COVID-19 Critical Infrastructure Cyber Threat Brief

The full Cyber Threat Brief for Critical Infrastructure can be downloaded here.

There has been a significant uptick in cyberattacks exploiting fear of the coronavirus to compromise victims. Notably, however, there has not been a surge in the total number of attacks. Instead, existing cybercriminal operations have been rethemed with COVID-19 lures. Attackers have not gained more resources, but are instead repurposing their existing phishing, ransomware, and malware infrastructure to include COVID-19-themed keywords in a bid to infect more users. [1]

All sectors are being targeted with COVID-19-themed attacks, including those operating in the critical infrastructure space. Attacks have ranged from generic “spray and pray” attacks to highly targeted advanced persistent threat (APT) operations. A broad array of nation-state actors have been involved from China, Russia, North Korea and Iran, among others. Sophisticated cybercriminals are also staging coronavirus-themed attacks. Most notably, organised ransomware gangs, who have continued to compromise, encrypt and leak data from a diverse group of organisations.

Coronavirus-themed malicious emails are predominantly delivering phishing links. However, a variety of malware is also being disseminated. Many of the emails impersonate legitimate organisations, such as the World Health Organization (WHO), Centres for Disease Control (CDC) and other healthcare bodies. [2]

The scale of the threat is vast: GMail’s in-built malware scanners blocked around 18 million phishing and malware emails using COVID-19 lures in a single week. [3] The prevalence of coronavirus-themed attacks has sparked cooperative action from British and American cybersecurity bodies. On 8 April, US-CERT, CISA, and the UK NCSC issued a joint security advisory, warning of an increase in COVID-19 related themes by malicious actors for SMiShing, phishing for credential theft, and phishing for malware deployment. US-CERT’s report can be found here. The full security advisory from the NCSC can be found here.

The unprecedented shift to remote working has compounded the risk of malicious cyber-attacks and accidental breaches. According to a study of 41,000 companies, many of the millions of home workers are using malware-infected work from home and remote office (WFH-RO) networks. These networks are were found to be 3.5 times more likely to be infected. Indeed, 45% of companies were found to have malware on their employees’ work from home networks. [4]

Disinformation, misinformation and conspiracy theories are rife. The situation has become so serious that the WHO declared an “infodemic” and warned of the potential impact on global health. [5] Unsubstantiated claims about the origin and scale of the disease, its prevention and treatment, have circulated on social media, via text messages, and in Russian and Chinese state media. One of the more outlandish conspiracy theories linked 5G networks to the coronavirus pandemic. Despite numerous official sources stating that the allegations are false, the rumours have had significant real-world consequences. Across the UK, activists have set fire to what they believed were 5G masts at over 20 locations. [6]

Firms operating in the critical infrastructure sector are by definition vital to national security. Consequently, it is essential that all possible steps are taken to protect the operational capacity of these key organisations from coronavirus-themed attacks. Cyjax can help ensure that staff are aware of emerging digital threats and understand how to protect themselves and their employers. This will significantly reduce the likelihood of a successful attack, protecting the organisations and the millions of British citizens that rely on them.

Download the COVID-19 Critical Infrastructure Cyber Threat Brief here.