearly 20 percent of the employees are using the same password across multiple work systems, multiplying the risk of sensitive data if a password is compromised or stolen.


_______________________________________________________________________________________

(May 7, 2020)


Cybercriminals are targeting WHO by posing as think tank and broadcaster

The messages began arriving in World Health Organization employees’ inboxes in early April, seemingly innocuous emails about the coronavirus from news organizations and researchers. But a close examination revealed that they contained malicious links, and some security experts have traced the emails to a hacking group in Iran believed to be sponsored by the government.


_______________________________________________________________________________________

(May 7, 2020)


More than 160,000 COVID-19-themed scams are reported to the National Cyber Security Centre

The National Cyber Security Centre (an arm of GCHQ) has been flooded with more than 160,000 suspicious emails within two weeks, after putting out a call to the UK public to report any coronavirus-related internet scams. The call was issued after the agency tracked a surge in cyber scams and attacks geared towards exploiting the coronavirus pandemic for financial gain.


_______________________________________________________________________________________

(May 7, 2020)


UK businesses are warned for threatening cybersecurity attacks

Cybersecurity expert CrowdStrike has issued a stark warning to British businesses, telling them to crack down on lax remote working policies now or risk catastrophic exposure at the hands of adversaries after lockdown is over. Its latest research, in cooperation with YouGov, has found that over half (52%) of people in the UK working from home do so on their own personal devices, creating potential backdoors into corporate systems for adversaries.


_______________________________________________________________________________________

(May 7, 2020)


Scammers are taking advantage of a Coronavirus pandemic

This current state of fear, confusion, and uncertainty has created many opportunities for cybercriminals. Cybercriminals are capitalizing on the COVID-19 pandemic to achieve financial, geopolitical supremacy and reputational objectives. Cyber threats are unseen but they can wreak havoc to social systems and cause emotional and financial pain to communities, businesses, and governments.


Ref - PCQuest

_______________________________________________________________________________________

(May 7, 2020)

A phenomenal increase reported in the volume of fraud attacks amid COVID-19 pandemic

Whilst the current COVID-19 crisis has brought many businesses and operations to a standstill, one area it hasn’t diminished is a fraud. The last few weeks have witnessed a phenomenal increase in the volume of fraud attacks, ranging from 200%-400%, depending on the industry. Some of these relate directly to the pandemic.


_______________________________________________________________________________________

(May 7, 2020)


Over 300 COVID-19-themed phishing and scam websites are taken down by UK intelligence services

More than three hundred phishing and scam websites, many related to coronavirus, have been taken down by UK intelligence services after the general public flagged over 160,000 suspicious email messages. Many scams being reported to the NCSC include websites claiming to sell coronavirus-related products including testing kits, face masks, and even vaccines, which currently don't exist.

Ref - ZDNet

_______________________________________________________________________________________

(May 7, 2020)


Ransomware attacks and phishing schemes are rising due to COVID-19 outbreak

COVID-19 has slowed the economy down, but hackers are busy as usual looking to take advantage of the pandemic to breach systems, steal data, and profit by holding both systems and data hostage. While attackers are using a variety of tools to target these victims, one of their preferred methods is ransomware, using coronavirus fear to lure people into clicking malicious links or giving up sensitive data so the hackers can infiltrate systems.


_______________________________________________________________________________________

(May 7, 2020)


Human strategy can be the best defense to combat COVID-19 cyber attacks

Millions of people around the world have been working from home to collectively slow the spread of the coronavirus. However, as the global workforce migrates from physical corporate locations to less-secure home offices, this new reality creates increased cyber threats, as employees exchange what can be sensitive data in order to prevent business operations from coming to a standstill.


_______________________________________________________________________________________

(May 7, 2020)


SMBs have already experienced a cyberattack before Coronavirus outbreak

Nearly one in seven senior decision-makers said their organization has already experienced at least one cyber attack since the start of the COVID-19 pandemic. Furthermore, more than one in five (22%) said their organization transitioned to remote work without having a clear policy to mitigate or prevent cybersecurity threats. Additionally, 17% said their organization is at an increased risk for a cyberattack and 12% said they would not know how to respond to one.


_______________________________________________________________________________________

(May 7, 2020)

Challenges of working remotely due to Coronavirus pandemic

Millions of people around the world are now working remotely due to the lockdown, and doing it safely and securely becomes a challenge. For better protection, employees should follow basic security practices such as: when recording a meeting, participants should be notified before recording has started and the recordings should be stored in an encrypted repository. In the case of collaboration tools, having a multi-factor authentication feature (MFA) turned on by the IT administrator provides an additional layer of security.


_______________________________________________________________________________________

(May 7, 2020)

Criminals are taking advantage of changing lifestyles and business operations amid COVID-19 outbreak

As lifestyles and business operations change due to shutdowns and stay-at-home orders nationwide, supply chain experts are warning business owners, workers, and the general public about a growing risk of pandemic-related criminal activity. A rise in the sale of counterfeit N95 masks and other personal protective equipment (PPE), increasing cyberattacks, and the potential for cargo theft of PPE are driving demand for stricter risk mitigation efforts.



_______________________________________________________________________________________

(May 7, 2020)

Stay Cyber-secure when working from home due to Coronavirus outbreak

The global COVID-19 pandemic has brought telecommuting into the mainstream; millions of people who previously always worked in their employers’ facilities now work from home. So, to stay protected, users should work in “secure” locations, utilize security software on all devices and proper Team-Oriented VPN, learn about social engineering attacks, and learn to utilize proper communications tools and settings.


_______________________________________________________________________________________

(May 6, 2020)

Household cybersecurity practices for staying protected all the time

Working from home transition seems a good opportunity for cybercriminals. To prevent such situations, some household cybersecurity practices have been provided. When calls, emails, or messages are received, users should exercise vigilance and critical thinking. Cautiously open attachments, messages, or links from unknown senders, and use unique & strong passwords and implement multi-factor authentication, and some other basic security practices.


_______________________________________________________________________________________

(May 6, 2020)

Contact tracing applications failed’ NHS and cybersecurity tests

The UK’s government anticipated coronavirus tracing app has failed crucial security tests and is not yet safe enough to be rolled out across the country. It is understood the system has failed all tests needed in order for it to be included in the NHS Apps Library, including cybersecurity, clinical safety, and performance.


_______________________________________________________________________________________

(May 6, 2020)

Security tips to protect users from COVID-19-targeted attacks

Remote users can follow four basic security tips to stay protected while working from home. First is protect endpoints, second, enable multi-factor authentication (MFA) for online Exchange, and email. Third, have email filtering or hygiene between the firm’s mailboxes and the outside world. Last and fourth, reach out to other resources to learn and share what the other users are seeing in their organization.

Ref - CSOonline

_______________________________________________________________________________________

(May 6, 2020)

HHS released a security and privacy guidance for COVID-19 related cyber threats

The Department of Health and Human Services' Office for Civil Rights issued guidance compiling a list of resources to help organizations "detect, prevent, respond and recover" from a surge of coronavirus-themed cyber threats, ranging from ransomware and other types of extortion to phishing and attacks on video conferencing technology platforms.


_______________________________________________________________________________________

(May 6, 2020)

Coronavirus pandemic used as a lure to target banks with phishing attacks

The number of cyber-attacks trying to trick bank employees to click on malicious links has jumped in the first quarter, with criminals attempting to take advantage of fear and confusion caused by the coronavirus pandemic. While the so-called phishing campaigns, which surged by a third in the period, haven’t so far resulted in any major breaches in the industry, smaller lenders remain at a greater risk than bigger banks.

Ref - Bloomberg

_______________________________________________________________________________________

(May 6, 2020)

Best security practices for business clients in the COVID-19 outbreak

Small businesses are forced to adapt or close as a result of mandated shutdowns to minimize COVID-19’s impact. In such a situation, there are three critical cybersecurity considerations agents should include in their client discussions: following best practices to defend against attacks, second, educating/training employees to work securely, and the third one is to review and update remote work security policies annually.


_______________________________________________________________________________________

(May 6, 2020)

New Nation-State cyberattack tools discovered associated with COVID-19 phishing scam

Illusive Networks revealed that it had detected and thwarted a nation-state attack linked to a COVID-19 related phishing scam. That led to the discovery of new tools used by cybercriminals, and researchers are investigating the potential involvement of two or more groups. The objective of this advanced persistent threat (APT) was a large-scale ransomware attack.


_______________________________________________________________________________________

(May 6, 2020)

Cybercriminals are developing new phishing tools, hacking strategies and attack vectors due to Coronavirus

The industrious and criminal-minded threat actors behind the majority of cyberattacks have reinvented their attack approaches during the ongoing COVID-19 pandemic. Since the advent of the outbreak, cybercriminals are developing new phishing tools, hacking strategies, and exploring different attack avenues to benefit from the crisis and eventually prove their cyber prowess.

Ref - CisoMag

_______________________________________________________________________________________

(May 6, 2020)

A private hospital operator “Fresenius” hit by ransomware amid COVID-19 outbreak

Fresenius, Europe’s largest private hospital operator and a major provider of dialysis products and services, has been hit in a ransomware cyberattack on its technology systems. The company said the incident has limited some of its operations, but that patient care continues.


_______________________________________________________________________________________

(May 6, 2020)

Employers should review their security practices while working from home due to the Coronavirus outbreak

Many more millions of employees have been working remotely as a result of the devastating COVID-19 virus than ever before. As employers look forward to the future of securing remote work in their organizations, they should review some considerations as part of their defense in depth. For example, organizations should think in terms of people, information and machines, and develop a written risk assessment and information security plan for remote workers and etc.


_______________________________________________________________________________________

(May 6, 2020)

Sensitive data is building upon enterprise devices and at-risk amid COVID-19 outbreak

There has been a 46 percent increase in the number of items of sensitive data, such as Personally Identifiable Information (PII) and Protected Health Information (PHI), identified on enterprise endpoints, compared to pre-COVID-19. Compounded by the pre-existing gaps in endpoint security and health, this means enterprise organizations are at heightened risk.


_______________________________________________________________________________________

(May 6, 2020)

Many restaurants lack comprehensive cyber insurance coverage amid COVID-19 outbreak

Just as the COVID-19 outbreak creates a host of new cybersecurity threats, many restaurants have been found lacking comprehensive cyber insurance coverage, according to Restaurant Guard Insurance. With many restaurants switching to online ordering in response to the pandemic, the danger of cyber threats has increased.


_______________________________________________________________________________________

(May 6, 2020)

Amid Coronavirus outbreak startups are most vulnerable to cyber frauds

The outbreak of the COVID-19 pandemic has impacted the economy and businesses across the globe. Among the worst affected in these trying times are the small business and start-ups, as they stare at major financial resource crunch. It’s a double whammy for small enterprises and startups, with the rising threat of cyber frauds and data breaches.


_______________________________________________________________________________________

(May 6, 2020)

COVID-19 pandemic has built many value-grab opportunities for companies in the Cybersecurity

A study by Market Research Reports Search Engine (MRRSE) introspects the various factors that are tipped to influence the growth of Cybersecurity-as-a-Service Market in the upcoming years (2019-2027). The study introspects the various factors that may influence the growth, including current trends, growth opportunities, restraints, and major challenges faced by market players in the Cyber security as a Service market.


_______________________________________________________________________________________

(May 6, 2020)

Cybersecurity for Australian companies is not up to par during COVID-19 pandemic

Australian businesses understand that COVID-19 and subsequent remote working plans have resulted in increased cyber risks, however only half are providing additional training for staff in order to bolster employee knowledge and reduce threats. Around 500 Australian decision-makers across small, medium, and large business enterprises were surveyed and CrowdStrike found that from February to March alone there was a 100x increase in COVID-19 themed malicious files.


_______________________________________________________________________________________

(May 6, 2020)

A detailed curated list released to block COVID-19 threats

Thousands of experts and researchers from around the world, including Australia and New Zealand, have joined forces to collaborate and share information on cybersecurity. They have released a network blocklist to help stop attacks abusing the COVID-19 pandemic. Known as the Cyber Threat Coalition (CTC), the security researchers have released an initial version of curated data sets that anyone can use to halt COVID-19 related cybercrime.

Ref - ITNews

_______________________________________________________________________________________

(May 6, 2020)

Retail is one of the most targeted sectors by cybercriminals during Coronavirus pandemic

The retail industry has been the biggest victim of cyber attacks during the COVID-19 pandemic, new data from Mimecast shows. During the First 100 Days of Coronavirus, Mimecast observed the emergence of 60,000+ COVID-19-related registered bogus domains. These fake domains impersonated major retail brands in order to steal from unsuspecting panic-buyers as they looked to purchase necessities online during this pandemic.

