Covid-19-CTI

A collection of Covid-19 related threat intelligence and related resources. Please send resources to [email protected] or submit a pull request.

• IOC Sources
• Incidents
• Intelligence Reports and Updates
• Remote Working & Conferencing Software
• Cybersecurity Reports

Please note, we have removed most media reporting unless it adds specific threat information or insight in addition to the resources above. Simarly we have ignored resources that do not add specific insight or original content. Where resources are behind a registration page this is indicated.

IOC Sources

• Cyber Threat Coalition. https://blacklist.cyberthreatcoalition.org/ and join Slack at https://covid19cybert-qvl7792.slack.com/join/shared_invite/zt-cyt9l8z9-wojJ6lHvlLKbWU0GnoUfXQ, OTX group at https://otx.alienvault.com/group/840/pulses.
• Domaintools - Domains with high risk scores. https://www.domaintools.com/resources/blog/free-covid-19-threat-list-domain-risk-assessments-for-coronavirus-threats (NB: Behind registration form).
• List of domains with Covid-19 related keywords. https://www.malwarepatrol.net/coronavirus-covid-19-online-scams-data/
• Covid-19 Host Reputation feed. https://cv-feed.pocnroll.com/
• ThreatConnect Dashboards and Playbooks. https://threatconnect.com/blog/playbook-fridays-covid-19-dashboard-metrics-and-search/
• Joe Tidy - Phishing Scams Search. https://coronavirusphishing.com/
• APKLab - App Malware samples and domain list (clean and malicious). https://www.apklab.io/covid19
• Cofense - Coronavirus Phishing. https://cofense.com/solutions/topic/coronavirus-infocenter/
• List of IOCs (Hashes, domains, IPs) used in COVID-19 attacks https://github.com/parthdmaniar/coronavirus-covid-19-SARS-CoV-2-IoCs/blob/master/All%20IOCs
• CyberReason - Various IOCs. https://www.cybereason.com/hubfs/Indicators%20of%20Compromise/Coronavirus-Themed%20Malware%20IOCs.pdf
• Sophos - Various IOCs. https://github.com/sophoslabs/covid-iocs
• MISP-Project - Covid-19 dedicated MISP. https://covid-19.iglocska.eu/. For access, send a DM to https://twitter.com/MISPProject
• MalwareHunterTeam (Twitter). https://twitter.com/malwrhunterteam and others such as Targetting of Ukraine Center for Public Health https://twitter.com/malwrhunterteam/status/1231239497666482177
• Parth D. Maniar. Covid IOCs. https://github.com/parthdmaniar/coronavirus-covid-19-SARS-CoV-2-IoCs
• Bloomver. Covid IOCs. https://github.com/Bloomvertech/covid-iocs
• Thugcrowd. COVID-19 Real Time Scam Hunter https://thugcrowd.com/covid-19/
• SANS. Covid Domain Classifier. https://isc.sans.edu/covidclassifier.html
• Managed Sentinel. COVID-19 Indicators of Compromise and Azure Sentinel Alerts https://www.managedsentinel.com/2020/03/27/azure-sentinel-covid-19-alerts-and-iocs/
• Proofpoint. Practitioners Update: Free COVID-19 Related IDS Rules https://www.proofpoint.com/us/threat-insight/post/practitioners-update-free-covid-19-related-ids-rules
• SOCPrime. SOC PRIME PROVIDES HEALTHCARE ORGANIZATIONS WITH FREE SIEM CONTENT FOR COVID19 PHISHING ATTACKS DETECTION https://socprime.com/blog/soc-prime-provides-healthcare-organizations-with-free-siem-content-for-covid19-phishing-attacks-detection/
• North Dakota Response. COVID-19 Cyber Threats https://ndresponse.gov/covid-19-resources/covid-19-cyber-threats

Incidents

• 02 April 2020. Forbes/Davey Winder. Cyber Attack Disrupts COVID-19 Payouts: Hackers Take Down Italian Social Security Site https://www.forbes.com/sites/daveywinder/2020/04/02/covid-19-payouts-disrupted-as-heartless-hackers-attack-italian-crisis-benefits-site/#300531c15f10
