Updated April, 14, 2020
The world has changed dramatically over the last few months. At the end of 2019, almost no one knew that SARS-CoV-2 existed. Now the virus has spread to almost every country, infecting at least 1M people that we know about, and many more that we do not.
Thinking about the pandemic, I reflected on the family-like culture and deep teamwork that characterizes Nozomi Networks. I see the world in the same way: one single team fighting for the same result.
All of us have a role, and all roles are equally important. Everyone can make a difference by using their strongest skills to help address the tremendous threat posed by the coronavirus.
Furthermore, over the last week I’ve talked with many of you who are working hard in your organization. You’re striving to maintain, and if possible, increase the cybersecurity level that you’ve achieved through years of effort.
To assist our customers, and the world in general, tackle new cyber threats that are capitalizing on coronavirus fear, uncertainty and doubt, Nozomi Networks is taking action to help. We’re providing free training, threat intelligence and community tools to facilitate ongoing high levels of OT and IoT security.
While the world is focused the COVID-19 pandemic, nation-state and other threat actors are capitalizing by orchestrating new cyberattacks.
Coronavirus-Themed Malware Attacks
Let’s look at how the pandemic has rapidly changed the threat landscape. One example is the recently released warning issued by the World Health Organization (WHO) about phishing campaigns impersonating WHO officials. The threat actor’s goal was to compromise readers by asking them to click on malicious links or open malicious attachments.
Targeting of healthcare institutions has also increased. For example, a medical facility involved in performing medical trials on COVID-19 vaccines was recently hit by the Maze ransomware. While the organization’s computer systems were quickly restored without affecting operations or succumbing to the threat actor’s demands, some patient information was exfiltrated and leaked online.
Furthermore, cyber criminals have begun selling COVID-19-themed phishing kits to those looking for easy ways to infect users. For example, a replica of the Johns Hopkins University coronavirus tracking map was modified by attackers to contain malware. Various nation-states have also started using similar techniques to increase the effectiveness of their attack campaigns and further their goals of stealing sensitive information and intellectual property.
As working from home becomes the norm for millions of people, less diligent security practices could potentially put a company’s confidential data at risk.
Remote Work Environments and Added Stress Create Security Gaps
To contain the pandemic and “flatten the curve”, millions of people around the world have suddenly become work-from-home employees. Outside of the normal IT environment, a single mistake by an employee could potentially jeopardize a company’s data. During stressful situations, team members might simply be less dilligent about security practices, and therefore more susceptible to attacks.
While the COVID-19 crisis deepens throughout the world, threat actors will continue to look for new ways to exploit human nature for their own gain. It has never been more important to train employees on how to properly identify social engineering and spear phishing attempts, and review OT and IoT security practices to ensure you’re able to proactively identify anomalies, and detect and respond to attacks.
Coronavirus OT and IoT Security Training and Tools
To play our role in the fight against the pandemic, we’re providing free training, threat intelligence and community tools that specifically address COVID-19 security threats.
Threat Defense Training and Q&A | We’re offering a series of video broadcasts where our top technical people will provide training and tips on fighting new pandemic-related threats. These sessions will include a live Q&A. Register for the first two, at the end of this blog. |
Threat Intelligence | We’ve created a new webpage and new GitHub downloads that provide Indicators of Compromise (IOCs), rules, and other information for COVID-19 related cybersecurity threats. These resources will be continuously updated with new information. |
Community Tools | Our free Guardian Community Edition uses passive network monitoring to provide visibility to OT and IoT assets. It’s a good starting point for improving cybersecurity for critical systems. GCE supports assertions (queries) that check for COVID-19 related IOCs in your network, such as communication with malicious IP addresses and URLs. It also helps with remote access security monitoring using assertions that check the number of simultaneous remote connections and generating alerts if the number surpasses a threshold. |
For our customers, the Nozomi Networks Threat Intelligence service is working with our Guardian solution to quickly detect and respond to emerging COVID-19 inspired and many other threats. We have recently added many IOCs and assertions, and will continue to do so.
OT and IoT Security Can Be Improved Despite the Coronavirus
As the COVID-19 crisis deepens throughout the world, threat actors will continue to look for new ways to exploit human nature for their own gain. It has never been more important to:
- Rapidly detect and respond to threats
- Train employees on how to properly identify social engineering and spear phishing attempts
- Review your OT and IoT security practices to ensure you’re able to proactively identify anomalies
I sincerely hope that the COVID-19 security information and tools we’re providing make it easier for you to ensure your organization has high cyber resiliency.
Related Live Events
RECORDED LIVE EVENT
“The Emerging Threat Intel Landscape: How Hackers Are Using COVID-19”
Recorded on Thursday April 9, 2020 11:00 EDT | 30 Minutes
Learn about:
- The COVID-19 cyber threat landscape
- Techniques used by threat actors to perform attacks
- Sectors targeted by phishing campaigns
- Free threat intel downloads
Information sharing and Q&A with:
- Andrea Carcano, Chief Product Officer
- Alessandro Di Pinto, Security Research Manager
- Chris Grove, Product Evangelist
LIVE EVENT
“Remote Access Monitoring – What to Watch Out for During the COVID-19 Pandemic”
Thursday April 16, 2020 11:00 EDT | 30 Minutes
Attend this event to learn about:
- What to watch out for when securing remote access
- The importance of asset visibility
- Free tools and rules to check remote access details
Information sharing and Q&A with:
- Andrea Carcano, Chief Product Officer
- Chris Grove, Product Evangelist
(Can’t make it? Sign-up to receive the link to the recording.)
Related Links
Nozomi Networks COVID-19 Security Threat Intel and Community Tools
- Webpage: COVID-19 Malware: Community Support
- GitHub: COVID-19-Themed Network Indicators
- GitHub: Yara rules for detecting coronavirus ransomware
- GitHub: Yara rules for detecting COVID-19 Informer malware
- Blog: Mitigating the Potential Impact of COVID-19-Related OT Security Risks
COVID-19 Cyber Threat Landscape
- Teiss.co.uk: COVID-19 Related Phishing Attacks Grew by 600% Worldwide
- Forbes.com: Coronavirus Scam Alert: COVID-19 Map Malware Can Spy On You Through Your Android Microphone and Camera
- ZDnet.com: There’s now COVID-19 malware that will wipe your PC and rewrite your MBR
- Bleepingcomputer.com: Banking Malware Spreading via COVID-19 Relief Payment Phishing
Nozomi Networks Solution
- Webpage: Guardian Community Edition
- Webpage: Nozomi Networks Solution Overview
- Webpage: Nozomi Networks Guardian
- Webpage: Threat Intelligence
Co-Founder and Chief Product Officer
Andrea Carcano is an expert it in OT and IoT security. He collaborates with security, OT and IT teams at dozens of large organizations around the world and understands the challenges they face in addressing escalating cyber risks. Andrea leads a team of people that are defining innovative cyber security solutions for OT and IoT networks. He has a Ph.D. in Computer Science focused on critical infrastructure.