Ref - RagTrader

_______________________________________________________________________________________

(May 5, 2020)

The COVID19 pandemic is changing the authentication industry

In the COVID-19 era, people are working from home due to the COVID-19 outbreak, often on laptops and mobile phones that are also personal devices, and logging on to work networks through home broadband connections that could be compromised. So, businesses have to adapt the way they work by providing employees with a method to prove it’s them. Government-mandated home working has forced companies to reassess how they identify and onboard employees, and suggest using secure authentication mechanisms like Two factor authentication.

Ref - Raconteur

_______________________________________________________________________________________

(May 5, 2020)

COVID-19 is changing the game on ransomware cyber attacks

States, municipalities, and critical infrastructure have borne the brunt of the ransomware, which historically has not been treated as a national security risk by federal policymakers until very recently. A number of lawmakers on Capitol Hill are pushing to include a dedicated pot of federal funding in future COVID-19 relief bills that states and localities can draw from to bolster protections.

Ref - FCW

_______________________________________________________________________________________

(May 5, 2020)

COVID-19 pandemic isn’t stopping hackers from targeting healthcare providers

In early April, INTERPOL warned of “a significant increase” in ransomware attempts against organizations responding to the pandemic, including hospitals. Since then, a steady drip of alerts and attacks have only heightened the unease. Cybercriminals around the country are “absolutely taking advantage” of the pandemic. 

Ref - Builtin

_______________________________________________________________________________________

(May 5, 2020)

Manufacturing and retail organizations are seeing the most attacks during COVID-19 pandemic

With cybercrime accelerating as Covid-19 spreads, manufacturing and retail organizations are seeing the most attacks. A security firm Mimecast has examined the first 100 days of the crisis. Between January and March, says the firm, spam, and opportunistic detections increased by 26.3%, while impersonation was up 30.3%, malware by 35.16%, and the blocking of URL clicks by 55.8%. Overall, detections were up by a third.

Ref - Forbes

_______________________________________________________________________________________

(May 5, 2020)

Businesses around the world are in constant attack during coronavirus

An uptick of coronavirus-themed cyber attacks on hospitals, pharmaceutical laboratories, and even the trucking industry has been observed in recent weeks. This reveals the need for businesses to double down on security to ensure their networks are protected. Many of the attacks were ransomware, holding companies’ network systems hostage until a payout was made. 


_______________________________________________________________________________________

(May 5, 2020)

Tax pros and accountants are at risk during coronavirus crisis

Tax preparers, accountants, and auditors, who are working away from their offices as a result of the novel coronavirus pandemic, are at risk of falling prey to cybercriminals. The IRS had issued a warning to taxpayers to beware of scammers calling and emailing them about the stimulus payments from the CARES Act, along with other schemes related to COVID-19, as they could lead to identity theft and tax fraud.


_______________________________________________________________________________________

(May 5, 2020)

Widespread fraud reported in the healthcare sector during COVID-19 outbreak

Fraud and corruption in healthcare services around the world has significantly reduced delivery of COVID-19-related healthcare during the month of April and contributed to COVID-19 mortality in every third country surveyed, according to a new study from NEMEXIS. This is currently the largest survey on fraud, waste, and corruption affecting healthcare systems across the globe while the world battles COVID-19.


_______________________________________________________________________________________

(May 5, 2020)

Cyber-spies are looking for Covid-19 research of UK and USA

The UK and the US have issued a joint warning about cyber-spies targeting the health sector. Hackers linked to foreign states have been hunting for information, including Covid-19 data and vaccine research, they say. UK sources say they have seen extensive activity but do not believe there has been any data theft so far.

Ref - BBC

_______________________________________________________________________________________

(May 5, 2020)

Best ways to avoid Coronavirus themed scams and cyber attacks

Several recommendations about fighting against Coronavirus themed scams have been provided. The best way to avoid these scams is to be aware of what is happening and apply a bit of common sense to every unsolicited email or text a user receives, spend a second to think. Another way to help everyone is to be aware of the frauds and scams doing the rounds, and get this information from a trusted source.


_______________________________________________________________________________________

(May 5, 2020)

Taiwan helping with cybersecurity by cooperating with partners amid COVID-19 Pandemic

Taiwan is cooperating with partners in other nations on cybersecurity after the Brno University Hospital in the Czech Republic and the US Department of Health and Human Services experienced cyberattacks in recent months. Taiwan has begun sharing cybersecurity intelligence with both nations, as well as others, to cooperate on defense measures, as Taiwan has extensive experience dealing with cyberattacks.


_______________________________________________________________________________________

(May 5, 2020)

Financial Scams are rising in developing countries during the Coronavirus outbreak

In the Philippines, Peru, India, Kenya, South Africa, and many other developing countries, poor people who are already struggling with the health impact of the coronavirus pandemic have been targeted by online fraudsters trying to take unfair advantage of them. There is the risk that these scams could undermine confidence in digital technologies that are proving so very important in keeping people informed and connected during the pandemic.

Ref - IpsNews

_______________________________________________________________________________________

(May 5, 2020)

Security pros are banding together to thwart off cyberattacks on healthcare facilities 

Cybercriminals are ramping up their games against the healthcare industry where the pace of cybersecurity remediation is markedly slower than others. Health Information Sharing and Analysis Center (H-ISAC) is an organization that is collecting information from cybersecurity volunteers who are helping out healthcare organizations against such cybersecurity threats.

_______________________________________________________________________________________

(May 5, 2020)

Tech professionals are not well prepared for COVID-19 cyber attacks

Despite the influx of cybersecurity threats during COVID-19, less than half of technology professionals are “highly confident” in their ability to detect and mitigate threats. Of 3700 international IT audit, risk, governance, and cybersecurity professionals, surveyed in mid-April, only 51% said they were adequately equipped to manage the new threat landscape.


_______________________________________________________________________________________

(May 4, 2020)

Hackers have put more than 500,000 Zoom logins up for sale on the Dark Web

The widespread use of video calls for private and work conversations during the COVID-19 lockdown has attracted the attention of criminals. Now, hackers have put more than 500,000 Zoom logins up for sale on the dark web at a penny each. The 500,000 Zoom logins available at a penny each were discovered by the cybersecurity intelligence company Cyble. 


_______________________________________________________________________________________

(May 4, 2020)

Cyberattacks are constantly evolving amid Coronavirus outbreak

COVID-19 outbreak has caused a global disruption, and it has also changed the cybersecurity threat landscape. There has been an increase in the number of cybercrimes since professionals were asked to work from home. Cyber Attacks are constantly evolving, and cybercriminals are targeting computer and other devices in order to take advantage of online behavior and trends during the Corona epidemic. 

Ref - PCQuest

_______________________________________________________________________________________

(May 4, 2020)

COVID-19 pandemic forced many organizations to undergo an immediate digital transformation

Cybercriminals are enjoying a boom during the Covid-19 pandemic, and security teams are working overtime as a result. As Covid-19 swept across the globe, it has forced many organizations to undergo an immediate digital transformation. Security professionals are facing challenges to manage their increased workload, safeguard their mental well-being, and avoid burnout. 


_______________________________________________________________________________________

(May 4, 2020)

Around 40% of security pros do not have proper tools to fight against cyberattacks

The rapid transition to remote work has increased data protection and privacy risks worldwide, yet only half of technology professionals and leaders are confident of detecting and responding to cyberattacks during COVID-19. A survey conducted by ISACA found that 87 percent of technology professionals and leaders agree that the rapid transition to remote work has increased data protection and privacy risks and 80 percent of organizations have shared cyber risk best practices for working at home with their employees.

Ref - Teiss

_______________________________________________________________________________________

(May 4, 2020)

COVID-19 pandemic is a huge opportunity for cybercriminals

A sudden scenario of remote working during this COVID-19 lockdown period has brought multiple challenges. The fragmented remote access infrastructures are very much evident now as they are only designed for 20% of an organizations’ workforce. Key threats emerging as a result of COVID-19 include VPN allowing unnecessary access, phishing and ransomware attacks, attacks on endpoints, Man-in-the-Middle attacks, etc.

Ref - PCQuest

_______________________________________________________________________________________

(May 4, 2020)

Netherlands leading the United Nations’ efforts to fight against COVID-related cyber threats 

Netherland provided concrete examples of what the COVID-related threats are, and how they fit in the existing international framework of norms. Thus, other countries missed this opportunity to apply the OEWG’s work to a global challenge, perhaps because their submissions were prepared before cyber disruption related to the pandemic became so prominent.

Ref - CFR

_______________________________________________________________________________________

(May 4, 2020)

Cybercriminals are taking advantage of COVID-19 to hamper the global response

Proofpoint, a cybersecurity firm, tracked 75 million coronavirus-themed malicious messages during one week in April. Amid global panic and frustration, people are more likely to click without thinking about the risks, especially when emails promise urgent new information about travel restrictions or virus cures.


_______________________________________________________________________________________

(May 4, 2020)

Zurich describes the cyber framework all businesses should be using amid COVID-19 pandemic

Zurich’s cyber risk engineering global practice leader outlined how the NIST cybersecurity framework developed by the US National Institute for Standards and Technology has evolved into a de facto standard within the cybersecurity sector, outlining how organizations can best manage cyber risk. Zurich makes use of this framework for its cyber risk engineering processes as well, and the framework also provides concrete answers for organizations to cope with the ransomware threat.


_______________________________________________________________________________________

(May 4, 2020)

Belfast Police issued a warning over a recent rise in cybercrime

Police in the Northern Irish capital city of Belfast have issued a warning over a recent rise in cybercrime. A senior police officer said businesses had experienced a "surge" in cyber-attacks since the outbreak of the novel coronavirus. Many of the attacks are scams concocted by fraudsters seeking to exploit the health pandemic. All of the usual methods of attack have been ramped up during the Coronavirus outbreak.


_______________________________________________________________________________________

(May 4, 2020)

Mumbai-based crowdfunding platform Impact Guru faced a cyberattack amid COVID-19 pandemic

Crowdfunding and fundraising platforms are being attacked by cybercriminals amid the Coronavirus outbreak. Just recently, a Mumbai-based crowdfunding platform “Impact Guru” faced a cyberattack. The security incident involved unauthorized access to the website. The firm also noted that it has resolved the key vulnerabilities that led to the breach.

Ref - INC42

_______________________________________________________________________________________

(May 4, 2020)

European Union has urged cybercriminals to halt all malicious activity exploiting the global Covid-19 pandemic

European Union (EU) has urged cybercriminals to stop all malicious activity exploiting the global Covid-19 pandemic. The EU’s High Representative singled out attacks on “critical infrastructures that are essential to managing this crisis” as particularly egregious in a press release issued on April 30. The proliferation of “malware distribution campaigns, scanning activities, and distributed denial-of-service (DDoS) attacks, since the outbreak.


_______________________________________________________________________________________

(May 4, 2020)


Cybercriminals are taking advantage of COVID-19 to carry out phishing attacks

Cybercriminals continue to take advantage of COVID-19 to initiate a multitude of phishing attacks, with their tactics and strategies becoming more sophisticated and focused. An extensive number of them are leveraging phishing campaigns to deliver malware globally. They are also employing ransomware under the guise of security software. Business Email Compromise (BEC) attacks have seen an incredible spike too.



_______________________________________________________________________________________

(May 4, 2020)


State-sponsored hackers are targeting British Universities to steal Coronavirus vaccine secrets

State-sponsored hackers are attempting cyber-attacks on British Universities and scientific facilities to steal the research work of the university, related to COVID-19 including vaccine development. But the attack was not successful and they couldn’t get any confidential data related to the research. This is all because of their security measures and following cyber hygiene


_______________________________________________________________________________________

(May 4, 2020)


People should be on alert for coronavirus scams and phishing attacks

During the COVID-19 crisis, criminals continue to ply their trade, exploiting the crisis for their gain. While employees work from remote locations, it is important for businesses to continue educating their teams about cyberattacks to prevent information systems from being compromised. To create the impression of authenticity, criminals may spoof email sender information to make it appear to come from a trustworthy source.


_______________________________________________________________________________________

(May 4, 2020)


Working from home facing challenges as well as opportunities amid COVID-19 pandemic

Working from home brings with it challenges as well as opportunities. For example, corporate networks, that are not used to having most of their connections over virtual private networks (VPNs), are experiencing unusual problems, as well as internet service providers coming under pressure so that remote workers can do their normal hours from home.


_______________________________________________________________________________________

(May 4, 2020)


A significant increase recorded in Coronavirus themed phishing scams 

South African Banking Risk Information Centre recently warned customers about a significant increase in phishing scams. Citizens are being manipulated into clicking on malicious links via e-mails and SMSes offering COVID-19 info, non-existent vaccines, hand sanitizers, and masks, and then being persuaded to hand over personal data. Besides the phishing scams, fake apps, and vulnerabilities with remote working are also being exploited by several cybercriminals.

