US, UK warn of more Covid-linked attacks from state-sponsored groups

News by Chandu Gopalakrishnan

NCSC and CISA say state-sponsored threat groups and cyber-criminals will continue with their plans to exploit the Coronavirus pandemic.

State-sponsored threat groups and cyber-criminals will continue with their plans to exploit the Covid-19 scare, warned the government cyber-security agencies of the US and the UK.

In a joint statement detailing the threats, the National Cyber Security Centre (NCSC) UK and the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) warned about attacks against newly deployed remote access or remote working infrastructure.

SC Media UK this week reported about the discovery of a new IoT botnet with features and capabilities to be potentially used for DDoS attacks. An APT group from Pakistan was found using Coronavirus guidance as a phishing lure to target Indian government officials.

“Malicious cyber-actors are using the high appetite for Covid-19 related information as an opportunity to deliver malware and ransomware and to steal user credentials. Individuals and organisations should remain vigilant. For genuine information about the virus, please use trusted resources such as the UK government website, Public Health England or NHS websites,” said the statement.

“While the warning discusses APT groups targeting government, organisations across industries need to remain alert. They could either be caught in the cyber-crossfire or directly targeted, especially if they possess valuable intellectual property or work in the fields of advanced tech or critical infrastructure,” said Marcus Fowler, director of strategic threat at Darktrace. 

The joint advisory listed the steps to mitigate possible threats and the guidance on phishing and communication platforms for organisations and individuals. The advisory comes a week after the latest Covid-related warnings from Interpol and Europol.

Meanwhile, cyber-security firm Inky discovered two phishing campaigns that impersonated US president Trump and vice president Mike Pence. 

“Both were sent from email accounts hosted in Russia and were purportedly from the federal government and Donald Trump,” the company announced.

“The first email claimed that the current coronavirus quarantine would last until August 2020 and said that the Treasury Department and the IRS have moved "Tax Day" from the usual 15 April to 15 August.”

The UK government last month set up a rapid response unit to contain the spread of false Coronavirus information online.

"For users, the best defence is robust scepticism. Resist the urge to click on links in emails unless you are certain of the identity of the sender and the content of the message. Verify information independently if possible,” said Jonathan Knudsen, senior security strategist at Synopsys.

“For example, in this case, you could do an internet search yourself to discover that the White House is not emailing guidelines to individuals."

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews