The recent surge in coronavirus-based cybercrime has gotten so serious that security officials from the US and UK have issued a joint advisory warning that they're currently tracking over 2,500 coronavirus-themed threats.
The UK National Cyber Security Centre (NCSC) and the Department of Homeland Security (DHS) have compiled a database of malicious websites and email addresses that are using the coronavirus outbreak as a lure to trick users into falling for a variety of scams online.
In their advisory (opens in new tab), the agencies also warned about a rise in video conferencing hijacking or zomb-bombing as well as phishing emails which include malicious files. They have even detected hackers scanning for vulnerabilities in VPN software and other remote working tools from companies such as Citrix, Pulse Secure, Fortinet and Palo Alto.
- Domain name registrar suspends 600 suspicious coronavirus websites
- Your VPN could be putting working from home at risk
- Hackers are spreading malware through coronavirus maps
Assistant director for cybersecurity at the DHS Cybersecurity and Infrastructure Security Agency, Bryan Ware stressed the need for people to remain vigilant during these trying times, saying:
“We urge everyone to remain vigilant to these threats, be on the lookout for suspicious emails and look to trusted sources for information and updates regarding COVID-19. We are all in this together and collectively we can help defend against these threats.”
Malicious websites and emails
The database of malicious websites will be continually updated by both agencies and you can find it under the Indicators of Compromise section in the DHS warning (opens in new tab).
The sites listed in the database appear to offer information or products that would appeal to those who are concerned about the ongoing pandemic. Some examples from the list include covid19-ventilator.com, covid19designermasks.com and covid-19finance.co.uk.
Many of the email addresses in the database appear to come from official bodies such as the WHO. Some examples include email@example.com and firstname.lastname@example.org.
The NCSC recommends that all uses look out for emails that claim to be from someone official, are overly emotional, offer something that is currently in short supply such as masks or require recipients to respond within a certain time frame.
- We've also highlighted the best antivirus software
Via Forbes (opens in new tab)