Ref - ITWeb

_______________________________________________________________________________________

(May 3, 2020)

Jio’s symptom checker website exposed core databases to the internet without a password

India’s largest cell network Jio, a subsidiary of Reliance, launched its coronavirus self-test symptom checker in late March, just before the Indian government imposed a strict nationwide lockdown to prevent the further spread of the coronavirus. But a security lapse exposed one of the symptom checker’s core databases to the internet without a password.


_______________________________________________________________________________________

(May 3, 2020)


COVIDSafe contact tracing application making a false claim of letting a user out of coronavirus lockdown

A message by the Australian prime minister is dangerously misleading: download the COVIDSafe app and they can start letting a user out of coronavirus lockdown. COVIDSafe app doesn't do what contact tracers do. It merely logs which other COVIDSafe users must’ve been near, ready for later analysis, should one of a user test COVID-19 positive.

Ref - ZDNet

_______________________________________________________________________________________

(May 3, 2020)


A new trend of sophisticated phishing methods via email spotted amid COVID-19 pandemic

The new coronavirus has recently added to the bad intentions of hackers by developing a new trend of sophisticated phishing methods via email. Email messages may require users to open an attachment to view the latest statistics. If a user clicks on the attached attachment link, they are likely to download malicious software to their mobile device or computer, tablet laptop, etc.


_______________________________________________________________________________________

(May 3, 2020)


Phishing attacks using Covid-19 themes, scamming, brand impersonation, and business email compromise 

A huge number of companies are rushing to enable their workers to work remotely, but few corporate computer systems were designed with such large remote workforces in mind. This has left them susceptible to cyber-attacks and more vulnerable than ever to attackers. This increases the operational risk of cyberattacks. A huge increase in cyber activity, malware, ransomware, phishing, and account takeovers, has been noticed, all exploiting Covid-19.

Ref - Sesin

_______________________________________________________________________________________

(May 3, 2020)


Nation-state sponsored hackers are trying to steal coronavirus research

Cybersecurity experts have warned that hostile states are trying to hack British universities and scientific facilities to steal research related to Covid-19, including vaccine development. It is understood that nations including Iran and Russia are behind the hacking attempts, while experts have said China is also a likely perpetrator.


_______________________________________________________________________________________

(May 3, 2020)


A council targeted in a cyber-attack has 90% of its computer systems working again

Redcar and Cleveland Council was hit by a ransomware attack on 8 February which left its website inoperable and some officials having to use pen and paper to keep services running. Engineers have prioritized essential systems and are working on the rest. The attack had not stopped the council responding to coronavirus or providing key services.

Ref - BBC

_______________________________________________________________________________________

(May 1, 2020)

Cybersecurity becomes more important due to COVID-19 pandemic

The COVID-19 outbreak has forced many companies to change the way they conduct operations like working from home. During this challenging time when so many people are working remotely, it’s more important than ever to keep cybersecurity at the top of mind. Patching system regularly and avoid clicking on clicking on phishing emails has now become basic security practice.

Ref - PowerMag

_______________________________________________________________________________________

(May 1, 2020)

Cyberspies are looking for coronavirus vaccine secrets

An international race is on to find a vaccine for COVID-19. The US has seen foreign spy agencies carry out reconnaissance of research into a coronavirus vaccine. Researchers, companies, and governments are all involved. And their efforts are simultaneously being protected by domestic spy agencies while being targeted by foreign ones.

Ref - BBC

_______________________________________________________________________________________

(May 1, 2020)

European Union accused unnamed parties of exploiting the coronavirus pandemic to launch cyberattacks

A flood of cyberattacks has targeted European countries, affecting critical systems needed to deal with the virus crisis, said foreign policy chief Josep Borrell in a statement on behalf of all 27 EU members. Internet users have seen a surge in COVID-related attacks and fraud schemes, including phishing emails purportedly from health agencies, counterfeit product offers, and bogus charity donation requests.


_______________________________________________________________________________________

(May 2, 2020)


Cloud giants see a drop-off in new contracts from big clients, while overall usage surge

As lockdown orders force billions of people to work, learn and play from home during the novel coronavirus outbreak, usage has surged for the cloud computing services that power video conferencing, streaming television, and online games. The world's three leading cloud services providers - Amazon's Amazon Web Services, Microsoft's Azure, and Alphabet's Google Cloud, have all seen demand for their services jump. But there has been a drop-off in the new contracts for server storage from big clients, while generous free trial offers also capped sales growth.


_______________________________________________________________________________________

(May 2, 2020)

Iran and Russia based hackers launch hacking attacks on British universities

British institutions fighting Covid-19 have been subject to cyber-attacks traced back to Russia and Iran. Hackers linked to hostile states have targeted UK universities attempting to produce vaccines and testing kits as well as scientists and doctors studying the virus. Spy bosses at the National Cyber Security Centre branded the attacks ‘utterly reprehensible’ and confirmed they were working ‘round the clock’ to battle the online menace.

Ref - DailyMail

_______________________________________________________________________________________

(May 2, 2020)

Business email compromise becomes even more prevalent during COVID-19 pandemic

The COVID-19 pandemic has seen this social engineering fraud, often referred to as “business email compromise,” become even more prevalent. As businesses have rushed to mobilize at-home workforces in response to shelter-in-place measures, for many, this an entirely unfamiliar experience and left their business more vulnerable to cyber-criminals.

Ref - JDSupra

_______________________________________________________________________________________

(May 1, 2020)

Enterprise Resource Planning (ERP) implementation facing more challenges amid COVID-19 pandemic

Due to the COVID-19 crisis, several businesses are reassessing the value of long-term IT projects. ERP projects tend to be complex, costly, time-consuming and can affect critical business functions. These challenges will only be exacerbated by the COVID-19 crisis. For instance, rolling out a complicated ERP system in multiple sites around the world is probably not realistic, or may take much longer than a pre-COVID-19 scenario.

Ref - SearchERP

_______________________________________________________________________________________

(May 1, 2020)

Malicious attackers now launching new types of malware, phishing, scams

The COVID-19 crisis and the ongoing lockdown that has necessitated people to work from home, has also led to increased chances of cyber attacks targeted at company employees. Remote employees are being targeted by phishing and vishing attacks that aim to steal corporate credentials. Hackers have deployed new types of malware, exploits, phishing attacks, and scams to infect employees’ devices and snoop on their confidential data.

 
_______________________________________________________________________________________

(May 1, 2020)

Cyber-attacks on mortgage professionals are growing amid COVID-19 pandemic

As critical as remote work has been to keeping countless businesses alive during the COVID-19 pandemic, it has also proven to be a boon for cybercriminals, who are taking advantage of remote workers’ naiveté and distance from their secure office environments to unleash an unrelenting wave of phishing, email, and even telephone scams. Many mortgage professionals still regularly don’t know what to look for when asked to identify a phishing attempt.

Ref - Mpamag

_______________________________________________________________________________________

(May 1, 2020)

Enterprise security executives are busier than ever due to COVID-19 outbreak

During the COVID-19 crisis, enterprise security executives are busier than ever, standing up business continuity plans, enacting broader contingency plans, mitigating risks with employees working at home, and more all to keep businesses humming as the coronavirus outbreak has spread. In any crisis, clear communication and information are always critical, but particularly key during a crisis.


_______________________________________________________________________________________

(May 1, 2020)

A possibility of digital surveillance in the name of the fight against COVID-19 pandemic

A digital security expert has warned that the COVID-19 pandemic may turn digital surveillance into a so-called “new normal” as many governments flaunt their respective contact tracing applications and programs to fight the spread of the deadly virus. Several international human rights watchdogs have earlier called out the attention of various governments on the increasing surveillance of the people.

Ref - BulatLat

_______________________________________________________________________________________

(May 1, 2020)

Demand for artificial intelligence-based email security has grown 400%

Darktrace, a cyber AI company, has announced that the number of customers using Darktrace’s AI email solution, Antigena Email, has doubled since January 2020, while the number of requests for the trial of Antigena Email has quadrupled since the lockdown began in early March. In the month of April, 60% of all advanced spear-phishing attacks blocked by Antigena Email were either related to COVID-19 or aimed to trick employees by referencing remote working.


_______________________________________________________________________________________

(May 1, 2020)

The Federal Bureau of Investigation to issue two alerts warning businesses of the growing threat

As the novel coronavirus continues to spread across the globe, cyberattacks seeking to exploit the crisis are similarly on the rise. The frequency of COVID-19 business email compromise schemes, a particularly low-tech, but highly damaging type of cyber scam, has risen significantly in recent weeks, so much so that it prompted the Federal Bureau of Investigation to issue two alerts warning businesses of the growing threat.

Ref - Law360

_______________________________________________________________________________________

(May 1, 2020)


NSA released security guide choose safe conferencing and collaboration tools

The US National Security Agency (NSA) published a security assessment of today's most popular video conferencing, text chatting, and collaboration tools. The guidance contains a list of security criteria that the NSA hopes companies take into consideration when selecting which telework tool/service they want to deploy in their environments.

Ref - ZDNet

_______________________________________________________________________________________

(May 1, 2020)

Wider adoption of cyber hygiene principles due to COVID-19 pandemic 

Long before COVID-19, some notable behind-the-scenes forces were in motion to elevate cybersecurity to a much higher level. Then COVID-19 came along and obliterated societal norms and standard business practices. A sweeping overhaul of the status quo, foreshadowed by the sudden and acute shift to a predominantly work-from-home workforce, lies ahead. 


_______________________________________________________________________________________

(May 1, 2020)

Protecting home users with Threat & Vulnerability Management amid Coronavirus outbreak

Attackers have shifted their focus to take advantage of the COVID-19 outbreak. To help users effectively identify, assess, and remediate these endpoint misconfigurations, the Microsoft Defender Advanced Threat Protection (ATP) research team has added new assessments to our already rich set of existing secure configuration assessments in Threat & Vulnerability Management (TVM).

Ref - Microsoft

_______________________________________________________________________________________

(May 1, 2020)

New security challenges occur due to Covid-19 lockdown

Coronavirus crisis has brought a temporary change in working practices as a considerable proportion of businesses now have large numbers of employees working from home – and in some cases, the entire workforce has switched to remote working. For CIOs, this means they are suddenly having to cope with a range of new risks, threats, and challenges.

_______________________________________________________________________________________

(May 1, 2020)

Restaurant industry remains a target of cybercriminals during coronavirus outbreak

Amid Coronavirus outbreak, the restaurant industry remains a target because there's a wealth of client data on tap from places with lax security. Restaurants serve food and drinks to customers, but they can also unknowingly serve credit card data to hackers. Due to the volume of credit card transactions and CRM data available, restaurants need to take cybersecurity seriously before a criminal gets wind of the vulnerability.


_______________________________________________________________________________________

(May 1, 2020)

Scammers are now impersonating financial institutions on Instagram

Threat actors are using the novel coronavirus to impersonate accounts on social media. The threat actor created a private Instagram account referencing COVID-19 that used the credit union’s name, its logo, and its link to its legitimate website. The victim received a direct message from the account claiming their profile had been selected to receive a gift. The cybercriminal then followed up with a phone number.


_______________________________________________________________________________________

(May 1, 2020)

New Jersey released best practices guide for healthcare industry amid COVID-19 pandemic

The New Jersey Cybersecurity and Communications Integration Cell (NJCCIC) issued an advisory to hospitals and other healthcare organizations that cybercriminals are targeting them with phishing campaigns, ransomware, and other malicious acts referencing COVID-19. Cybercriminals are exploiting the fact that the healthcare sector is consumed with COVID-19 management and response to ramp up attacks.

Ref - JdSupra
_______________________________________________________________________________________

(May 1, 2020)

Two separate attacks targeted 50,000 different Teams users working from home

Due to Coronavirus, people around the world are now working form home and cybercriminals are taking advantage of it. A convincing cyberattack that impersonates notifications from Microsoft Teams in order to steal the Office 365 credentials of employees is making the rounds. Two separate attacks have targeted as many as 50,000 different Teams users.


_______________________________________________________________________________________

(May 1, 2020)

COVID-19 themed phishing attacks are on the rise 

Cyber attackers are leveraging the Covid-19 situation to launch phishing and social engineering attacks. Every nation has seen at least one Covid-19 themed cyberattacks. Every nation has seen at least one Covid-19 themed cyberattacks. Banking, telecom billing, and e-commerce transactions are seen as the major targets for attackers.


_______________________________________________________________________________________
(May 1, 2020)

Cyberattackers are taking advantage of the COVID-19 crisis to disrupt organizations

Cyberattackers are taking advantage of the COVID-19 pandemic to disrupt organizations, but only half technology professionals and leaders are confident their cybersecurity teams are ready to detect and respond to the increasing threats. Only 59 percent say their cybersecurity team has the necessary tools and resources at home to perform their job effectively.


