Technical Support: 412-349-6678 | Incident Response
| Remote Support | Client Portal

COVID-19 Cyber Attacks & Vendor Responses

COVID-19 offers - woman working from home
Posted on March 31, 2020

Times of crisis bring out the worst, and the best, in people, and the COVID-19 pandemic is no exception.

On one hand, scammers have surged in their attacks to take advantage of our fears. On the other hand, many IT and cybersecurity companies, such as Carbon Black and Fortinet, have stepped up to offer additional resources to companies in need. 

Let’s break down the attacks, and go through the solutions.

Coronavirus Phishing

Malware cyber criminals and scammers tend to favor the ease of phishing attacks.

With the rise of the pandemic, Sophos Labs noted that, as of March 22, COVID-19 and coronavirus email scams rose to 2.68% of all email scams.

Those spam campaigns cover a wide variety of scams and attacks, including:

  • Extortion emails that threaten to infect the families of victims with coronavirus unless victims pay $4,000;
  • Fake fundraising pleas from the World Health Organization (WHO);
  • Phishing attacks that install Netwalker Ransomware;
  • WHO ‘information emails’ whose documents install dropper malware, such as the Trickbot Trojan;
  • Department of Health and Human Services (HHS) scam emails that take advantage of open redirects by making each link look like HHS.gov, then redirecting victims to a site that installs malware;
  • Sleazy marketing emails for “emergency supplies,” or a $37 video offering ‘insider information’ from a “military source” on how to survive coronavirus;
  • Offers for jobs from the “Vasty Health Care Foundation,” which claims to fund legitimate relief efforts, but actually just tricks people into laundering money.

Related: How to Prepare Your Business For COVID-19

Other COVID-19 Attacks

In addition to phishing, other attacks prompted by COVID-19 include: Fake antivirus, fake coronavirus-finder software, and hijacked router DNS settings.

Related: Are You Monitoring Your DNS?

The coronavirus antivirus promises protection against COVID-19 by using “AI development” created by “scientists from Harvard University.” 

If someone within your organization clicks on the software link, it will load BlackNET RAT malware, which adds that person’s computer to botnets. It also installs keyloggers, scripts, and other dangerous packets.

The Coronavirus Finder Android software, currently focused on Spanish-speaking victims, promises to locate people near you who are infected with COVID-19 for €0.75. 

While it does not charge the victim, the scam allows attacks to obtain each user’s credit card information.

Lastly, cyberattackers hijack router DNS settings to push alerts for a fake COVID-19 information app from the World Health Organization through web browsers. 

Anyone who follows the alerts winds up downloading the Oski information-stealing Trojan malware, which captures the user’s cookies, browser history, browser payment information, saved login credentials, text files, cryptocurrency wallets, browser form autofill information, and two-factor authorization databases.

Industry Support

Fortunately, many IT and cybersecurity vendors have stepped up to support organizations with resources and free software amidst the chaos.

As attackers continue to create malware and new types of attacks, Sophos Labs is updating its website with the latest threat information. Additionally, Sophos launched a Slack channel and a public GitHub to collaborate and share new information in real time.

Recent: Is Your Company At Risk For a Cyber Attack?

Additionally, CSO magazine published an initial list on March 18 that includes many different offers, including:

  • Application security offers from Akamai and Cloudflare for temporary free access or free seats;
  • Authentication security offers from 1Password, Dashlane, Okta, Ping, RSA and SecureAuth with extended free access to their services for new and existing customers;
  • Email security – GreatHorn is offering 60 days of free access;
  • For encryption, Beachhead Solutions is offering free additional licenses for its SimplySecure service, and PreVeil is offering its encrypted email and file sharing services for free;
  • For endpoint protection, AppGuard, Morphisec, PC Matic, and SentinelOne published free offers for endpoint protection and management tools;
  • For network security, AppGate, Cisco Webex, Fortinet and ZeroTier have released a variety of offers to support remote workers
  • Remote access security vendors, such as Banyan Security, BlackBerry, Ericom, and ManageEngine provide a variety of free tools;
  • For threat intelligence, a coalition between King & Union, ThreatConnect, and D3i formed to provide free services.
  • For wireless protection, Minim is providing four months of home security and managed Wifi to help protect remote users.

VMware Carbon Black

Right now, Ideal Integrations partner, VMware Carbon Black, is eliminating customer endpoint limits for 90 days to help clients expand coverage to employees working from home.

Carbon Black also published resources to help CISOs do the following: Secure remote users, deal with a surge in remote users, mitigate phishing risk, and to protect distributed endpoints.

As the malware response grows, our industry is stepping up to support you.

Caution & Counsel

Remote work puts a strain on your IT resources.

While some of you have been working remotely for years, many employees struggle with remote access at first. 

Naturally, that struggle falls into the lap of your help desk support team.

Even veteran administrators are challenged by the sudden surge of remote workers on systems designed for an onsite workplace.

NEW: Work Any Time From Anywhere With Our Business Continuity Desktop as a Service!

Installation of new software can be disruptive, complicated, and create additional vulnerabilities, if not implemented correctly.  Likewise, creating news processes to accommodate additional security may create friction, user backlash, and attempts to circumvent security.

At Ideal Integrations, we highly recommend and directly offer some of these vendor solutions. However, we also understand that not every offer fits every situation – your organization is unique, and needs to be treated as such. 

While we highly recommend that you explore new solutions or extend your existing solutions to new endpoints, we also want you to exercise caution. 

Our team is here to guide you through each option, provide recommendations, offer comparisons of different tools, and assist you in creating a safe working environment for your users.

The Right It Support

If your organization needs help preparing for remote work to combat COVID-19, Ideal Integrations and Blue Bastion are ready to discuss your options, plan your strategies, and help you execute a range of options.

From an emergency contingency plan to a full-blown transition to remote work for the company, we have in-house and partner solutions to fit a variety of needs and budgets.

We maximize your return on IT by providing solutions unique to your organization. 

Ready to get started? Complete the form below, or call us at 412-349-6680.

***

About Ideal Integrations

At Ideal Integrations, our focus is to provide you with a sustainable competitive advantage through the strategic use of technology. We combine cutting edge innovations with a creative and skilled team of engineers to deliver customized technology solutions that will help your company succeed.

Building networks and partnerships, we are by your side!

Create a Remote Strategy with 24/7/365 IT Management & Support Today!

  • This field is for validation purposes and should be left unchanged.