Cyber Guidance amid Covid-19

ESF-17 COVID-19 Guidance.docx

Themed Cyber Attacks

In addition to the health concerns and significant disruption to businesses we are experiencing, there is an increase in phishing and malware campaigns exploiting the COVID-19 pandemic.  Some examples include:

  • The most common type of attack is credential phishing through email that looks legitimate
  • Business email compromise cybercrime exploiting COVID-19; this campaign states that they are changing their banking details in response to COVID-19 and asks for payments to new account
  • Advanced Persistent Threat (APT) groups distributing malware through coronavirus themed documents
  • Several hospitals and other organizations having organizational emails spoofing the hospital’s/organization’s IT team, inviting staff to register with their user account details for a ‘Corona Virus Awareness Seminar”
  • Coordinated DDOS attacks disrupting access to information on websites

Emergency Support Function-17 (ESF-17) assesses that criminal cyber threat actors will attempt to gain access through indiscriminate phishing campaigns leading to compromised website or weaponized documents.  They will exploit successful access for financial gain through blackmail, ransomware or payment redirection fraud. 


Key Steps to Prevent Misinformation

While COVID-19 continues to spread, so does disinformation surrounding the virus and national/state/local responses. The COVID-19 pandemic has likely spurred state actors to launch disinformation campaigns according to the U.S. Department of State.[i]  There have also been multiple text and social media messages designed to insight fear and panic in recent days and weeks.  One of the more common messages cited the Stafford Act as the legal authority to implement martial law and national lockdown – all of which are untrue.  The World Health Organization (WHO) is working with Facebook, Twitter, and other social media outlets to combat misinformation during this pandemic.

  • Take the time to research before sharing
  • Do not spread misinformation about prevention or cures
  • Beware of posts that traffic in fear
  • Don’t trust everything you see online


Recommendations & General Advice 

The Cybersecurity and Infrastructure Security Agency (CISA) and ESF-17 both encourage individuals to guard against COVID-19-related phishing attacks and disinformation campaigns by taking the following precautions:

  • Avoid clicking on links in unsolicited emails and be wary of email attachments
  • Do not reveal personal or financial information in emails, and do not respond to email solicitations for this information
  • Use trusted sources – such as legitimate, government websites – for up-to-date, fact-based information about COVID-19
  • Verify a charity’s authenticity before making donations by reviewing the Federal Trade Commission (FTC) Charity Scams page


Additional physical security and data protection best practices should also be implemented:

  • Ensure home router, firewall, WiFi default passwords have been changed to strong passwords
  • Update firmware and software on home network equipment used to connect back to work through VPN
  • Store sensitive or confidential information on encrypted media provided by your organization
  • Ensure confidential paper documents are properly disposed of (e.g. shredding)
  • Always lock your computer when leaving it unattended
  • Always comply with your organizations policies and procedures to protect specific high-risk data elements regulated by HIPPA, IRS, PCI, etc.
  • Validate you are running anti-malware/anti-virus software on work and personal computers