The United States Department of Homeland Security (DHS) and the United Kingdom's National Cyber Security Centre (NCSC) issued new guidance to inform businesses and organizations of the growing use of COVID-19-related themes by malicious cyber actors. Taking advantage of the global emergency and the rapid transition to telework arrangements, cyber criminals are targeting individuals, small and medium enterprises, and large organizations with COVID-19-related scams and phishing emails.

As described in our recent advice, Data Privacy Concerns: Tips for Teleworking During Coronavirus, the transition to telework can leave organizations of all sizes exposed to new cyber security threats and vulnerabilities. The threats being observed by DHS and NCSC include:

  • Phishing, using the subject of coronavirus or COVID-19;
  • Malware distribution, using coronavirus or COVID-19- themed lures;
  • Registration of new domain names containing wording related to coronavirus or COVID-19;
  • Attacks against newly deployed remote access and teleworking infrastructure; and
  • Sophisticated social engineering attacks, often taking advantage of concern around the coronavirus pandemic in order to persuade potential victims to click a malicious link or download a file containing malware. 

The DHS and NCSC guidance provides in-depth analysis of these cybersecurity threats and includes links to numerous additional federal resources. All of this information can be utilized by information security staff to patch gaps in information systems or cybersecurity protocols, educate workforce members on current and emerging cybersecurity threats, and anticipate the type and manner of future attacks.

The DHS and NCSC guidance is available in full at https://www.us-cert.gov/ncas/alerts/aa20-099a.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.