Leading cyber risk journal Recorded Future has investigated how threat actors are using the global disruptions caused by COVID-19 to further their cyber threat activities
The emergence of coronavirus disease has also originated a new cybersecurity threat, igniting a bevy of COVID-19-themed phishing lures and newly registered COVID-19-related domains.
The technical threat surrounding COVID-19 primarily appears to be around phishing, with actors promising that attachments contain information about COVID-19.
Key findings suggest threat actors have also endeavoured to gain the trust of victims using branding associated with the US Centers for Disease Control and Prevention and the World Health Organization , as well as country-specific health agencies such China’s Ministry of Health, and companies such as FedEx.
Recorded Future assesses that, for the duration of the outbreak, COVID-19 will continue to be used as a lure, and that new versions of these lures targeting new countries will emerge.
The number of newly registered domains related to coronavirus has increased since the outbreak has become more widespread, with threat actors creating infrastructure to support malicious campaigns referring to COVID-19.
The initial spike in domain registrations coincided with a large spike in reported COVID-19 cases in mid-February — a possible indicator that attackers may have begun to realize the utility of COVID-19 as a cyberattack vector.