COVID-19 Cybersecurity Threats
Ken Bloch, Program Manager

With so many people suddenly remote working, it should probably come as no surprise that bad actors are using the COVID-19 pandemic to ramp up their threats to the rest of us. Many of us are teleworking for the first time as well, and many of our smaller businesses lack the resources or technical sophistication to protect themselves.
The US Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC) recently issued a joint cyber alert providing information on how cyber-criminal and advanced persistent threat (APT) groups are taking advantage of the virus and people’s thirst for information. For those that of you that aren’t cyber junkies like myself, APTs are basically state-sponsored bad guys. The alert discusses current methods of attack as well as mitigation advice. The full alert is available at AA20-099A: COVID-19 Exploited by Malicious Cyber Actors .

Threats observed include:

  • Phishing, using the subject of coronavirus or COVID-19 as a lure,
  • Malware distribution, using coronavirus- or COVID-19- themed lures,
  • Registration of new domain names containing wording related to coronavirus or COVID-19,
  • Attacks against newly—and often rapidly—deployed remote access and teleworking infrastructure

Personally, I recommend that folks be patient and think before clicking on anything. We’re all anxious to find out what to do in this situation, but a few moments to check something out can be worth it. CISA encourages individuals to remain vigilant and take the following precautions:

  • Avoid clicking on links in unsolicited emails and be wary of email attachments,
  • Use trusted sources—such as legitimate, government websites—for up-to-date, fact-based information about COVID-19,
  • Do not reveal personal or financial information in email, and do not respond to email solicitations for this information
  • Verify a charity’s authenticity before making donations. Review the Federal Trade Commission’s page on Charity Scams for more information.

Please reach out to your local counselor or any of us with your questions or to request assistance. Maine PTAC will be ready to help you. Oh, and stay safe and wash your hands!