_______________________________________________________________________________________

(April 30, 2020)

The global cybersecurity market size is expected to grow due to COVID-19 outbreak

The impact of COVID-19 on the global cybersecurity market size is expected to grow from USD 183.2 billion in 2019 to USD 230.0 billion by 2021, at a Compound Annual Growth Rate (CAGR) of 12.0% during the forecast period. COVID-19 crisis has transformed the thought process of a company's management and board toward cybersecurity.


_______________________________________________________________________________________

(April 30, 2020)

Security challenges and requirements during coronavirus pandemic

Operating within this temporary new norm isn't easy for business and it also poses a challenge for organizations to actively leverage a mix of on-premise and remote technologies to effectively operate.
In this crisis, manufacturers need to plan and properly secure devices that are fast becoming more complex machines with complex functions.


_______________________________________________________________________________________

(April 30, 2020)

COVID-19 is changing the cybercrime economy in many different ways

As the COVID-19 pandemic pushes the above-ground economy to the brink of a major recession, the cybercrime economy appears to still be hard-charging ahead. And yet, the virus has rapidly reshaped the way business is being done on the Dark Web, as buyers and sellers jump on the opportunity to capitalize on global fears, as well as dramatic shifts in supply and demand.


_______________________________________________________________________________________

(April 30, 2020)

Trickbot campaign targeting email recipients with fake messages 

A new Trickbot campaign has been discovered that currently targets email recipients with fake messages purporting to come from the U.S. Department of Labor (DoL). The spam leverages the Family and Medical Leave Act (FMLA), which gives employees the right to medical leave benefits, as context around COVID-19 in order to distribute the malware.


_______________________________________________________________________________________

(April 30, 2020)

Major spike recorded in COVID-19-themed cyber attacks 

Domestic cybercriminals and nation-state attackers alike are capitalizing on this time of uncertainty – and remote workers are a prime target. The FBI’s Internet Crime Complaint Center (IC3) is currently receiving between 3,000 and 4,000 cybersecurity complaints daily – a massive jump from their normal average of 1,000. Criminals are taking advantage of “the enormously high public interest in information” on COVID-19.


_______________________________________________________________________________________

(April 30, 2020)

Protecting VPNs from DDoS attacks on remote workers amid Coronavirs pandemic

More people are working remotely due to COVID-19 pandemic and VPN gateways are running at or near capacity. Users are accessing corporate resources from their homes and generating unprecedented amounts of network traffic. Because of this, businesses need to remain vigilant by putting DDoS detection and protection front and center in their security protocols.


_______________________________________________________________________________________

(April 30, 2020)

US elections even more vulnerable with COVID-19 pandemic

Cybersecurity experts are increasingly worried that U.S. elections are growing even more vulnerable to outside interference because of the coronavirus pandemic. They say funds to prevent interference and ensure people can vote safely are running thin, despite the fact that Congress has passed $825 million in funding for election security since December.

Ref - TheHill
_______________________________________________________________________________________

(April 30, 2020)

A trove of COVID-19 protective gear and medical supplies are being sold on Dark Web markets

Criminals have continued to leverage the high demand for medical supplies, plaguing the digital world with fake coronavirus-related items that threaten the lives and pockets of consumers everywhere. So while consumers are in a frenzied search of personal protective equipment (PPE), the Dark Web is oozing with a stock of Covid-19 related gear and medical products.


_______________________________________________________________________________________

(April 30, 2020)

COVID-19 outbreak has helped Cybercriminals to better market their cybercriminal wares and services

Many crooks are finding the Coronavirus outbreak has helped them better market their cybercriminal wares and services. The Coronavirus also has driven up costs and disrupted key supply lines for many cybercriminals. One of the more common and perennial cybercriminal schemes is “reshipping fraud,” wherein crooks buy pricey consumer goods online using stolen credit card data and then enlist others to help them collect or resell the merchandise.


_______________________________________________________________________________________

(April 30, 2020)

Coronavirus-themed malware threat activeness heaviest in states where testing has increased

Newly published telemetry data collected by the researchers at Bitdefender implies that U.S. reports of coronavirus-themed malware threat actors have been heaviest in states where testing has increased and the total number of confirmed infections has grown. Among U.S. states, California reported the most threats in both March and April, followed by Texas. New York was third in March, but fell to fourth in April, supplanted by Florida. Ohio rounded out the top five.


_______________________________________________________________________________________

(April 30, 2020)

NHS grants GCHQ access to beef up security during the coronavirus pandemic

Health Secretary of the UK has used emergency powers under the NHS Act of 2006 to give GCHQ special dispensation to access NHS data. This access has been granted to allow GCHQ to examine and boost NHS cybersecurity, amongst other IT systems, in order to better protect the health service from potential cyber threats during the Covid-19 coronavirus pandemic.


_______________________________________________________________________________________

(April 30, 2020)

NSA published a guide for a safe text chat and video conferencing service

The US National Security Agency (NSA) published last week a security assessment of today's most popular video conferencing, text chatting, and collaboration tools. The guidance contains a list of security criteria that the NSA hopes companies take into consideration when selecting which telework tool/service they want to deploy in their environments.

Ref - ZDNet

_______________________________________________________________________________________

(April 30, 2020)

Hospitals are the most targeted entity by ransomware attacks amid COVID19 pandemic

Despite promises from some ransomware groups to avoid targeting healthcare organizations (HCOs) during the COVID-19 crisis, multiple campaigns decided to activate in early April after months of planning. Microsoft’s threat protection intelligence team claimed that the highly targeted “human-operated” attacks it has been monitoring were begun at the start of the year when victim networks were compromised.


_______________________________________________________________________________________

(April 30, 2020)

Cybercriminals are keeping leveraging Coronavirs pandemic to target victims’ data and security

Countries that have reported the largest number of Coronavirus-themed reports seem to have also been those hit hardest by the pandemic. For example, the top countries that reported the largest number of themed-malware reports include the United States, Italy, and the United Kingdom. Many of these attacks usually have a shotgun-shell approach, and attackers seem to have also tried to get to as many victims as possible when targeting these countries.


_______________________________________________________________________________________

(April 30, 2020)

Network security disruption increased after sudden home working culture due to coronavirus lockdown

Nearly two-thirds (64%) of global firms have experienced network security disruption due to the sudden recent shift to home working, with some predicting a major surge in data breaches. Almost a quarter (23%) are experiencing major disruption to network security practices, while 61% said their VPNs have suffered connectivity issues.


_______________________________________________________________________________________

(April 30, 2020)

An increase recorded in scams and phishing attempts that reference COVID-19 outbreak

The coronavirus pandemic has presented cybercriminals with a crisis to exploit, and many are choosing phishing emails as their weapon of choice. According to research from Zscaler, its corporate customers faced an 85 percent increase in COVID-19 phishing attempts from January to March. Several of these emails asked for personal information while masked as government agencies.


_______________________________________________________________________________________

(April 29, 2020)

WebMonitor RAT now bundled with Zoom Installer to target users amid coronavirus pandemic

The coronavirus pandemic has highlighted the usefulness of communication apps for work-from-home (WFH) setups. Many users who working from home using a video chat software “Zoom,” and attackers are taking advantage by leveraging Zoom installers to spread a cryptocurrency miner. Recently a cyber attack is dropping a RAT called “WebMonitor.”


_______________________________________________________________________________________

(April 29, 2020)


A man behind N95 Mask Scam is charged with wire fraud

A Muskegon resident claimed to sold "Anti-Viral N95" masks for more than $40 per mask through the website EMGeneral.com, which happened to be a fake e-commerce company. Stevenson was found using stock photos from the internet to create an entirely fictitious professional management team for his e-commerce company. Some customers were sent emails containing excuses about shipping issues, while claimed to receive cheap fabric masks that did not conform to N95 standards.


_______________________________________________________________________________________

(April 29, 2020)


An interdisciplinary team developed a model for a contact tracing app that protects personal data 

A model for a contact tracing app that protects personal data has been developed by an interdisciplinary team at the Technical University of Munich (TUM). The researchers have created an encryption process that enables people who have come into close contact with a COVID-19-positive individual to be warned without their phones recognizing the infected person’s temporary contact number (TCN).


_______________________________________________________________________________________

(April 29, 2020)


The number of brute-force attacks targeting RDP endpoints rose sharply since the coronavirus pandemic

The number of brute-force attacks targeting RDP endpoints rose sharply since the onset of the coronavirus (COVID-19) pandemic. RDP brute-force attacks increased last month, when most countries around the globe imposed quarantines and stay-at-home orders, forcing companies to deploy more RDP systems online, increasing the attack surface for hackers.

Ref - ZDNet

_______________________________________________________________________________________

(April 29, 2020)


Cybercriminals are turning to AI to make cyber attacks more effective

Cybercriminals are increasingly turning to AI to make cyber attacks more effective and devastating than before, which could be the next big threat after COVID-19. During the COVID-19 epidemic, a vast amount of personal data of millions of people is being collected in almost all countries of the world. 
Several companies or criminal groups are allegedly leveraging the urgency by misusing data of users and causing cyber attacks.


_______________________________________________________________________________________

(April 29, 2020)


A rise in RDP brute-force attacks reported amid Coronavirus pandemic

The spread of COVID-19, organizations worldwide have introduced remote working, and employees working on home computers using remote-access tools. One of the most popular tool used by home users is Microsoft’s proprietary protocol is RDP. Now, cybercriminals are targeting it and as a result, an increase in cybercriminal activity targeting RDP has been reported in the past few months.


_______________________________________________________________________________________

(April 29, 2020)


The COVID-19 detection system targeted by unknown hackers 

Unknown hackers with the “THE0TIME” alias has put up for sale the source code of one of the technologies of the medical company, Huiying Medical Technology, which simply allows using AI (Artificial Intelligence) to detect the coronavirus or COVID-19 infection. The seller has claimed that he managed to gain access to experimental data related to COVID-19.


_______________________________________________________________________________________

(April 29, 2020)


A new e-skimming hack has been targeting WooCommerce amid COVID-19

Security researchers discovered a game-changer in e-skimming attacks on online shopping plugin “WooCommerce,” one that exponentially expands collective attackable surface. This would be a bad situation in normal times, but with the Covid-19 pandemic making many businesses more reliant on e-commerce and virtual transactions, the potential for an increase in poorly secured websites built on the fly is a matter for concern. 

Ref - AdamLevin

_______________________________________________________________________________________

(April 29, 2020)


Cybercriminals started targeting the oil industry with phishing attacks amid COVID-19 

The oil and gas industry has been taking a beating as severe as any other hit hard by the COVID-19 shutdown. Phishing and spear-phishing attacks are on the rise against Nuspire's oil and gas clients, and hackers are getting more sophisticated in avoiding detection. A 10% to 15% increase has been recorded in the number of attacks targeting Nuspire customers.


_______________________________________________________________________________________

(April 29, 2020)

UK businesses reacting to COVID-19 may inadvertently be exposing themselves to serious data loss

Over 500 COVID-19 related scams and over 2,000 phishing attempts have now been reported to UK investigators, resulting in the theft of £1.6m. While many attacks are focused on individuals, businesses are just as at risk. The National Cyber Security Centre (NCSC) has already issued guidance warning businesses to train workers on how to spot the signs of a phishing scam.


_______________________________________________________________________________________

(April 29, 2020)

Around 445 million cyber-attacks recorded since COVID-19 pandemic arises

In the first quarter of 2020, the Arkose Labs network recorded the highest attack rate ever seen. 26.5% of all transactions were fraud and abuse attempts, which is a 20% increase over the previous quarter. With COVID-19 restricting face-to-face interactions across the globe, consumer behavior is in flux and digital transactions are on the rise.


_______________________________________________________________________________________

(April 28, 2020)

Federal Agencies warning about the protection of patient data amid COVID-19 outbreak

The Defense Department, FBI, and other agencies offer steps on how care facilities can secure personal health information. The Defense Department’s assistant inspector general for the operation of cybersecurity audits culled “lessons learned” from past reports to stress the continued importance of protecting sensitive information as the department mobilizes to respond to the coronavirus pandemic.

Ref - NextGov

_______________________________________________________________________________________

(April 28, 2020)

Pirate streaming services and movie piracy sites are dropping malware

Pirate streaming services and movie piracy sites have seen a huge surge of incoming traffic during the COVID-19 pandemic with most people now having to stay inside due to shelter in place and lockdown orders. Malicious actors are taking advantage of this trend trying to infect potential victims with malware delivered via fake movie torrents.


_______________________________________________________________________________________

(April 28, 2020)

Cybercriminals laid the groundwork months ago for ransomware attacks amid COVID-19

The ransomware attackers are actively making coronavirus crisis worse, forcing health care and critical infrastructure organizations to pay up when they can least afford downtime. In many cases, hackers are reaping the rewards of groundwork they laid months ago before Covid-19 fully hit. During the pandemic, the risk of a cyberattack on the hospital has become more dangerous.

