The US Cybersecurity and Infrastructure Security Agency (CISA) of the Department of Homeland Security have issued a rare joint alert with the UK’s National Cyber Security Centre (NCSC) regarding coronavirus-related threats. The alert warns that cybercriminals and nation -state hackers are trying to take advantage of the pandemic for criminal gain.   The agencies warn that “APT [advanced persistent threat] groups and cyber criminals are targeting individuals, small and medium business, and large organizations with COVID-19 related scams and phishing emails.”

The alert attaches two files that should be brought to the attention of IT and security organizations that include a partial list of more than 2,500 indicators of compromise.  The indicators of compromise should be reviewed as part of any entity’s cybersecurity protection and can be used to establish blocking.

Most phishing attempts come by email, but the alert provides observations from the NCSC of attempts to carry out phishing by other means, including text messaging.   The example was a series of text messaging using a UK government-themed lure to harvest email, address, name, and banking information.   The links go directly to the phishing site displayed in the second graphic.

Microsoft is also reporting a major phishing campaign targeting Office 365.  The bad actors advertise financial relief for people affected by the virus and created a fake Office 365 sign-in page in an attempt to scoop up passwords.   According to Microsoft, in 24 hours of monitoring of that particular campaign, it caught roughly 2,300 malicious attachments claiming to contain information about relief payments.  These exploits demonstrate the critical importance of multi-factor authentication across your workforce.

As we recently advised (here, here, and here), it is important to communicate with remote employees regarding these types of phishing attempts to protect your corporate network --- and to protect your employees.