Top cyber security agencies of the UK and US have issued a joint alert to warn people that hackers are currently attempting to exploit the Covid-19 pandemic for their personal gain.
In the alert, the UK's National Cyber Security Centre (NCSC) and the Cybersecurity and Infrastructure Agency (CISA) at the US Department of Homeland Security said that cyber crooks and advanced persistent threat (APT) groups are currently using a range of malware and ransomware to target individuals as well as businesses across the UK, US and other countries.
While the number of overall attacks hasn't gone up, there has been a noticeable spike in cyber campaigns looking to exploit Covid-19 as part of their attacks.
The agencies have seen examples of scams including spear-phishing emails that appeared to come from the official email account of the director-general of the World Health Organisation (WHO).
Hackers are also sending SMS messages that claim to contain links to advice from medical organisations or offer free face masks, thermometers and other equipment to fight the outbreak.
Many phishing emails and SMS message claims to provide information about new coronavirus cases in the area of the victim.
The primary purpose of these malicious files or links is to install malware on victim's system in order to harvest personal details, such as their account credentials or bank details.
An increase in the number of people working from home has also increased the use of potentially vulnerable services, such as video conferencing tools and VPNs. This has increased the risk for individuals and organisations as criminals look to take advantage of the situation.
NCSC and CISA have released a database of malicious websites that claim to provide valuable information to people concerned about the Covid-19 outbreak. Examples of such malicious websites include covid19designermasks[.]com, covid19-ventilator[.]com, and covid-19finance[.]co[.]uk.
The security agencies have advised people to remain vigilant during this period of outbreak and to use only trusted sources when seeking information on Covid-19, such as UK Government, NHS or Public Health England websites.
"You should remain alert to increased activity relating to Covid-19 and take proactive steps to protect yourself and your organisation," they said.
Just 17 per cent of all internet-facing Microsoft Exchange servers are patched against CVE-2020-0688 vulnerability
More than 31,000 Exchange 2010 servers have received no update since 2012
The tool which comes preinstalled on all brand-new HP notebooks and desktops could allow an attacker to escalate local privilege on vulnerable Windows systems
Two zero-day flaws in Zoom could enable threat actors to access webcam and microphone on MacOS system
Zoom is currently the most popular app on both the Play Store and App Store but privacy and security concerns are rising
We must all prepare for the end of public key encryption as we know it
North Korea-linked Geumseong121 APT group is sending spear-phishing emails to target people interested in North Korean refugees
Fifty malicious domains belonging to the group were seized by Microsoft in December