Skip to main content
close search
site logo

Coronavirus-related cyberattacks are like a kicked 'hornet's nest'

McAfee detected malware disguised as apps for body temperature checks or other functions. Accenture found 16,000 coronavirus-related domains.

Published May 12, 2020
Samantha Schwartz's headshot
Samantha Schwartz Reporter
CIO Dive

First published on

CIO Dive

After spending the better part of three months in lockdown, the U.S. is reopening. Workers returning to offices leave work-from-home security woes, well, at home.​ 

Across the threat landscape, any crisis is fair play for bad actors. The global scale of the coronavirus outbreak is a unique opportunity for attackers because anyone can be a target and everyone is vulnerable. 

"That's not something that happens very often … Everything from hacktivism all the way through criminal espionage are all exploiting the same subject," Jen Miller-Osborn, deputy director of Threat Intelligence for Palo Alto Networks' Unit 42, told CIO Dive. 

In January, McAfee began detecting pieces of mobile malware, disguised as apps for body temperature checks or other functions. The cyberthreats began to broaden, "it's like we've kicked over a hornet's nest," Raj Samani, chief scientist at McAfee, told CIO Dive.

Explicit COVID-19-related cyberattacks surface daily in an unmatched volume of threats. Other cyberattacks exploit the circumstances related to the outbreak, namely people logging on from unsecure devices.​

"The reality is, most of the attacks, most security software will stop," said Samani. However, a lot of attacks are "hiding in plain sight" in fragmented threats indirectly related to coronavirus. 

Cyberattacks happen at home

Businesses with a remote workforce need more awareness for traditionally consumer-targeted threats. People are tempted to click on corrupt links about the pandemics "because it's a current source of anxiety and people are desperate for information about it," said Miller-Osborn. 

Employees might be fooled by attacks on their internet service providers, streaming services, or websites disguised as aids for small business loans. Those attacks are a direct threat to enterprise security. 

Work-from-home "conditions shift the information security focus from enterprise infrastructure to cloud and virtualized infrastructure of these new, potentially insecure conditions," Howard Marshall, managing director and global cyber threat intelligence lead at Accenture, told CIO Dive. 

What's unique now is companies face traditional hacker trickery aimed at a larger remote staff.​

McAfee found Microsoft Remote Desktop Protocol (RDP) ports exposed to the internet "makes it particularly interesting for attackers." Access to an RDP box can grants an attacker scope of an entire network, leaving room for any type of cyber foul play. 

Between January and March, internet-exposed RDP ports have increased from 3 million to 4.5 million, with the most belonging to the U.S. The most vulnerable systems are running Windows Servers. 

Open RDP ports allow hackers to abuse systems in a number of ways, including stealing credentials. "RDP is a very, very common tactic for some of these ransomware developers to go after organizations," said Samani. The most common password for RDP credentials, as it turns out, is no password. 

Back to basics

Coronavirus cyberattacks put organizations on high alert, it still comes back to the basics. The number of attacks have increased, but "we haven't seen the technical level kind of scale," with it said Miller-Osborn. 

There's been a "huge uptick" in bad actors breaching organizations' Office 365 web access because they're left open and everyone is home, Ronald Plesco, principal of Cyber Response Services at KPMG, told CIO Dive. The intrusion could allow hackers to read executives' procurement emails, "figuring out how they do wire transfer in Bill Pay [and] payroll." Multifactor authentication could stop that. 

Distribution of malicious software or viruses via web domains is spiking. Accenture found 16,000 coronavirus-related domains made since January. The threat of the domains is minimal, though they are "suspected to support" criminal activity, said Marshall. 

Key words associated with the coronavirus are mixed in with phony sites and phishing campaigns. Campaigns with luring mechanisms are delivering malware, including keyloggers, banking Trojans, and remote administration tools, said Marshall. 

Since March, McAfee found an increase in malware families Fareit, Trickbot, Emotet, Azorult, and COVID-19 related ransomware. NanoCore RAT, NetWalker and Hancitor increased their presence primarily in April. 

Other major vulnerabilities that weren't commonly exploited in the office are now targets for everyone at home. "From an enterprise standpoint, it's with the hardware and software that permits the VPN to get it using the home user," said Plesco. 

By removing the office setting, VPN vulnerabilities are a minefield to navigate. The major players in VPN hardware or software — Citrix, Pulse Secure, Fortinet, Palo Alto Networks — "it's not like there's a problem with them, it's with the companies that haven't done the patches," according to Plesco. 

Manufacturing, in particular, is "always behind from an enterprise security standpoint," said Plesco. For optimal personnel, societal or human impact, bad actors are targeting the supply chain of food or medical distributors or manufacturers

It's not necessarily manufacturers' lag in security that makes them a target — it's their relationship with consumers. Threat actors know certain manufacturers will pay the ransom because they don't want a cyberattack publicly disclosed.  

"There's nothing that I would say, 'we've not seen that before,'" said Samani. It's "just the sheer volume of just everything under the sun."

Recommended Reading

Editors' picks

  • Aerial view of white bullet train in motion.
    Image attribution tooltip

    Kyodo/AP

    Image attribution tooltip
    Deep Dive

    Is US high-speed rail finally on a roll?

    With two projects underway, business, labor and government leaders see the dawn of a new industry that “could be a very important part of the U.S. economy,” said Transportation Secretary Pete Buttigieg.

    By Dan Zukowski and Shaun Lucas • Oct. 30, 2024
  • A street lined with trees, cars and manufactured homes
    Image attribution tooltip
    eyecrave productions via Getty Images
    Image attribution tooltip

    What does it take to decarbonize a manufactured home community?

    A community-scale retrofit project in Colorado offers a path toward lowering power bills for a population that faces high levels of energy insecurity.

    By Leslie Nemo • Oct. 18, 2024

Company Announcements

View all | Post a press release
How Local Governments Can Leverage Smart City Indicators to Enhance Urban Competitiveness
From Market Intelligence & Consulting Institute(MIC)
November 20, 2024

Want to share a company announcement with your peers?

Get started

Editors' picks
  • Aerial view of white bullet train in motion.
    Image attribution tooltip

    Kyodo/AP

    Image attribution tooltip
    Deep Dive

    Is US high-speed rail finally on a roll?

    With two projects underway, business, labor and government leaders see the dawn of a new industry that “could be a very important part of the U.S. economy,” said Transportation Secretary Pete Buttigieg.

    By Dan Zukowski and Shaun Lucas • Oct. 30, 2024
  • A street lined with trees, cars and manufactured homes
    Image attribution tooltip
    eyecrave productions via Getty Images
    Image attribution tooltip

    What does it take to decarbonize a manufactured home community?

    A community-scale retrofit project in Colorado offers a path toward lowering power bills for a population that faces high levels of energy insecurity.

    By Leslie Nemo • Oct. 18, 2024
Latest in Climate & Resilience
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell