Threat Update: COVID-19

Threat Update: COVID-19

Executive Summary 

The COVID-19 pandemic is changing everyday life for workers across the globe. Cisco Talos continues to see attackers take advantage of the coronavirus situation to lure unsuspecting users into various pitfalls such as phishing, fraud, and disinformation campaigns. Talos has not yet observed any new techniques during this event. Rather, we have seen malicious actors shift the subject matter of their attacks to focus on COVID themes. We continue to monitor the situation and are sharing intel with the security community, customers, law enforcement, and governments.

Protecting your organization from threats that leverage COVID themes relies on the same strong security infrastructure foundation that your organization hopefully already has. However, security organizations must ensure existing protections and capabilities function in a newly remote environment, that users are aware of the threats and how to identify them and that organizations have implemented security best practices for remote work.

What is Talos doing about it?

We have observed three broad categories of attacks leveraging COVID with known APT participation in each of these categories:Malware and phishing campaigns using COVID-themed lures
Attacks against organizations that carry out research and work related to COVID
Fraud and disinformation

Fraudulent website purporting to sell medical masks
Talos continues to monitor attacks leveraging COVID themes. We are aggressively detecting and blocking malicious domains, spam and phishing attacks. Additionally, we're sharing information with customers and partners via our AEGIS program, intelligence partnership with law enforcement and government organizations, a ..