Ref - Wired

_______________________________________________________________________________________

(April 28, 2020)

A group of civilian cybersecurity professionals is created to fight coronavirus scams

An exclusive Slack group has been created as a hub for civilian cybersecurity professionals who wanted to stop coronavirus scams. It is like finding a small army of analysts whose expertise could be tapped into at any time. The Cyber Threat Coalition is one of two Slack groups, the CTI League is the other, created by civilian cybersecurity professionals who wanted to put their heads together to try to stem the rising tide of cybercrime.

Ref - NBC News

_______________________________________________________________________________________

(April 28, 2020)

Cybercriminals are pretending to be affected by the COVID-19 pandemic

Cybercriminals are posing as delivery companies and pretending to be affected by the COVID-19 pandemic as a means to trick potential victims into opening malicious email attachments or revealing credentials on phishing websites. The email urges recipients to provide missing information before a forthcoming government lockdown prevents completion of the delivery.


_______________________________________________________________________________________

(April 28, 2020)

Information security and technologies remained strong sectors amid the COVID-19 pandemic

Information security and technologies that speed up the cloud and content delivery remain relatively strong sectors amid the COVID-19 pandemic that has rattled numerous enterprises. Akamai and FireEye firms stood out as companies that are seeing strong demand in part due to an increase in cyberattacks. 

Ref - ZDNet

_______________________________________________________________________________________

(April 28, 2020)

Australian COVID19 Tracking App’s bug making users positive without any test

COVID-19 tracking app introduced by the Australian government has been informing users who haven't even been tested for the novel coronavirus that they have contracted the bug. Many Australians who downloaded the app were confronted with a screen informing them that they had tested positive for coronavirus, despite not having been tested for COVID-19. 


_______________________________________________________________________________________

(April 28, 2020)

A banking Trojan is taking advantage of COVID19 crisis to target users

The banking Trojan Grandoreiro has been taking advantage of the COVID-19 crisis to attack users. The Trojan hides in videos on fake websites that promise to provide vital information about the virus. Attempting to play the video leads to the download of a payload on the visitors’ device. Attackers are targeting users through COVID-19 scams on fake websites.


_______________________________________________________________________________________

(April 28. 2020)


Video call vendors are scrambling to revamp security in a COVID-19 world

Security issues in platforms including Zoom and Microsoft Teams have been made public, with some platforms banned from government and company use. However, on the whole, a new report suggests that vendors are working on improving the situation and the majority of popular teleconferencing solutions now meet at least minimum security standards. 

Ref - ZDNet

_______________________________________________________________________________________

(April 27, 2020)

Phishing campaigns targeting Zoom and Skype user credentials

Hackers are again taking aim at the increased number of remote workers during the COVID-19 pandemic through two new phishing campaigns: one attack method targets Skype credentials, while the other leverages fake Zoom video conferencing meeting notifications. With so many people working from home, remote work software like Skype, Slack, Zoom, and WebEx are starting to become popular themes of phishing lures.


_______________________________________________________________________________________

(April 27, 2020)

Phishing campaign found to be spoofing U.S. Federal Reserve

Some fraudsters have pivoted from using the COVID-19 pandemic as a phishing lure to create fake messages and malicious domains designed to capitalize on various US economic stimulus programs. The latest phishing campaigns include email messages and domains designed to spoof the U.S. Federal Reserve as well as the Small Business Administration.


_______________________________________________________________________________________

(April 27, 2020)


Germany changed its stance on the centralization of data generated from apps combating COVID-19

Germany has changed its stance on the centralization of data generated from mobile apps designed to help combat COVID-19. Until recently, German officials backed the idea of a mobile app that would generate geolocation information, including where a user goes and who they meet, of which this data would be stored centrally. 

Ref - ZDNet

_______________________________________________________________________________________

(April 27, 2020)


Cybercriminals using fake FedEx and UPS delivery issues in COVID-19 phishing

A new wave of phishing scams has been spotted, that utilize a COVID-19 theme and impersonate well-known shipping carriers such as FedEx, UPS, and DHL. In one of the emails, attackers impersonated DHL and stated that a package was being held due to the government lockdown during the Coronavirus crisis. It then prompts the users to make corrections to the attachment shipping document, which will then install the Bsymem Trojan.


_______________________________________________________________________________________

(April 27, 2020)


Hackers are faking Zoom meeting invites to steal user info

Malicious actors are now targeting users with fake Zoom meeting emails in order to steal their personal information and login credentials. This particular phishing scheme weaponizes many people’s fear of losing their job due to the economic downturn during the coronavirus pandemic. These spoofed emails come in the form of a Zoom meeting reminder with HR concerning the termination of the recipient’s employment.


_______________________________________________________________________________________

(April 27, 2020)


Colorado Hospital hit with ransomware attack amid COVID-19

Parkview Medical Center was hit with a ransomware attack on April 21. As of 27 April, the hospital's website still displayed a message saying it was "currently experiencing a network outage." The cyberattacks involved ransomware, rendering the hospitals' patient records systems inoperable. In a statement, Parkview said that a cyberattack, which it declined to specify, resulted in an outage of a number of its IT systems.


_______________________________________________________________________________________

(April 27, 2020)

Piracy site Popcorn Time active again to capitalize on COVID-19 lockdowns

A notorious website for pirated content has released a new child-friendly version to filter inappropriate content for younger users. Popcorn Time leaped to fame with a mission of making illegal content as easy to access as Netflix. It was originally pulled back in 2014 and resurrected several times in the interim before making another recent comeback to capitalize on COVID-19 lockdowns and stay-at-home orders.


_______________________________________________________________________________________

(April 27, 2020)


COVID patients’ information disclosed after a data breach incident

The National Privacy Commission (NPC) is looking into incidents of unauthorized disclosure on social media of personal information of more than 150 individuals who are either suspected or confirmed to have the coronavirus disease 2019 or COVID-19. It received 17 personal data breach notifications involving 154 suspected or confirmed COVID-19 patients from March 15 to April 23.

Ref - PhilStar

_______________________________________________________________________________________

(April 27, 2020)


Operators of scam-service issuing fake passes to move around amid COVID-19 lockdown is detained

Group-IB and the Moscow Department of Information Technology have helped Moscow police in identifying and detaining the operators of a fraudulent online service, selling fake digital passes to the residents of Moscow and Russian regions to move around the cities during the COVID-19 lockdown. A total of 126 fraudulent online resources websites were discovered.


_______________________________________________________________________________________

(April 27, 2020)


Zoom users are being targeted with phishing emails

As the coronavirus epidemic led to lockdown, so organizations around the world adopted work from culture and uses of video meeting and chatting tools increased. But cybercriminals are taking advantage of this situation by launching a phishing attack posing as Zoom meeting notifications and asking recipients to join a Zoom meeting regarding their supposed termination.


_______________________________________________________________________________________

(April 27, 2020)


Microsoft has patched a worm-like vulnerability in its Teams workplace

Amid coronavirus pandemic, use of video chat platforms have increased along with the security challenges they pose. For example, Microsoft has patched a worm-like vulnerability in its Teams workplace video chat and collaboration platform that could have allowed attackers to take over an organization's entire roster of Teams accounts just by sending participants a malicious link to an innocent-looking image.


_______________________________________________________________________________________

(April 27, 2020)


Google takes strong action with Gmail and G-Suite to tackle COVID-19 related cyber attacks

Gmail blocks over 100 million phishing emails and more than 240 million COVID-19 related spam messages on a typical day. In G Suite, the advanced phishing and malware controls are now turned ON by default, to make sure that all G Suite users automatically have these proactive protections in place. In addition, it also appointed a full-time dedicated team called Project Zero to prevent targeted attacks by reporting bugs to software vendors and recording them in external databases.

Ref - LiveMint

_______________________________________________________________________________________

(April 27, 2020)

Staggering 30,000% increase reported in COVID19 related cyber attacks

Zscaler, a security firm is claiming to have seen a tremendous 30,000% increase since January in detected phishing, malicious websites, and malware designed to capitalize on the COVID-19 crisis. The firm’s cloud security platform had stopped 380,000 attacks targeting home workers in March, up from just 1200 at the start of the year.


_______________________________________________________________________________________

(April 27, 2020)

U.S. Government Small Business Administration spoofed in COVID-19 scam to drop Remcos RAT

A phishing campaign is uncovered targeting small businesses that appear to originate from the U.S. Government Small Business Administration (SBA.gov). The emails, which include subjects and attachments related to the need for small businesses to apply for disaster relief loans or provide application status following the impact of the ongoing COVID-19 pandemic, eventually deliver Remcos RAT to those who open the attachments.


_______________________________________________________________________________________

(April 27, 2020)

Australia and US cyber diplomats called for an end to attacks on medical facilities

Australia's cyber diplomats have called for an end to attacks on medical facilities, such as the recent cyber attack on one of the Czech Republic's biggest COVID-19 testing laboratories. The US also notes the threat to the Czech healthcare sector, saying it has "zero tolerance" for malicious cyber activity against its partners in the fight against the pandemic.

Ref - ZDNet

_______________________________________________________________________________________

(April 27, 2020)

Australia’s Department of Health released a privacy assessment for COVIDSafe tracing app

As the Australian government launched COVIDSafe tracing app, the Department of Health also released a privacy assessment of the app. The report was prepared by law firm Maddocks and contains 19 recommendations, along with others that were made during the development of the app. Also, the app information will be passed only to state agency-based contact tracers.

Ref - ZDNet

_______________________________________________________________________________________

(April 27, 2020)

GitHub user creates a huge repository of all IOCs related to COVID related attacks

A GitHub user (a student at Oxford) has created a repository of all Indicators of Compromise (IOCs) related to COVID-19 related cyber-attacks so far. All the IOC's are used directly involved coronavirus / COVID-19 / SARS-CoV-2 cyber attack campaigns. Some of the IOCs are associated with threat groups such as “APT36,” which has been known to use this pandemic to target their victims. 
 
Ref - GitHub
 
 _______________________________________________________________________________________

(April 27, 2020)

Amazon piloting the use of video conference calls to verify the identity of merchants

Amazon.com Inc is starting the use of video conference calls to verify the identity of merchants who wish to sell goods on its websites, in a new plan to counter fraud (many of them using COVID-19 pandemic) without in-person meetings in the pandemic. Amazon said its pilot began early 2020 and included in-person appointments with prospective sellers.

Ref - Reuters

_______________________________________________________________________________________

(April 27, 2020)

Two million Australians downloaded coronavirus tracing app within hours of its release

Around two million Australians rushed to download an app designed to help medical workers and state governments trace close contacts of COVID-19 patients. Health Minister Greg Hunt said 1.89 million Australians have downloaded the tracing app CovidSafe as of 1600 (0600 GMT) on Monday, more than 7% of the country’s population.

Ref - Reuters

_______________________________________________________________________________________

(April 27, 2020)

Israel’s Supreme Court ruled that the government must legislate COVID-19 phone-tracking

Israel’s Supreme Court ruled on Sunday that the government must bring its use of mobile phone tracking deployed in the battle against the new coronavirus under the legislation. The court stated that the government must introduce legislation by April 30 and finish it within a few weeks if it wanted to continue tracking people’s phones in its efforts to stop the coronavirus from being spreading.

Ref - Reuters
_______________________________________________________________________________________

(April 27, 2020)

Many remote workers haven’t been given any form of cybersecurity training past twelve months

COVID-19 pandemic has brought a new wave of cyberattacks targeting remote workers, but a lack of training has resulted in the majority not taking threats seriously. A study of remote workers by app security company Promon found that six percent of remote workers haven’t been given any form of cybersecurity training in the past 12 months, with 77 percent saying they aren’t worried about their cybersecurity while working from home.


_______________________________________________________________________________________

(April 26, 2020)


Google and Apple are going to launch Covid-19 tracking tool soon

Apple and Google have been working on the contract-tracing tool (later changed to ‘exposure notification’) to fight the spread of novel coronavirus in the world. Recently, both the tech giants also announced that they were putting stronger privacy protections in their upcoming COVID-19 contact-tracing tool and will also launch a developers version.

Ref - LiveMint

_______________________________________________________________________________________

(April 26, 2020)


Around 3067 COVID-19 related cyber-attacks recorded in Q1 2020

Gulf Cooperation Council (GCC) countries have recorded 3,067 email, URL, and file threats related to the COVID-19 coronavirus in Q1 2020. As the COVID-19 coronavirus continues to spread, the topic is being used in many malicious campaigns, including email spam, business email compromise (BEC), malware, ransomware, and malicious domains.

