Hackers using COVID-19 to find OT, IoT gaps

Employees working from home need to be vigilant about phishing campaigns using COVID-19 related content to find gaps and organize cyberattacks.

By Alessandro Di Pinto April 9, 2020

While the world is grappling with the COVID-19 pandemic, nation-state and other threat actors are capitalizing on the climate of fear, uncertainty and doubt to find OT and IoT security gaps and orchestrate new cyberattacks.

Phishing campaigns are now using COVID-19-related subjects, hyperlinks and attachments to capture the attention of unsuspecting targets. Official-looking emails and messages on social media masquerading as COVID-19 information or alerts are just some of the other methods being used.

The World Health Organization (WHO) released a warning about phishing campaigns impersonating WHO officials. The threat actor’s goal was to compromise readers by asking them to click on malicious links or open malicious attachments.

Targeting of healthcare institutions has also increased. For example, a medical facility involved in performing medical trials on COVID-19 vaccines was hit by the Maze ransomware. While the organization’s computer systems were quickly restored without affecting operations or succumbing to the threat actor’s demands, some patient information was exfiltrated and leaked online.

Cyber criminals have begun selling COVID-19-themed phishing kits to those looking for easy ways to infect users. For example, a replica of the Johns Hopkins University coronavirus tracking map was modified by attackers to contain malware. Various nation-states have also started using similar techniques to increase the effectiveness of their attack campaigns and further their goals of stealing sensitive information and intellectual property.

Working remotely

As working from home becomes the norm for millions of people around the world, a single mistake by an employee could potentially jeopardize a company’s data. During stressful situations, team members might simply be less diligent about security practices, and therefore more susceptible to attacks.

While the COVID-19 crisis deepens across the globe, threat actors will continue to look for new ways to exploit human nature for their own gain. It has never been more important to train employees on how to properly identify social engineering and spearphishing attempts, and review your OT and IoT security practices to ensure you’re able to proactively identify anomalies, and detect and respond to attacks.

This content originally appeared on ISSSource.comISSSource is a CFE Media content partner.


Author Bio: Alessandro Di Pinto is security research manager at Nozomi Networks. He is an Offensive Security Certified Professional (OSCP) with an extensive background in malware analysis, ICS/SCADA security, penetration testing and incident response.