• 02 April 2020. RedDrip Team HWP document containing COVID-19 contents possibly utilized by Lazarus Group to attack South Korea. A backdoor gets dropped out to perform remote control. https://twitter.com/reddrip7/status/1245557988401623040
• 26 March 2020. Telsy. CYBERCRIMINALS TROJANIZED ORGINAL SM COVID-19 AWARENESS ANDROID APP TO TARGET ITALY. https://blog.telsy.com/cybercriminals-trojanized-orginal-sm-covid-19-awareness-android-app-to-target-italy/
• 24 March 2020. Computing. Spanish hospitals targeted with coronavirus-themed phishing lures in Netwalker ransomware attacks. https://www.computing.co.uk/news/4012969/hospitals-coronavirus-ransomware
• 23 March 2020. Forbes/Davey Winder. COVID-19 Vaccine Test Center Hit By Cyber Attack, Stolen Data Posted Online. https://www.forbes.com/sites/daveywinder/2020/03/23/covid-19-vaccine-test-center-hit-by-cyber-attack-stolen-data-posted-online/#3b5f1f5918e5
• 23 March 2020. Bleeping Computer. Hackers Hijack Routers’ DNS to Spread Malicious COVID-19 Apps. https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
• 23 March 2020 HHS.gov Open Redirect Used by Coronavirus Phishing to Spread Malware https://www.bleepingcomputer.com/news/security/hhsgov-open-redirect-used-by-coronavirus-phishing-to-spread-malware/
• 23 March 2020 Hackers Hijack Routers’ DNS to Spread Malicious COVID-19 Apps https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
• 23 March 2020. Ransomware gang breaks promise not to target medical organizations during coronavirus outbreak. techspot.com/news/84501-ransomware-gang-breaks-promise-not-target-medical-organizations.html
• 20 March 2020. UK Middlesbrough Local Council targeted with COV_19-themed emails https://www.bbc.co.uk/news/uk-england-tees-51980150
• 18 March 2020. Zloader/SILENTNIGHT banking trojan distributed with COVID-19 compensation scheme lure https://www.fireeye.com/blog/threat-research/2020/03/stimulus-bill-social-engineering-covid-19-financial-compensation-schemes.html
• 18 March 2020. Health Services Journal (HSJ). Covid-19 response forces halt to NHS cyber security checks https://www.hsj.co.uk/technology-and-innovation/covid-19-response-forces-halt-to-nhs-cyber-security-checks/7027166.article
• 14 March 2020 BlackWater Malware Abuses Cloudflare Workers for C2 Communication. https://www.bleepingcomputer.com/news/security/blackwater-malware-abuses-cloudflare-workers-for-c2-communication/
• 13 March 2020 Czech Covid-19 testing hospital hit with Ransomware. https://brnodaily.com/2020/03/13/news/serious-cyber-attack-targets-brno-university-hospital/
• 13 March 2020. Phishing campaign targeting World Health Organisation using typosquatted domain https://www.reuters.com/article/us-health-coronavirus-who-hack-exclusive-idUSKBN21A3BN
• 11 March 2020 Champaign-Urbana Public Health District website held hostage by ransomware (Netwalker) attack https://www.news-gazette.com/news/local/health-care/c-u-public-health-district-s-website-held-hostage-by/article_2dadedcd-aadb-5cb1-8740-8bd9e8800e27.html
• 09 March 2020 COVID-19, Info Stealer & the Map of Threats. https://blog.reasonsecurity.com/2020/03/09/covid-19-info-stealer-the-map-of-threats-threat-analysis-report/
• 04 March 2020 Trickbot campaign targets Coronavirus fears in Italy https://news.sophos.com/en-us/2020/03/04/trickbot-campaign-targets-coronavirus-fears-in-italy/
• 08 March 2020 Mobile Coronavirus Tracking App Coughs Up Ransomware. https://www.domaintools.com/resources/blog/covidlock-mobile-coronavirus-tracking-app-coughs-up-ransomware#

Intelligence Reports and Updates

• RiskIQ Covid-19 daily update. https://www.riskiq.com/blog/analyst/covid19-daily-update/
• Silobreaker. Covid-19 Threat Daily Update. https://www.silobreaker.com/tag/covid19-threat-digest/.
