Defending Against Global Viruses

Many individuals and businesses are focused on the current COVID-19 pandemic, which may cause them to become distracted and unguarded from cyber threats and miss key indicators, potentially leading to network compromise and malware/ransomware infections. Threat actors are taking advantage of this opportune time to target organizations, business, and private citizens. Cyber-attacks are being launched against critical infrastructure and key resources, and jeopardizing the confidentiality, integrity, availability, and privacy of information and information systems.

The healthcare sector is not only overwhelmed with the impact of a global biological virus, they are also highly vulnerable to cyber-attacks that could disrupt their ability to diagnose and treat patients. The US Department of Health and Human Services, the Illinois Public Health District, and the Brno University Hospital in the Czech Republic were victims of recent cyber-attacks; however, threat actors are also exploiting vulnerabilities in various sectors, businesses, and supply chains. Threat actors are responsible for the increased coronavirus-themed phishing attacks and hacking campaigns, including a spear-phishing campaign dropping the Crimson RAT, a business email compromise campaign (BEC) distributed by Ancient Tortoise using financial aging reports, and an email campaign distributing the RedLine Stealer. Recent campaigns targeting New Jersey state employees include phishing emails attempting to deliver the DanaBot trojan.

The NJCCIC recommends users continue to exercise good cyber hygiene and cybersecurity best practices for disaster recovery/business continuity planning, backups, data mapping, remote access, authentication and access control, system patching, and physical security. We advise users to remain vigilant and exercise caution with coronavirus-themed emails, social media posts, and websites.