Ref - SME10X

_______________________________________________________________________________________

(April 25, 2020)

Bluetooth vulnerabilities in Contact tracing apps can be exploited 

As governments around the world turn to contact tracing apps to aid in their efforts to contain the coronavirus, cybersecurity experts are warning this may spark renewed interest in Bluetooth attacks. If exploitable vulnerabilities are left unpatched, many devices could be breached by hackers and the user's personal data stolen.

Ref - ZDNet
_______________________________________________________________________________________

(April 25, 2020)

Cyberattackers taking advantage of COVID-19 pandemic are not sophisticated or novel

CrowdStrike and other security firms have observed that cybercriminal groups and online scammers are using fear about the pandemic to boost malicious campaigns. Malicious actors are using fake “health update” messages and lure promising “stimulus aid” to carry out attacks on users. It’s becoming more likely that the crisis is pushing malicious activity.


_______________________________________________________________________________________

(April 24, 2020)

Cyberattacks increased after WHO’s password leak incident 

The World Health Organisation (WHO) has seen a "dramatic" increase in cyberattacks since the pandemic started. The health organization had announced that around 450 active WHO email addresses and passwords were recently leaked online, along with thousands belonging to others working on the coronavirus response. Now there has been an increase in scammers impersonating it in phishing emails.

Ref - ZDNet

_______________________________________________________________________________________

(April 24, 2020)

CEO of Kaspersky Lab considers cyberattacks on hospitals during the COVID-19 as an act of terror 

Speaking at an online press conference, Eugene Kaspersky, the founder and CEO of IT security giant Kaspersky Lab, likened the cyberattacks on hospitals during the COVID-19 pandemic to the acts of terror. He stated that any attack made on a hospital at this time can be seen as equivalent to a terrorist attack.


_______________________________________________________________________________________

(April 24, 2020)

Scammers relaunch an old phishing scam to steal personal data

Fraudsters are once again leveraging the covid-19 lockdown for malicious purposes, by resurrecting an old phishing ruse – free Heineken beer kegs. The fake Heineken promotion was sent to UK consumers via WhatsApp and advertised as a limited-time offer of free beer for anybody willing to fill out a one-minute survey. The company has also released a statement on its Twitter account to stay away from this ‘Free Beer’ phishing scam.


_______________________________________________________________________________________

(April 24, 2020)

National Health Service’s website used to distribute stealer Trojan

A cybersecurity researcher has identified an NHS’s fraudulent site, which claims to offer downloadable advice surrounding the ongoing pandemic. The hackers have created a fake version of the NHS website capable of injecting malware and harvesting personal data. The available download infects the user with a stealer Trojan.


_______________________________________________________________________________________

(April 24, 2020)

The number of successful ransomware attacks against certain sectors is declining

Campaigns against government agencies, educational establishments, and healthcare providers aren't proving as successful as expected for the cybercriminals. Some ransomware gangs have vowed to hold off on attacks against hospitals and healthcare providers as the world battles COVID-19. But the number of successful ransomware attacks against certain sectors has actually declined, falling down from around 250 per quarter in 2019 to below 100 per quarter in 2020.


_______________________________________________________________________________________

(April 24, 2020)

Vietnamese state-backed cyber campaign targeted Chinese health authorities

Vietnamese state-backed hacker APT32 launched intrusion campaigns against Chinese targets between January and April 2020. The purpose of the intrusions was to collect intelligence on the COVID-19 crisis. In recent years, ties between Hanoi and Beijing have nose-dived, primarily over the South China Sea, where both sides are the territorial and maritime claimant.


_______________________________________________________________________________________

(April 24, 2020)

Amid COVID-19 pandemic ensuring the security of data becomes a challenge

Amid the lockdown, dependence on digital channels for daily interactions and transactions has increased. This has rendered sensitive data vulnerable, which is now accessible via a multitude of devices running on home networks. With almost all operations moving from safer corporate IPs to relatively more exposed home networks, businesses, and companies across the globe are finding it challenging to ensure the security of data.

Ref - PCQuest

_______________________________________________________________________________________

(April 24, 2020)

An ongoing Skype phishing campaign stealing users’ credentials

Due to the coronavirus pandemic, many organizations have switched to work from home, and the use of Skype increased for that reason. But hackers are taking advantage of it by launching a phishing campaign leveraging malicious emails to spoof video calling platform Skype in order to steal users’ account credentials.

Ref - TripWire

_______________________________________________________________________________________

(April 24, 2020)

Information and data sharing is very important in COVID19 efforts

In times of coronavirus crisis, the need for information is critical, and the COVID-19 pandemic provides a clear illustration of this. Healthcare officials and policymakers need data to inform their responses; and leaders across sectors need data to understand the impact of the crisis on their businesses. In such situations, threat intelligence can be shared using the Cyware Situational Awareness Platform (CSAP) to alert all key personnel about emerging threats.


_______________________________________________________________________________________

(April 24, 2020)

Amazon Web Services (AWS) bagged data storage contract for Australia's COVID-19 contact tracing app

Amazon Web Services (AWS) has been handed the data storage contract for Australia's soon-to-be-launched COVID-19 contact tracing app. Uploaded contact information will be saved in Australia in a highly secure information storage system and protected by further laws to regulate access to health professionals only.

Ref - ZDNet

_______________________________________________________________________________________

(April 24, 2020)

Apple, Google releases new contact tracing API specs, security, accuracy measures

Apple and Google released more technical details about their efforts to create contract-tracing tools. Amongst the changes made to the API they will provide to others, are stronger encryption standards, more accurate Bluetooth signals and more. The metadata associated with Bluetooth will be encrypted now and data about who a user has been retained on the device for 14 days, and will be deleted after that.

Ref - LiveMint

_______________________________________________________________________________________

(April 23, 2020)

Consumers could be vulnerable to COVID-19 spam campaigns

More than 6,000 percent increase has been detected in COVID-19-related spam, with lures ranging the full gamut of challenges and concerns facing individuals from phishing emails impersonating the Small Business Administration (SBA) and the WHO to the US banking institutions offering relief funds. Cybercriminals are being very calculative with their attacks and continue to pivot their tactics to lure victims.


_______________________________________________________________________________________

(April 23, 2020)

Data leak incident occur at the government of Nagaland website

A major data breach in the government of Nagaland website has led to personal details of many individuals being exposed. Personal information including bank account details, AADHAAR number, phone numbers, address, etc. has been leaked into the public domain. The data was shared by individuals wishing to avail the monetary package announced by the government due to the nationwide COVID-19 lockdown.

Ref - EastMojo
_______________________________________________________________________________________

(April 23, 2020)

Zoombombers are hijacking video chats and terrorizing AIDS activists

A group of AIDS activists is the latest victims of Zoombombers, hackers who hijack video sessions on teleconferencing platforms like Zoom. The hackers hacked their video chats and made obscene gestures and screened pornography. "Zoombombing", named for incidents on the video platform Zoom, has become increasingly common during the COVID-19 pandemic, and marginalized groups are frequent victims. 


_______________________________________________________________________________________

(April 23, 2020)

Attackers are sending spam emails to steal victims’ Skype credentials

Remote workers are being warned of a new phishing campaign targeting their Skype passwords. The phishing emails look “eerily similar” to a legitimate Skype notification alert, according to a report released by Cofense. Emails indicate users have 13 pending Skype notifications that can be checked by clicking a “Review” button. This button redirects victims to some malicious links having a phishing scam setup to steal personal details.


_______________________________________________________________________________________

(April 23, 2020)

Chinese ministry targeted by Ocean Lotus in search of information related to the coronavirus pandemic

The security firm “FireEye” has disclosed that it believes hacking group Ocean Lotus, also known as APT32 and sponsored by the Vietnamese government, was involved in a spear-phishing campaign targeting members of the Wuhan government and Chinese Ministry of Emergency Management in search of information correlated to the coronavirus pandemic that is spreading around the world.

Ref - ZDNet

_______________________________________________________________________________________

(April 23, 2020)

IcedId banking malware actively harvesting tax-related information amid COVID-19

The group behind IcedID banking malware has been targeting tax software and using custom kits to solicit important documentation from unsuspecting users. Attackers are targeting tax returns and are actively harvesting the data, due to the COVID-19 pandemic which has caused tax day to be extended to July 15. The tax information seems to be for a prior year, which is usually necessary for filing current taxes.


_______________________________________________________________________________________

(April 23, 2020)

WHO’s staff credentials leaked working on COVID-19 response

World Health Organization (WHO) has announced a recent leak of 450 active WHO email addresses and passwords along with credentials of thousands working on the response to the coronavirus pandemic. But the organization also said that this leak didn’t put the organization’s systems at risk, explaining that its systems were largely spared because the data was not recent.


_______________________________________________________________________________________

(April 23, 2020)

Fivefold increase reported in COVID-19 cyberattacks 

World Health Organization has seen a dramatic increase in the number of cyberattacks directed at its staff, and email scams targeting the public at large. Some 450 active WHO email addresses and passwords were leaked online along with thousands belonging to others working on the novel coronavirus response.

Ref - WHO

_______________________________________________________________________________________

(April 23, 2020)

COVID-19 pandemic is making the energy industry more vulnerable to cyberattack

Working remotely is the top priority for utilities, but this also exposes the energy industry to new cyber-risks coming both from inside and outside the walls of its cyber defenses. Utility CEOs and board members are now facing a unique blend of cyber and safety risks. Utilities will need to iteratively adapt cybersecurity protocols to protect operations as each trend shapes the new reality.

Ref - WeForum

_______________________________________________________________________________________

(April 22, 2020)

China still hacking Uighurs’ iPhones amid its COVID-19 crisis

China is one of the first countries to lockdown over the first months of 2020, as COVID-19 began its global spread. But that didn't stop suspected Chinese spies from carrying out a new smartphone-hacking campaign aimed at Uighur ethnic minority. From as early as Dec. of 2019 and continuing through March 2020, Chinese hackers used so-called "watering hole" attacks to plant malware on the iPhones of Uighurs, even during the spread of coronavirus.

Ref - Wired

_______________________________________________________________________________________

(April 22, 2020)

Google’s Threat Analysis Group disclosed the latest findings and threats related to COVID-19

Across Google products, bad actors are using COVID-related themes to create urgency so that people respond to phishing attacks and scams. Google’s systems have detected 18 million malware and phishing Gmail messages per day related to COVID-19, in addition to more than 240 million COVID-related daily spam messages.

Ref - Google

_______________________________________________________________________________________

(April 22, 2020)

Gates Foundation and WHO employees are targeted with absurd conspiracy theories

A network of neo-Nazi extremists is found to be circulating data dump of what appears to be the email addresses and passwords of members of the Gates Foundation, World Health Organization (WHO), Center for Disease Control and Prevention (CDC), and a virology centre based in Wuhan, China. The data dump appears to be an attempt at intimidating several of the leading government and non-governmental groups currently leading the fight against the worldwide coronavirus pandemic.

Ref - VICE

_______________________________________________________________________________________

(April 22, 2020)

APT32 targeting the Wuhan government and the Chinese Ministry of Emergency Management

From January to April 2020, suspected Vietnamese actors APT32 carried out intrusion campaigns against Chinese targets. Mandiant Threat Intelligence believes that the campaigns were designed to collect intelligence on the COVID-19 crisis. Spear phishing messages were sent by the actor to China's Ministry of Emergency Management as well as the government of Wuhan province, where COVID-19 was first identified.

Ref - FireEye

_______________________________________________________________________________________

(April 22, 2020)

Hackers launched “COVID-19 Stimulus Check” scams to steal money

Cybercriminals are using the delivery of stimulus checks as another way to launch a scam. The FBI explains that scammers are leveraging the COVID-19 pandemic to steal user’s money, user’s personal information, or both. The FBI has sent out a warning for the American public to be on the lookout for COVID-19 check scams.

Ref - SDtek

_______________________________________________________________________________________

(April 22, 2020)

Netflix and Disney+ streaming platform targeted with #COVID19 phishing scam

Hackers are turning their attention to streaming services in an ongoing bid to capitalize on the current COVID-19 pandemic and increase their own profits. An email security vendor revealed that it had spotted the registration of over 700 suspicious domains created to impersonate the Netflix brand. The recently launched Disney+ service is also coming under increasing scrutiny from cybercriminals looking for money.


_______________________________________________________________________________________

(April 22, 2020)

Concerns over COVID19 related Contact Tracing application security

Concerns have been raised by many experts regarding “solutions” to the current COVID-19 pandemic, including contact tracing apps. The concerns center around where the GPS data is stored, as the academics said it was vital not to create a tool that enables large scale data collection, either now or at a later time. They also suggested to avoid development of apps which allow reconstructing invasive information about the population.