• Fraud Watch International. Covid-19 Online Scams. https://fraudwatchinternational.com/covid19/
• KPN Security Research Team https://github.com/KPN-SRT/covid19_cyber_threats
• 5 April 2020. Webhose. How Dark Web Criminals are Taking Advantage of the COVID-19 Crisis https://webhose.io/blog/dark-web/dark-web-criminals-take-advantage-covid19-crisis/
• 4 April 2020. Cybercriminals targeting critical healthcare institutions with ransomware https://www.interpol.int/en/News-and-Events/News/2020/Cybercriminals-targeting-critical-healthcare-institutions-with-ransomware
• 3 April 2020. Europol. CATCHING THE VIRUS CYBERCRIME, DISINFORMATION AND THE COVID-19 PANDEMIC. https://www.europol.europa.eu/publications-documents/catching-virus-cybercrime-disinformation-and-covid-19-pandemic
• 2 April 2020. Fortinet. Latest Global COVID-19/Coronavirus Spearphishing Campaign Drops Infostealer https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html
• 2 April 2020. TrendMicro. Developing Story: COVID-19 Used in Malicious Campaigns https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/coronavirus-used-in-spam-malware-file-names-and-malicious-domains
• 2 April 2020. MDR Cyber. COVID-19: Cyber Security Update – 2 April https://www.mishcon.com/news/covid-19-cyber-security-update-2-april
• 2 April 2020. Checkpoint. Coronavirus update: In the cyber world, the graph has yet to flatten. https://blog.checkpoint.com/2020/04/02/coronavirus-update-in-the-cyber-world-the-graph-has-yet-to-flatten/
• 2 April 2020. IRS. IRS issues warning about Coronavirus-related scams; watch out for schemes tied to economic impact payments https://www.irs.gov/newsroom/irs-issues-warning-about-coronavirus-related-scams-watch-out-for-schemes-tied-to-economic-impact-payments
• 2 April 2020. Phishlabs. COVID-19 Phishing Update: Infected Coworker Email Targets Enterprise O365 Credentials
• 2 April 2020. Akamai. THREAT ACTORS RECYCLING PHISHING KITS IN NEW CORONAVIRUS (COVID-19) CAMPAIGNS. https://blogs.akamai.com/sitr/2020/04/threat-actors-recycling-phishing-kits-in-new-coronavirus-covid-19-campaigns.html
• 2 April 2020. Wardialing Zoom tool automates finding open rooms https://krebsonsecurity.com/2020/04/war-dialing-tool-exposes-zooms-password-problems/
• 2 April 2020. OODALoop. Zoom zero days https://www.oodaloop.com/briefs/2020/04/02/two-zoom-zero-day-flaws-uncovered/
• 1 April 2020. Proofpoint. Coronavirus/COVID-19 Payment Lures on the Rise. https://www.proofpoint.com/us/threat-insight/post/coronaviruscovid-19-payment-lures-rise
• 1 April 2020. DXC.Technology. Threat Intelligence Report https://assets1.dxc.technology/security/downloads/DXC-Threat_Intelligence_Report_-_April_2020.pdf
• 1 April 2020. Nokia. A growing cyber threat linked to COVID-19. https://onestore.nokia.com/asset/207324
• 1 April 2020. Microsoft. Microsoft works with healthcare organizations to protect from popular ransomware during COVID-19 crisis: Here’s what to do https://www.microsoft.com/security/blog/2020/04/01/microsoft-works-with-healthcare-organizations-to-protect-from-popular-ransomware-during-covid-19-crisis-heres-what-to-do/
• 31 March 2020. Trustwave. COVID-19 Malspam Activity Ramps Up. https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/covid-19-malspam-activity-ramps-up/
• 31 March 2020. Sophos. Sexortion threatening infection with Coronavirus https://nakedsecurity.sophos.com/2020/03/19/dirty-little-secret-extortion-email-threatens-to-give-your-family-coronavirus/
• 31 March 2020. Cyjax. COVID-19 Cyber Situation Update – 31 March https://www.cyjax.com/2020/03/31/covid-19-cyber-situation-update-31-march/
• 30 March 2020. ESET. COVID-19 scams and social engineering capitalize on rapid change. https://www.eset.com/blog/enterprise/covid-19-scams-and-social-engineering-capitalize-on-rapid-change/
• 30 March 2020. Checkpoint. COVID-19 Impact: Cyber Criminals Target Zoom Domains. https://blog.checkpoint.com/2020/03/30/covid-19-impact-cyber-criminals-target-zoom-domains/
• 30 March 2020. KnowB4. Email campaign claiming "you are infected" with Coronavirus https://blog.knowbe4.com/cyberheistnews-vol-10-14-dont-hit-the-panic-button-you-are-infected-bad-guys-launch-an-evil-new-corona-virus-attack
• 30 March 2020. Threatpost. Zeus Sphinx Banking Trojan Arises Amid COVID-19 https://threatpost.com/zeus-sphinx-banking-trojan-covid-19/154274/
• 30 March 2020. ElecticIQ. EclecticIQ Pandemic Intelligence Update - Week 14. https://blog.eclecticiq.com/covid-19/eclecticiq-pandemic-intelligence-update-week-14
• 30 March 2020. RecordedFuture. Chinese State Media Seeks to Influence International Perceptions of COVID-19 Pandemic https://www.recordedfuture.com/covid-19-chinese-media-influence/
• 30 March 2020. Flashpoint. COVID-19 Key Developments: March 21-27. https://www.flashpoint-intel.com/blog/covid-19-key-developments-march-21-27/
• 30 March 2020. Phishlabs. COVID-19 Phishing Update: Your Bank is Not Texting You About Coronavirus. https://info.phishlabs.com/blog/covid-19-phishing-update-your-bank-is-not-texting-you-about-coronavirus
• 27 March 2020. KnowBe4. https://blog.knowbe4.com/bad-guys-push-new-covid-19-message-you-are-infected. Bad Guys Push New COVID-19 Message: You Are Infected.
• 27 March 2020. Fireeye. Social Engineering Based on Stimulus Bill and COVID-19 Financial Compensation Schemes Expected to Grow in Coming Weeks. https://www.fireeye.com/blog/threat-research/2020/03/stimulus-bill-social-engineering-covid-19-financial-compensation-schemes.html
• 27 March 2020. Austrialian Cybersecurity Centre. Threat update: COVID-19 malicious cyber activity https://www.cyber.gov.au/threats/threat-update-covid-19-malicious-cyber-activity
• 27 March 2020. Europol. PANDEMIC PROFITEERING: HOW CRIMINALS EXPLOIT THE COVID-19 CRISIS. https://www.europol.europa.eu/publications-documents/pandemic-profiteering-how-criminals-exploit-covid-19-crisis
• 27 March 2020. Trend Micro. Developing Story: COVID-19 Used in Malicious Campaigns https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/coronavirus-used-in-spam-malware-file-names-and-malicious-domains
• 26 March 2020. Cisco TALOS. Threat Update: COVID-19 https://blog.talosintelligence.com/2020/03/covid-19-pandemic-threats.html
• 26 March 2020. Kaspersky. Coronavirus as a hook. https://www.kaspersky.com/blog/coronavirus-corporate-phishing/34445/
• 26 March 2020. KnowBe4. [HEADS UP] Cybercriminals Attempt to Exploit Stimulus Package for COVID-19. https://blog.knowbe4.com/heads-up-cybercriminals-attempt-to-exploit-stimulus-packages-for-covid-19
• 26 March 2020. Phishlabs. COVID-19 Phishing Update: Threat Actors Impersonating CDC, WHO https://info.phishlabs.com/blog/covid-19-phishing-update-threat-actors-target-cdc-who
• 26 March 2020. Digital Shadows. COVID-19: Companies and Verticals At Risk For Cyber Attacks https://www.digitalshadows.com/blog-and-research/covid-19-companies-and-verticals-at-risk-for-cyber-attacks/
• 26 March 2020. CERT NZ. Attackers using COVID-19 themed scams - updated alert. https://www.cert.govt.nz/individuals/alerts/attackers-using-covid-19-themed-scams-updated-alert/
• 26 March 2020. Malysian National Cyber Security Agency (NACSA). Advisory on Cyber Threat Using COVID-19 Outbreak As Theme. https://www.nacsa.gov.my/advisory2.php
• 26 March 2020. Chartered Trading Standards Institute. Scam Alert: New COVID-19 coronavirus text scam. https://www.tradingstandards.uk/news-policy/news-room/2020/scam-alert-new-covid-19-coronavirus-text-scam
• 26 March 2020. Cyberpeace Institute. How the COVID-19 Infodemic Accelerates Cyberattacks. https://cyberpeaceinstitute.org/blog/2020-03-26-the-covid-19-infodemic-and-malicious-cyber-activities
• 25 March 2020. World Economic Forum. How COVID-19 shows the urgent need to address the cyber poverty gap. https://www.weforum.org/agenda/2020/03/covid-19-pandemic-shows-the-urgency-for-addressing-the-cyber-poverty-gap/
• 25 March 2020. Mimecast. Unsafe Clicks From COVID-19-Themed Email Phishing Attacks Nearly Double In Recent Weeks; Mimecast Blocks Up To 5,000 URLs Related To The Coronavirus A Day. https://www.mimecast.com/blog/2020/03/coronavirus-phishing-attacks-speed-up-globally/
• 25 March 2020. CyberInt. COVID-19 Ongoing Cyber Updates https://blog.cyberint.com/covid-19-ongoing-cyber-updates
• 25 March 2020. Looking Glass Cyber. THREAT ACTORS EXPLOIT COVID-19 IN CYBER CRIME CAMPAIGNS https://www.lookingglasscyber.com/blog/threat-actors-exploit-covid-19-in-cyber-crime-campaigns/
• Silobreaker. Covid-19 Threat Daily Update. https://www.silobreaker.com/tag/covid19-threat-digest/.
• 25 March 2020. Kieren Nicolas. COVID-19 SECURITY ALERT - UK https://www.kierennicolas.com/blog/covid-19-security-alert-uk
• 25 March 2020. Yoroi. New Cyber Attack Campaign Leverages the COVID-19 Infodemic. https://yoroi.company/research/new-cyber-attack-campaign-leverages-the-covid-19-infodemic/
• 25 March 2020. Mimecast. WEBCAST RECAP: TUESDAY’S GLOBAL CYBER THREAT INTELLIGENCE WEEKLY BRIEFING https://www.mimecast.com/blog/2020/03/webcast-recap-global-cyber-threat-intelligence-weekly-briefing/
• 24 March 2020. Hot for Security/Graham Cluley. Free Netflix pass because of Coronavirus? It’s a scam. https://hotforsecurity.bitdefender.com/blog/free-netflix-pass-because-of-coronavirus-its-a-scam-22691.html
• 25 March 2020. MDR Cyber. Covid-19 Security Update. https://www.mishcon.com/news/covid-19-cyber-security-update-25-march
• 24 March 2020. Manchester Council. Coronavirus related fraud https://secure.manchester.gov.uk/info/500361/coronavirus/7928/coronavirus/17
• 24 March 2020. Lexology. COVID-19: Key EU And U.S. Cybersecurity Issues and Risk-Remediation Steps. COVID-19: Key EU And U.S. Cybersecurity Issues and Risk-Remediation Steps
• 24 March 2020. Sophos. Facing down the myriad threats tied to COVID-19 https://news.sophos.com/en-us/2020/03/24/covidmalware/
• 24 March 2020. Crowdstrike. Situational Awareness: Cyber Threats Heightened by COVID-19 and How to Protect Against Them. https://www.crowdstrike.com/blog/covid-19-cyber-threats/
• 24 March 2020. RUSI. How Covid-19 is Changing the Organised Crime Threat. https://rusi.org/commentary/how-covid-19-changing-organised-crime-threat
• 24 March 2020. Palo Alto Unit 42. Don’t Panic: COVID-19 Cyber Threats. https://unit42.paloaltonetworks.com/covid19-cyber-threats/
• 24 March 2020. Anomali. Anomali Aggregates Open Source Threat Intelligence to Fight COVID-19-themed Cyber Attacks. https://www.anomali.com/blog/anomali-aggregates-open-source-threat-intelligence-to-fight-covid-19-themed-cyber-attacks
• 24 March 2020. Ginp malware: "Coronavirus Finder" steals credit card information https://www.kaspersky.com/blog/ginp-trojan-coronavirus-finder/34338/
• March 23 2020. Exclusive: Elite hackers target WHO as coronavirus cyberattacks spike. https://www.reuters.com/article/us-health-coronavirus-who-hack-exclusive/exclusive-elite-hackers-target-who-as-coronavirus-cyberattacks-spike-idUSKBN21A3BN
• 23 March 2020. Securonix. COVID-19 Cyber Threat Update – March 23, 2020. https://www.securonix.com/securonix-covid-19-threat-update-march-23-2020/
• 23 March 2020. KnowBe4. [Heads-Up] Feeding Frenzy: COVID-19 Phishing Attacks Surge as U.S. Reels from Pandemic https://blog.knowbe4.com/heads-upfeeding-frenzy-covid-19-phishing-attacks-surge-as-u.s.-reels-from-pandemic
• 23 March 2020. Malwarebytes. Fake “Corona Antivirus” distributes BlackNET remote administration tool. https://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/
• 23 March 2020. Securonix. COVID-19 Cyber Threat Update – March 23, 2020 https://www.securonix.com/securonix-covid-19-threat-update-march-23-2020/
• 23 March 2020. Fake “Corona Antivirus” distributes BlackNET remote administration tool. https://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/
• 23 March 2020. Cyjax. COVID-19 Cyber Situation Report. https://www.cyjax.com/2020/03/23/covid-19-cyber-situation-report/
