covid19/coronavirus - what are the bad guys up to?

As expected, the covid19 pandemic has out brought some of the Internet’s worst. I’ve been working with several groups to information share and fight back on this stuff, including the COVID-19 CTI Group.

Here are a few things the bad guys are up to that you should be aware of, and some things you can do to stay safe:

THREAT: Opportunistic targeting healthcare organizations with ransomware, direct attacks aimed at stealing Personally Identifiable Information, and phishing sites for credential harvesting and malware injection.

ACTION: Healthcare folks all all shapes and sizes should expect attacks, especially while in crisis-mode and distracted.

THREAT: The beginnings of identity theft with the PII from above, given everyone is pretty distracted right now and detecting/defending against identity theft, takes vigilance and patience.

ACTION: The Consumer should be extra vigilant about credit card and credit check anomalies. A credit freeze, while not possible for everyone, is a safe bet right now.

THREAT: LOTS of covid-themed phishing attempting a variety of things, like extracting financial data or implant malware.

ACTION: Stop and think before you click. Can you call the sender to confirm? Is this a real email? If you’re unsure, ignore it.

THREAT: Mobile “CovidLock” ransomware targeting Android users masquerading at a Coronavirus tracker

ACTION: Antivirus on mobile goes some distance, but never has 100% protection against new threats. Don’t install applications that are new and not well tested or trusted - No matter how much they promise to fulfill your desire to be informed.

THREAT: Trolls, flashers, racists, and scum playing pornography, getting their junk out, and generally interfering with the rapid and sudden increase in the use of videoconferencing (…and yes, this includes kids, and yes, those assholes will be in jail soon).

ACTION: BE CAREFUL who you share links with, especially if you’re a school, church, government agency, or other likely targets for mischief or interruption. Enable passwords on Zoom/video-calls/Hangouts where possible, and be cautious in how you share them.


I’ll go more into these issues, add others, and put a little more work into breaking them down for the layperson over the next week - but for now, I wanted to get these out there as food for thought.

Casey John Ellis

Casey John Ellis

founder bugcrowd and disclose.io, keynote speaker, security strategist

comments powered by Disqus
rss facebook twitter github gitlab youtube mail spotify lastfm instagram linkedin google google-plus pinterest medium vimeo stackoverflow reddit quora quora