Threat actors of all types are exploiting uncertainty and publicity of the pandemic
Cyber threat actors across the spectrum — from government-backed groups to organized crime gangs — are using the public’s fear, uncertainty, and curiosity about the pandemic to adapt their threat vectors, tactics, and targeting strategies.
- There has been an increase in the number of phishing, malicious sites, and business email compromise attempts linked to the pandemic, according to multiple sources. This malicious content can appear as fraudulent news updates, precautionary guidance, virus maps, lab results, or employer memos.2,3,4,5
- Threat actors conducting data theft for extortion, disruptive or destructive ransomware attacks, and/or seeking to damage an enterprises’ brand have targeted organizations perceived as under pandemic-related strain.6 Furthermore, a company’s actions or statements considered inappropriate could trigger “hacktivist” and insider threats resulting in IT business disruptions, or theft and disclosure.
Threat actor motivations, tools, and objectives remain constant, but with the added benefit of users seeking information on the pandemic, in some cases willing to ignore or bypass user training and awareness or technical controls to obtain information.
- Established, professional cyber-criminal groups and upstart cyber criminal gangs have used information about the pandemic to get users to download their malicious tools, according to multiple sources. 7,8,9 Such tools include downloaders, keyloggers, phishing sites, ransomware and remote access tools.10,11
- These groups’ goals remain the same; to solicit private health information (PHI), personally identifiable information (PII), account credentials, donations, and ransoms.12
- Government-backed threat actor groups have used information on the pandemic to target organizations with their own malicious tools.13,14,15 In addition to their standard goals of continued espionage; these groups’ government backers have been tasking them to collect virus-related health information, likely for national health response benefit.16