COVID-19 and Cybersecurity
In today’s complex and interconnected world virtually no major event occurs without an associated cyber threat. The COVID-19 pandemic is exception. As all of us work to mitigate this threat, we should be aware of how cybersecurity impacts us in doing so.
The Cybersecurity and Infrastructure Security Agency (CISA) warns individuals to remain vigilant for scams related to Coronavirus Disease 2019 (COVID-19). Cyber actors may send emails with malicious attachments or links to fraudulent websites to trick victims into revealing sensitive information or donating to fraudulent charities or causes. Exercise caution in handling any email with a COVID-19-related subject line, attachment or hyperlink, and be wary of social media pleas, texts or calls related to COVID-19.
CISA encourages individuals to remain vigilant and take the following precautions.
- Avoid clicking on links in unsolicited emails and be wary of email attachments. See Using Caution with Email Attachments and Avoiding Social Engineering and Phishing Scams for more information.
- Use trusted sources—such as legitimate government websites—for up-to-date, fact-based information about COVID-19.
- Do not reveal personal or financial information in email, and do not respond to email solicitations for this information.
- Verify a charity’s authenticity before making donations. Review the Federal Trade Commission’s page on Charity Scams for more information.
- Review CISA Insights on Risk Management for COVID-19 for more information.”
In addition, threats may take on the form of websites providing critical information to the public. For example, according to both CISA and the U.S. Department of Health and Human Services, a malicious website pretending to be Johns Hopkins University’s live map for Coronavirus COVID-19 Global Cases is circulating on the internet waiting for unwitting internet users to visit the website.
Visiting the website infects the user with the AZORult trojan, an information-stealing program that can exfiltrate a variety of sensitive data. It is likely being spread via infected email attachments, malicious online advertisements and social engineering. Furthermore, anyone searching the internet for a coronavirus map could unwittingly navigate to this malicious website.
While dedicated attacks to interfere with or slow response to this crisis remain a concern at federal and state levels, the primary cyber-related concerns for most of us related to COVID-19 include: