NCSC and CISA warn of ongoing coronavirus cyber threat

Spear-phishing emails from cyber crooks claim to provide information on Covid-19 from official sources

Top cyber security agencies of the UK and US have issued a joint alert to warn people that hackers are currently attempting to exploit the Covid-19 pandemic for their personal gain.

In the alert, the UK's National Cyber Security Centre (NCSC) and the Cybersecurity and Infrastructure Agency (CISA) at the US Department of Homeland Security said that cyber crooks and advanced persistent threat (APT) groups are currently using a range of malware and ransomware to target individuals as well as businesses across the UK, US and other countries.

While the number of overall attacks hasn't gone up, there has been a noticeable spike in cyber campaigns looking to exploit Covid-19 as part of their attacks.

The agencies have seen examples of scams including spear-phishing emails that appeared to come from the official email account of the director-general of the World Health Organisation (WHO).

Hackers are also sending SMS messages that claim to contain links to advice from medical organisations or offer free face masks, thermometers and other equipment to fight the outbreak.

Many phishing emails and SMS message claims to provide information about new coronavirus cases in the area of the victim.

The primary purpose of these malicious files or links is to install malware on victim's system in order to harvest personal details, such as their account credentials or bank details.

An increase in the number of people working from home has also increased the use of potentially vulnerable services, such as video conferencing tools and VPNs. This has increased the risk for individuals and organisations as criminals look to take advantage of the situation.

NCSC and CISA have released a database of malicious websites that claim to provide valuable information to people concerned about the Covid-19 outbreak. Examples of such malicious websites include covid19designermasks[.]com, covid19-ventilator[.]com, and covid-19finance[.]co[.]uk.

The security agencies have advised people to remain vigilant during this period of outbreak and to use only trusted sources when seeking information on Covid-19, such as UK Government, NHS or Public Health England websites.

"You should remain alert to increased activity relating to Covid-19 and take proactive steps to protect yourself and your organisation," they said.