UK and US issue joint report about COVID-19 exploitation

The COVID-19 pandemic is being increasingly exploited by malicious cyber actors according to investigators in the UK and US

A report, jointly published by the National Cybetr Security Centre (UK) and the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA), provides information on exploitation by cyber criminals and advanced persistent threat (APT) groups of COVID-19. It also includes a list of indicators of compromise (IOCs) for detection as well as mitigation advice.

The data suggests that cyber crime has now increased, but both the NCSC and CISA have seen an increase in the user of COVID-19 related themes. The threat of cyber crime has also increased due to an increase in home working which has led to the use of more vulnerable services such Virtual Private Networks (VPNs).

Individuals, small businesses and large organisations are at risk of COVID-19 scams and phishing messages, but the advisory offers some practical advice about how to protect you and your business from these types of attack.

The full advisory notice is available here –

The Guardian newspaper is reporting that UK authorities are aware of more than 500 coronavirus related scams and over 2,000 phishing attempts by criminals seeking to exploit fears over the pandemic.

As many as 50 reports are being received daily, with 41 relating to a recent scam involving an email asking for donations to buy “medical preparations and supplies” for the NHS to cope with coronavirus.

Other scams purporting to be official messages from the government include texts telling people they have been fined £250 for leaving their home more than once during lockdown.

The number of coronavirus-themed phishing attempts stands at 2,192. These usually involve an email attempting to trick people into opening malicious attachments which could lead to criminals stealing their banking details, email logins and passwords.