BLOG HOME > Update: COVID-19 Cyber Threats and Attacks

Update: COVID-19 Cyber Threats and Attacks

Director of SIEM Operations

The SecurityMetrics Security Operations Center (SOC) continues to monitor the COVID-19 situation and its impact on our clients and the entire community at large. Our COVID-19 Cyber Attacks Security Update Center contains the latest resources and content to help you navigate your data security and compliance concerns during this time. 

Current COVID-19 Cyber Threats

The UN Agency WHO has reported a 500% increase in cyber security incidents over the same period last year.

As our SOC team continues to hunt these threats, we want to provide a big-picture view of the situation from our front-row seat in this battle. This view includes any threats that could potentially impact our SM clients. Many early reports predicted that these advanced persistent threats (APTs) would hold off on attacking during the COVID-19 pandemic, but this has proven to be false

Phishing attack vectors are the most dominant type of threat we are seeing across the entire landscape. However, current cyber threats run the gamut from phishing to ransomware to some very clever attacks that mix old and new. Here is an overview:

Phishing emails

Phishing email threats continue. However, the types of phishing campaigns are varied. Our industry peers did a great job highlighting the many different types of phishing emails and how they look when they arrive in your inbox. 

phishing email

We are seeing greater sophistication, along with more government impersonators than ever before. Examples include a booby-trapped email scam in which attackers impersonate the Small Business Association (SBA) and target those seeking small business loans. In another scheme, attackers prey on those who need the CARES Act, specifically the paycheck protection program. 

Some phishing emails claim to be from the CDC or WHO and offer to disclose which individuals in your neighborhood test positive for COVID-19. If you click on the attached word doc, you will have enabled malware. We are even seeing threat actors create fake utility bills threatening disconnection of services. 

New phishing campaigns are popping up which involve imitating delivery services like FedEx, UPS, or Amazon. These campaigns send coronavirus-related emails with malicious attachments that can install backdoors. This can be especially impactful for businesses that are expecting deliveries and are being asked to pay “re-delivery” fees.

Malicious website registrations, malvertising, and fake news

There has been a spike in new malicious domain registrations that use the word “reopen” followed by a US city or state name. These specific domains are being registered in response to the coronavirus restriction protestors, and are an attempt to attract unsuspecting users who will visit and unknowingly click on malicious links.

malicious domain registrations

As always, be aware of malicious websites that appear to sell or promote anything related to the crisis, such as this example where threat actors create fake news sites to promote a phony pandemic survival book.

SecurityMetrics Pulse Helps You Manage Threats

Start Here

Video conferencing hacks

Many businesses and individuals are using a variety of video conferencing tools; all of which can be exploited by APTs. The security and compliance of these tools is all over the place. Many businesses–including banks–are banning tools like Zoom outright. Zoom’s CEO offered an outright apology letter in early April.

No matter which video conferencing service your business uses, every service has its own flaws and concerns. As always, perform your own due diligence and research before committing to any product or service that may impact the security and compliance of your firm or home. 

Website integrity, data security, and cloud protection

Most companies rely on their hardware, software, and websites to keep business running smoothly. But a recent survey indicates many IT leaders believe remote workers are a security risk and may potentially expose their employers to cyber attacks, impacting the reliability of the tools these businesses need to continue operating remotely. One dangerous attack which could affect business uses COVID-19 as a lure and can overwrite master boot records.

And recently, a joint publication of guidelines released by the National Security Agency (NSA) and Australian Signals Directorate (ASD) highlights ways to minimize the impact of a common kind of attack: web shell exploits. A web shell is a malicious program often written in languages like PHP or Java. Web shells allow attackers to remotely access web servers to steal business data. 

No matter where you store your data, staying on top of these threats in relation to your cloud data should be on the top of your list. We strongly recommend proactive education of your users on COVID-19 threats and cloud data protection.  This article is a great starting point and provides a useful, high-level perspective. 

Join Thousands of Security Professionals and Subscribe


Matt Heffelfinger–"Heff" is preferred–is a Utah based cybersecurity professional and serves as SecurityMetrics Director of SIEM Operations. His primary wheelhouse includes leading the SecurityMetrics Security Operations Center (SOC) and Threat Intelligence Teams for multiple clients both in the USA and globally.  With over 15 years of global cybersecurity experience, his career stops include Caesars Entertainment, TJX, Inc., General Electric, NBC Television and the Las Vegas Sands Corp.

We are excited to work with you.


Thank you!

Your request has been submitted.