_______________________________________________________________________________________

(April 22, 2020)

COVID-19 Relief Fund of the U.S found to be leaking data on thousands of firms

Thousands of US businesses may have had personal information (PII) leaked online after a government agency’s error with applications for economic relief led to problems. The Small Business Administration (SBA) claimed that a problem was discovered with the online portal used by businesses to apply for Economic Injury Disaster Loans (EIDLs). Unspecified “personally identifiable information” linked to 7900 businesses may have been disclosed to other applicants of the program.


_______________________________________________________________________________________

(April 22, 2020)

Top officials at the World Health Organization targeted by hackers

Top officials at the World Health Organization are being targeted by hackers as they work on the global response to the coronavirus pandemic. WHO’s security team has seen an increasing number of attempted cyberattacks on the officials since mid-March. WHO itself hasn’t been hacked, but employee passwords have leaked through other websites.

Ref - Yahoo

(April 22, 2020)


_______________________________________________________________________________________

Hundreds of online COVID-19 related scams disrupted

Federal authorities announced that an ongoing cooperative effort between law enforcement and private-sector companies, including multiple internet domain providers and registrars, has disrupted hundreds of internet domains used to exploit the COVID-19 pandemic to commit fraud and other crimes. In some cases, fraudulent sites were operated by public health organizations or agencies.

Ref - Justice

_______________________________________________________________________________________

(April 22, 2020)


Cybercriminals are taking advantage of COVID-19 to launch phishing attacks

Cybercriminals are taking full advantage of the COVID-19 pandemic to launch phishing attacks. In the first quarter of 2020, over 600% increase was detected in COVID-19 phishing attacks and there were over 18 million daily COVID-19 specific phishing and malware attacks. It is suggested that this is the right time to use the Domain-based Message Authentication, Reporting, and Conformance (DMARC) solution.

Ref - ZDNet

_______________________________________________________________________________________

(April 22, 2020)


Phishing hotline sending 5,000 suspicious emails in a single day

Over 80 coronavirus-related phishing and scam websites are taken down just one day after the UK's National Cyber Security Centre asked for the public to report suspicious emails. Just 24 hours after the “Suspicious Email Reporting Service” went online, the NCSC received over 5,000 reports of potentially suspicious websites, and 83 cybercriminal campaigns were taken down in the same duration. It adds to the 2,000 taken down already.

Ref - ZDNet

_______________________________________________________________________________________

(April 22, 2020)


Zoom adding security measures to reassure users after data leak

Zoom, the videoconferencing service whose popularity has soared during the coronavirus pandemic, stated that it is adding security measures to its software following scrutiny from independent researchers. The next upcoming version of “Zoom” will have stronger encryption for data sent between participants in a meeting to prevent tampering. It will allow Zoom account administrators to decide which parts of the world they route their data through.


_______________________________________________________________________________________

(April 22, 2020)


New York Department of Financial Services (“NYDFS”) issued guidance regarding COVID-19 pandemic

New York Department of Financial Services (“NYDFS”) announced guidance to all New York State entities covered under NYDFS’s cybersecurity regulation regarding assessing and addressing heightened cybersecurity risks due to the COVID-19 pandemic. The guidance classifies three areas of heightened cybersecurity risks due to the COVID-19 pandemic: remote working, third-party risk, and increased phishing and fraud attacks.


_______________________________________________________________________________________

(April 22, 2020)


Hundreds of websites removed in efforts to counteract a huge surge in COVID-19 scams

U.S. Department of Justice is extending its efforts to prevent a huge surge in internet scams related to the coronavirus pandemic. Federal officials announced that their ongoing cooperation between the government and a range of technology companies has resulted in the removal of hundreds of malicious websites that included “coronavirus,” “covid19” and related phrases in their names.

Ref - CyberScoop

_______________________________________________________________________________________

(April 22, 2020)

Providers of domain name registration services are under pressure because of COVID-19 cyber attacks

A large increase in malicious website registrations has prompted concern from US lawmakers. The providers of domain name registration services are under pressure to make sure they are doing all they can to stop scammers from setting up fake websites to prey on people looking for information related to the COVID-19 pandemic. Letters have been sent to eight domain name registrars and hosting services asking about what they were doing to combat COVID-19-related scams.


_______________________________________________________________________________________

(April 22, 2020)

Hackers from Vietnam targeted Chinese government over coronavirus response

The threat group “APT32” had tried to compromise the personal and professional email accounts of staff at China’s Ministry of Emergency Management and the government of Wuhan. The threat group is known to be working on behalf of the Vietnamese government. It was observed targeting governments, businesses, and health agencies in search of information about the new disease and how they are trying to combat it.

Ref - Reuters

_______________________________________________________________________________________

(April 22, 2020)

Overall online criminality remained steady even though COVID-19 scams on the rise

The number of COVID-19-themed scams is on the rise since the start of 2020, but overall online cyber criminality has remained steady. The threat level is pretty much the same, and apparently cybercriminals have just shifted their focus, their lures, and their phishes exclusively for COVID-19 significantly.


_______________________________________________________________________________________

(April 21, 2020)

More companies are getting compromised after coronavirus lockdown

The number of firms potentially compromised each week is still growing. Earlier, the number of companies compromised in Finland per week was around 200. Now it swiftly jumped to 800. In several cases, it was observed that hackers are turning passive compromise cases (dormant systems or infected system not used for any malicious activities) into active compromise cases. Due to the COVID-19 pandemic, most employees are now working from home and using home routers and VPNs, which are not designed to prevent malicious communications that were previously hindered due to company firewalls.


_______________________________________________________________________________________

(April 21, 2020)

U.K. government’s furlough scheme targeted by opportunistic hackers

Just after a few minutes of the U.K. government’s furlough scheme going live, it was targeted by opportunistic cybercriminals by imitating the country’s tax collection agency. Hundreds of phishing emails were sent in people’s inboxes inviting them to click on a link that guides them to what looks like an HMRC (HM Revenue and Customs) furlough claim website that asks people to fill in their personal, card and bank account details. 

Ref - CNBC

_______________________________________________________________________________________

(April 21, 2020)

A major increase spotted in coronavirus-themed spam on the internet 

According to IBM’s threat intelligence sharing platform, X-Force, the COVID-19 pandemic has created a unique opportunity for cybercriminals and it led to a 4,300% increase in coronavirus-themed spam on the internet since February. Cybercriminals are using the coronavirus outbreak to speed up their business, with virus themed sales of malware assets on the Dark Web.

Ref - Live Mint

_______________________________________________________________________________________

(April 21, 2020)

WhatsApp scams promising free streaming services on the rise

The demand for streaming services due to COVID-19 lockdown has driven an increase in fraudulent streaming services and related scams. Some messages falsely promise free memberships in exchange for users' account information. Many of these scams are distributed on social media such as WhatsApp, where attackers have greater visibility and a higher likelihood that someone will fall for their tricks.


_______________________________________________________________________________________

(April 21, 2020)

Cybercriminals are capitalizing worldwide level of concern surrounding the COVID-19

Cybercriminals are taking benefit of the worldwide level of attention surrounding the COVID-19 coronavirus to launch an insidious new round of attacks that are much more powerful than previous cyber-attacks. A lot of phishing campaigns are found to be taking advantage of the fear and uncertainty of coronavirus pandemic. Most of the attacks include emails offering vaccines or treatments for COVID-19.

Ref - Forbes   

_______________________________________________________________________________________

(April 21, 2020)

Evasive Formbook campaign found to be using COVID-19 themes

Research into COVID-19 threats by FortiGuard Labs suggests about a spam email campaign running in the wild. The spam email is full of spelling mistakes and grammar issues and carries Formbook payload. But the interesting angle taken by this attacker is that it mimics to come from a biomedical company focused on life science research, with distributors worldwide. One target for this spearphishing campaign is a chemical company in the Czech Republic.

Ref - Fortinet

_______________________________________________________________________________________

(April 21, 2020)

Cybercriminals are targeting U.S. military organizations with COVID-19 spearphishing schemes

The Department of Defense Cyber Crime Center (DC3) disclosed that cybercriminals have been targeting U.S. military organizations with coronavirus-related spearphishing schemes. Attackers behind the campaign aren’t just targeting defense industrial base companies and their networks, their main goal is to break into systems run by the Department of Defense.


_______________________________________________________________________________________

(April 21, 2020)

Cyber complaints concerning coronavirus are on the rise

The FBI has received thousands of complaints regarding scams and frauds related to the virus, as they received more than 3,600 complaints regarding coronavirus scams. This uptick gives the FBI an additional set of investigations to handle at a time when its agents are already busy trying to combat economic espionage and ward off election interference.

Ref - NYTimes

_______________________________________________________________________________________

(April 21, 2020)

Phishing campaign stealing Zoom credentials via fake layoff notifications

A phishing campaign is spotted, stealing Zoom credentials and tricking email recipients into thinking they are about to be laid off amid the pandemic. The attackers anticipate potential victims will click on a malicious link that supposedly links to a Zoom meeting hosted by human reRefs. This campaign targeting Office 365 users and so far spread around 50,000 mailboxes.

Ref - SCMagazine

_______________________________________________________________________________________

(April 21, 2020)

A WiFi hacking program distributing a Coronavirus-themed malware

A fake WiFi hacking program is found to be delivering a new Coronavirus-themed malware that tries to lock a user out of Windows while making some very irritating sounds. The malware identified as 'CoronaLocker' and was spotted by security researcher “Max Kersten” after one of his friends became infected by a program identified as 'wifihacker[.]exe'.


_______________________________________________________________________________________

(April 21, 2020)

Governments are using Email Reporting Service to handle COVID-19 scams

A “pioneering” Suspicious Email Reporting Service is launched by the National Cyber Security Centre (NCSC) to help those users, who continue to be bombarded by COVID-19-themed phishing attacks. The scheme is created to make it a lot easier for members of the public to report online scams including those taking benefit of widespread interest in the COVID-19 pandemic.


_______________________________________________________________________________________

(April 21, 2020)

Australia's COVID-19 contact tracing app will not have access to Commonwealth 

The Prime Minister of Australia has said that the government is carefully working through the security concerns and technical assurances of Australia's soon-to-be-launched COVID-19 contact tracing app. The application only collects data and puts it into an encrypted national store, which can only be accessed by the states and territories. The data will be locked in an encrypted data store that can only be accessed by state health "detectives." 

Ref - ZDNet

_______________________________________________________________________________________

(April 21, 2020)

Healthcare and pharma sector is a major victim of COVID-19 related cyber attacks

The global healthcare sector is targeted by an array of cyber-attacks taking advantage of COVID-19 fear. The healthcare sector mostly relies on the IT backbone to operate and that’s why targeted by cyber-attacks. This backbone includes radiology information systems (RIS), Hospital Information Systems (HIS) involving laboratory information systems (LIS), policy and procedure management systems (PPM), personal health records (PHR), and also the email servers.


_______________________________________________________________________________________

(April 21, 2020)

Cyber Criminals are creating scam sites to steal personal information of visitors

Cybercriminals are using scam and phishing techniques to target and hack into the massive stimulus packages released by governments after COVID-19 pandemic shutting down major parts of the global economy. Any user who visits these malicious websites is at risk of losing their personal information for payment theft and fraud. In March 2020, around 2,081 new domains were registered, out of which 38 were malicious and 583 were suspicious.


_______________________________________________________________________________________

(April 21, 2020)

Nation-state hackers are looking for COVID-19 related research

Hackers backed by a government or state-sponsored are targeting companies tasked with researching COVID-19. In some cases, hackers intrude into systems and perform reconnaissance. When a company publicly discloses that they are investigating or researching the COVID-19 disease, the firm becomes a target for hackers. Hackers often try to steal their proprietary information to see what the institutions are doing.


_______________________________________________________________________________________

(April 21, 2020)

Web traffic and attack trends are affected by COVID-19

A report from the security firm “Imperva” disclosed that the food and beverage industry experienced more web attacks globally (+6%), mainly in Germany (+125%). There were more attacks on the financial industry both globally (+3%) and in particular countries like Italy (+44%), UK (+21%), and Spain (+18%). These targeted countries are also the most affected countries by the COVID-19 pandemic.


_______________________________________________________________________________________

(April 20, 2020)

Hackers are selling MP3 files on Dark Web to cure coronavirus

Someone on Dark Web is found to be selling an MP3 file, who claims that listening to this music three to six times a day can help to kill the Coronavirus because of its frequency. In reality it just a scam created by scammers to fool users into paying money for useless MP3 files. Hackers were also found selling non-existent ventilators and alcohol sanitizers.

Source - HackRead

_______________________________________________________________________________________

(April 20, 2020

Major tech groups demanding coalition to defend against cyberattacks 

Cybercriminals have stepped up their efforts to target both organizations and individuals during the ongoing COVID-19 pandemic. Major technology groups, which include Microsoft, Amazon Web Services, Adobe, Verizon, McAfee, Palo Alto Networks and many other leading cybersecurity organizations, demanded that Congress should send funds to state and local governments to fight against cyberattacks.

