Covid-19 related security attacks have taken a number of forms, including credential phishing, malicious attachments and links, business email compromise, fake landing pages, downloaders, spam, malware and ransomware strains and phone scams. In a time where most people are having to rely on e-commerce, people have fallen victim to online shopping scams and fake cloned pages, where they have ordered protective face masks, hand sanitisers and other products that are never delivered. Cyber criminals have gone as far as impersonating the World Health Organization and even the U.S. Centers for Disease Control and Prevention. Further, cases have been reported of criminals posing as neighbors, health care professionals and even council officials, stealing bank information from the elderly under the pretence of helping them.
Amidst all of this, there is growing concern for the essential services sector, which needs to seamlessly function even through lockdowns. A number of deeply disturbing campaigns have emerged that appear to be targeting critical health care, manufacturing and pharmaceutical industries. Security companies have even observed a campaign originating from 'advanced persistent threat' group TA505 (considered to be one of the more significant financially motivated threat actors currently operating) using coronavirus loads in a downloader campaign. Downloaders are particularly dangerous threats because once they have been delivered and installed, they can download additional types of malware. Other campaigns reported include emails offering coronavirus cures or vaccines in exchange for payment.
Mindful of the dire consequences of security attacks, the European Union Agency for Cybersecurity (ENISA) has published a report advising operators of essential services as well as digital service providers on the process of identifying appropriate security measures based on the provisions of the General Data Protection Regulation (GDPR) and, importantly, the Network and Information Security Directive (NISD). This is in addition to the guidance ENISA has previously published to support the NISD, which identified various measures that operators of essential services and digital service providers should undertake. Some of these measures include establishing and maintaining a sound information security policy, assigning security roles among staff, providing security training, establishing controls for accessing information and having appropriate incident handling and disaster recovery procedures. ENISA has even developed a tool that maps security measures for operators of essential services to international standards, available through an online platform dedicated to such operators.