As expected, the COVID-19 pandemic has out brought some of the Internet’s worst. I’ve been working with several groups to information share and fight back on this stuff, including the COVID-19 CTI Group.

Cybersecurity experts come together to fight coronavirus-related hacking
An international group of nearly 400 volunteers with expertise in cybersecurity formed on Wednesday to fight hacking related to the novel coronavirus.

Here are a few things the bad guys are up to that you should be aware of, and some things you can do to stay safe:

THREAT: Opportunistic targeting healthcare organizations with ransomware, direct attacks aimed at stealing Personally Identifiable Information, and phishing sites for credential harvesting and malware injection.

ACTION: Healthcare folks all all shapes and sizes should expect attacks, especially while in crisis-mode and distracted.

THREAT: The beginnings of identity theft with the PII from above, given everyone is pretty distracted right now and detecting/defending against identity theft, takes vigilance and patience.

ACTION: The Consumer should be extra vigilant about credit card and credit check anomalies. A credit freeze, while not possible for everyone, is a safe bet right now.

THREAT: LOTS of covid-themed phishing attempting a variety of things, like extracting financial data or implant malware.

ACTION: Stop and think before you click. Can you call the sender to confirm? Is this a real email? If you’re unsure, ignore it.

THREAT: Mobile “CovidLock” ransomware targeting Android users masquerading at a Coronavirus tracker

ACTION: Antivirus on mobile goes some distance, but never has 100% protection against new threats. Don’t install applications that are new and not well tested or trusted – No matter how much they promise to fulfill your desire to be informed.

THREAT: Trolls, flashers, racists, and scum playing pornography, getting their junk out, and generally interfering with the rapid and sudden increase in the use of videoconferencing (…and yes, this includes kids, and yes, those assholes will be in jail soon).

ACTION: BE CAREFUL who you share links with, especially if you’re a school, church, government agency, or other likely targets for mischief or interruption. Enable passwords on Zoom/video-calls/Hangouts where possible, and be cautious in how you share them.