Source - TheHill

_______________________________________________________________________________________


(April 20, 2020)

A government coronavirus tracking app leaking user data

A mobile application offered to the government of the Netherlands to track COVID-19 is found to be leaking user data. The application named as “Covid19 Alert,” is one of seven applications introduced to the Ministry of Health, Welfare, and Sport. The shortlisted mobile app's source code was published online for scrutiny as the government decides which solution to back. However, the source files included user data originating from another application.

Source - ZDNet

_______________________________________________________________________________________

(April 20, 2020)

Kogan delivery firm admitted suffering a cyber attack

Kogan has confirmed one of its delivery companies suffered a cyber attack during one of its biggest shopping seasons. The incident took place as Kogan experienced one of its biggest sales uplifts as the coronavirus pandemic escalated in Australia and New Zealand. The retailer claimed the attack on the unnamed partner resulted in the loss of tracking information for thousands of transiting items alongside other operational issues.

Ref - ArnNet

_______________________________________________________________________________________

(April 20, 2020)

Hackers trying to exploit Israeli government financial aid via phishing scams

Hackers were observed exploiting the roll-out of the Israeli Government’s financial relief plans for coronavirus. More than 4,300 domains relating to the new stimulus or relief packages have been registered since January 1, which are suspected to be used for phishing scams or other malicious intentions, like obtaining personal details or other financial gains.

Ref - JPost

_______________________________________________________________________________________

(April 20, 2020)

COVID-themed lures target SCADA sectors with data-stealing malware

A new malware campaign has been observed using coronavirus-themed lures to strike government and energy sectors in Azerbaijan. The scam uses the PoetRAT Remote Access Trojan (RAT) capable of exfiltrating sensitive documents, passwords, keystrokes, and even capture screenshots from the webcam.


_______________________________________________________________________________________

(April 20, 2020)

SMS Phishing increased during this pandemic crisis and targeting Indian users

SMiShing or SMS Phishing is a prevalent threat vector that has increased during the Coronavirus pandemic crisis, specifically within India and it is targeting Indian users. A text message discovered masquerading to be from the Income Tax Department of India. Upon clicking the link, it redirects the user to URL that appears to be a phishing page of the Income Tax Department of India.


_______________________________________________________________________________________

(April 20, 2020)

Microsoft report identifies Trickbot as the most prolific #COVID19 malware

The data collected by the Microsoft Security Intelligence team suggests that Trickbot is the most prolific malware operation using COVID-19 themed lures. Its malicious campaigns within the past few weeks used several hundreds of unique macro-laced document attachments in emails that pretend to be as messages coming from a non-profit offering a free COVID-19 test. But overall, there is no visible spike in cyber attacks, it is possibly just restructuring and diversion of existing campaigns with COVID-19 lures.


_______________________________________________________________________________________

(April 20, 2020)

The Information Commissioner's Office (ICO) provides clearance to COVID-19 contact tracing apps

ICO, the UK’s privacy regulator, has approved the contact tracing project that Google and Apple are working to end current COVID-19 lockdowns. The proposed project ‘Contact Tracing Framework’ or CTF claims to be aligned with the principles of data protection and uses Bluetooth technology and exchange of frequently changing anonymous identifier beacons to track and trace infections. It can notify the users if they have been in the vicinity of someone who subsequently tests positive for the virus.

_______________________________________________________________________________________

(April 18, 2020)

Cybercrime reports increased four times during COVID-19 pandemic

An FBI official said this week that the bureau has seen a spike in cybercrime reports since the onset of the coronavirus (COVID-19) pandemic. Speaking in an online panel hosted by the Aspen Institute, FBI Deputy Assistant Director said the number of reports has quadrupled compared to months before the pandemic.

Ref - ZDNet

_______________________________________________________________________________________

(April 18, 2020)

Cybercriminals are stealing data with fake ‘corona’ links

Cybercriminals are now pretending to offer cheap COVID personal loans or selling COVID insurance at a throwaway premium in India. Some people get calls asking for OTP promising credit of the government’s Garib Kalyan cash dole. Individuals are receiving a (fake) message which claims to provide a loan to manage any financial crisis, but which eventually steals the victim’s personal data.


_______________________________________________________________________________________

(April 18, 2020)

The German government losses tens of millions of euros in a COVID-19 phishing attack

The German state of North Rhine-Westphalia is believed to have been targeted by a COVID-19 themed phishing attack, resulting in losses worth tens of millions of euros. The cybercriminals created fake copies of the official website developed by NRW Ministry of Economic Affairs and used them it target thousands of victims to collect their personal details. These details were then used to file for government aids, resulting in losses of €31.5 million ($34.25 million) and up to a maximum of €100 million ($109 million) into fraudulent bank accounts.

Ref - ZDNet

_______________________________________________________________________________________

(April 17, 2020)


Ransomware attacks skyrocketed 148% amid COVID-19 pandemic

Ransomware attacks skyrocketed 148% in March, correlated to crucial days in the COVID-19 news cycle, implying that attackers are being opportunistic and using breaking news to take advantage of vulnerable populations. Some of these notable spikes include a 48% spike in attacks over baseline levels on Jan. 30 when the first COVID-19 case was disclosed by the U.S government.


_______________________________________________________________________________________

(April 17, 2020)

Oakland county leaks its COVID-19 related data

The internal COVID-19 data used by the Oakland County, Michigan, health department was briefly exposed to the public via WeChat application. The leak involved a non-public map, 
that included information about COVID-19 infected victims, such as gender, race, age, address, and mortality status. The map was unintentionally marked as public, resulting in the leak.

Ref - GovTech

_______________________________________________________________________________________

(April 17, 2020)

FBI official says foreign hackers have targeted COVID-19 research

At a recent panel discussion hosted by the Aspen Institute, a senior cybersecurity official with the FBI stated that the agency had recently detected malicious activity by foregin hackers targeting COVID-19 related research activities. The official said that the agency witnessed reconnaissance activity, and some intrusions, into those institutions that were publicly identified as working on COVID-19 research.

Ref - Reuters

_______________________________________________________________________________________

(April 16, 2020)

COVID-19 related spear-phishing attacks are rising

A report from the Barracuda security company revealed that coronavirus or COVID-19-related spear-phishing attacks are on the rise since January 2020. Between March 1 and March 23, around 467, 825 spear-phishing email attacks were detected. Also, 9,116 of those detections were linked with COVID-19, factoring about 2 percent of attacks. In comparison, a total of 1,188 coronavirus-related spear-phishing attacks were spotted in February, and only 137 were spotted in January.


_______________________________________________________________________________________

(April 16, 2020)

Malvertising campaign taking advantage of COVID-19 targeting IE users to steal their information

Cybercriminals have begun to adjust their malvertising campaigns to adapt their malicious ads, making them relevant to the COVID-19 crisis. They were seen using website names appearing to host information related to the coronavirus pandemic but instead were hosting the Fallout Exploit Kit to distribute Kpot v2.0 to people using outdated versions of Internet Explorer (IE). The kit tries to exploit a vulnerability in Adobe Flash Player (CVE-2018-15982), and a remote execution vulnerability in the VBScript engine (CVE-2018-8174) affecting multiple Windows versions.

Ref - Avast

_______________________________________________________________________________________

(April 16, 2020)

Google warns Gmail users about coronavirus phishing attacks

To prevent Gmail users from falling prey to coronavirus scams, Google has blocked 18 million COVID-19 themed phishing emails last week. The company is adapting its machine-learning models to battle scammers who are taking advantage of the pandemic. Google also stated that its blocking 240 million COVID-related spam messages every day.

Ref - ZDNet

_______________________________________________________________________________________

(April 16, 2020)

PoetRAT uses COVID-19 lures to target Azerbaijan public and private sectors

Security researchers at Cisco Talos reported a new attack campaign targeting the Azerbaijan government and energy sector. The threat actors used COVID-19 lures in the form of Word documents to drop the PoetRAT malware, a trojan written in Python, that is eventually used to steal victims’ files, passwords, and even images from the webcam.  


_______________________________________________________________________________________

(April 16, 2020)

Zoom-bombing disrupted a House Oversight committee meeting

According to a letter sent to the House Oversight Committee chairwoman by Rep. Jim Jordan, a high level Zoom meeting of the US government was disrupted by attackers, despite warnings against using it.

Ref - ZDNet

_______________________________________________________________________________________

(April 16, 2020)

Hackers are selling a critical Zoom zero-day exploit for $500,000

According to a new report by Motherboard, hackers are selling two new critical zero-day vulnerabilities in the video conferencing software, Zoom, that could allow someone to hack users’ accounts and spy on their calls. The two zero-day flaws affect Zoom’s Windows and macOS clients.


_______________________________________________________________________________________

(April 16, 2020)

Syrian surveillance campaign spreads malware in coronavirus apps

A Syrian state-sponsored hacking campaign has been found distributing coronavirus-themed applications that actually contain spyware. The current campaign is believed to be a part of a larger espionage operation running since at least January 2018. 


_______________________________________________________________________________________

(April 16, 2020)

Coronavirus-themed malware attacks bank customers via Chrome plugin

Researchers from Eset discovered a new malware attack campaign targeting Spanish banking customers to steal their banking credentials using the Grandoreiro trojan. The attackers lure users using COVID-19 themed videos to infect their machine with a fake Chrome browser plugin designed to steal their credentials. 


_______________________________________________________________________________________

(April 15, 2020)

Criminals found to be selling COVID-19 infected blood on the Dark Net

A darknet vendor claims to be giving coronavirus-infected blood for sale, which he says he has injected into bats. The store owner alleges that the blood was extracted from his hospitalized father. He is charging 0.005 BTC per bat. It is not clear whether the vendor is actually selling infected blood, or just looking to scam victims out of their Bitcoin (BTC).

_______________________________________________________________________________________

(April 15, 2020)

Linksys forces password reset for router users

Networking equipment maker, Linksys, has asked its router users to reset their passwords in the wake of recent attacks. Linksys routers were targeted in a recent campaign by attackers who redirected users to COVID-19 themed malicious sites to infect them with malware.


_______________________________________________________________________________________

(April 15, 2020)

House members seek $400 million to help states deal with cyber threats

In a recent letter, four Congress members have urged the federal government to allocate $400 million in dedicated funding to help state and local governments deal with increased cyber risks during the COVID-19 pandemic. The members suggest that the next planned coronavirus relief package being negotiated by Congress should include these additional funds.


_______________________________________________________________________________________

(April 15, 2020)

COVID-19 has united cybersecurity experts, but will that unity survive the pandemic?

The ongoing healthcare cybersecurity crisis has led to the formation of various volunteer groups such as the COVID-19 Cyber Threat Coalition (CTC), which comprises roughly 3,000 security professionals. This has helped in collecting, vetting and sharing new intelligence about new cyber threats during the pandemic. In this article, Brian Krebs discusses whether this kind of collaboration is expected to continue in the future.


_______________________________________________________________________________________

(April 15, 2020)

Fresh COVID-19 scams spread malware

A new report by researchers from Palo Alto Networks has revealed that cybercriminals are using COVID-19 lures in new phishing scams to spread ransomware and information stealers. The campaigns target healthcare firms, research facilities, and government agencies in the US, Canada, Europe, and elsewhere.


_______________________________________________________________________________________

(April 15, 2020)

New flight refund scam steals users’ financial details

Researchers at the security firm, Mimecast, warned of a new phishing scam that preys on COVID-19 fears to trick recipients into filling a fake flight ticket refund form to receive their money back. However, the form actually steals their personal and financial information and sends it to the attackers.


_______________________________________________________________________________________

(April 15, 2020)

CERT-In warns organizations about potential spike in cyberattacks on VPN

Computer Emergency Response Team of India (CERT-In) released a fresh advisory, warning organizations of cybercriminals who pose as genuine back-end support staff and try to extract sensitive data from gullible employees. The agency also alerted of an increase in attacks against VPNs used by numerous organizations.


_______________________________________________________________________________________

(April 15, 2020)

PPE, COVID-19 medical supplies targeted by BEC scams

In a warning posted on the FBI website, the federal agency stated that it was aware of multiple incidents wherein state government agencies were tricked into making advanced fund transfers to both domestic and foreign fraudulent brokers and sellers for purchasing PPE and other medical items.


_______________________________________________________________________________________

(April 15, 2020)

A 148% spike recorded in ransomware attacks amid COVID-19 pandemic

In March 2020, ransomware attacks hiked 148% over baseline levels from February 2020. Notable spikes in attacks can also be correlated to key days in the COVID-19 news cycle, hinting attackers are being opportunistic and leveraging breaking news to take advantage of vulnerable populations. 


____________________________________________________________________