• 22 March 2020. US DOJ - US Justice Department issues enforcement action against fraud wesbite. https://www.justice.gov/opa/pr/justice-department-files-its-first-enforcement-action-against-covid-19-fraud
• 22 March 2020. Verint. HACKERS CONTINUE TO EXPLOIT THE COVID-19 PANDEMIC IN MALICIOUS CAMPAIGNS https://cis.verint.com/2020/03/22/hackers-continue-to-exploit-the-covid-19-pandemic-in-malicious-campaigns/
• 21 March 2020. Security Arrairs. New Coronavirus-themed attack uses fake WHO chief emails. https://securityaffairs.co/wordpress/100147/cyber-crime/who-coronavirus-themed-attack.html
• 20 March 2020. PwC. Managing the impact of COVID-19 on cyber security. https://www.pwc.co.uk/cyber-security/pdf/impact-of-covid-19-on-cyber-security.pdf
• 20 March 2020. New York asks domain registrars to crack down on sites used for coronavirus scams. https://www.zdnet.com/article/new-york-asks-domain-registrars-to-crack-down-on-sites-used-for-coronavirus-scams/
• 20 March 2020. FBI - FBI Sees Rise in Farud Schemes Related to the Coronavirus (COVID-19) Pandemic. https://www.ic3.gov/media/2020/200320.aspx
• 20 March 2020. Microsoft - Protecting against coronavirus themed phishing attacks. https://www.microsoft.com/security/blog/2020/03/20/protecting-against-coronavirus-themed-phishing-attacks/.
• 20 March 2020. SentinelOne - Threat Intel Update | Cyber Attacks Leveraging the COVID-19/CoronaVirus Pandemic. https://labs.sentinelone.com/threat-intel-update-cyber-attacks-leveraging-the-covid-19-coronavirus-pandemic/
• 20 March 2020. Trend Micro - Developing Story: Coronavirus Used in Malicious Campaigns. https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/coronavirus-used-in-spam-malware-file-names-and-malicious-domains
• 20 March 2020. Malware Bytes. Coronavirus scams, found and explained https://blog.malwarebytes.com/scams/2020/03/coronavirus-scams-found-and-explained/
• 20 March 2020. Francois Mouton & Arno de Coning. COVID-19: Impact on the Cyber Security Threat Landscape, https://www.researchgate.net/publication/340066124_COVID-19_Impact_on_the_Cyber_Security_Threat_Landscape
• 20 March 2020 New York asks domain registrars to crack down on sites used for coronavirus scams https://www.zdnet.com/article/new-york-asks-domain-registrars-to-crack-down-on-sites-used-for-coronavirus-scams/
• 20 March 2020, FBI - FBI Sees Rise in Fraud Schemes Related to the Coronavirus (COVID-19) Pandemic https://www.ic3.gov/media/2020/200320.aspx
• 20 March 2020, Microsoft - Protecting against coronavirus themed phishing attacks https://www.microsoft.com/security/blog/2020/03/20/protecting-against-coronavirus-themed-phishing-attacks/.
• 20 March 2020 SentinelOne - Threat Intel Update | Cyber Attacks Leveraging the COVID-19/CoronaVirus Pandemic. https://labs.sentinelone.com/threat-intel-update-cyber-attacks-leveraging-the-covid-19-coronavirus-pandemic/
• 20 March 2020 Trend Micro - Developing Story: Coronavirus Used in Malicious Campaigns. https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/coronavirus-used-in-spam-malware-file-names-and-malicious-domains
• 20 March 2020. Carbon Black. Technical Analysis: Hackers Leveraging COVID-19 Pandemic to Launch Phishing Attacks, Fake Apps/Maps, Trojans, Backdoors, Cryptominers, Botnets & Ransomware https://www.carbonblack.com/2020/03/19/technical-analysis-hackers-leveraging-covid-19-pandemic-to-launch-phishing-attacks-trojans-backdoors-cryptominers-botnets-ransomware/
• 20 March 2020. FBI. FBI SEES RISE IN FRAUD SCHEMES RELATED TO THE CORONAVIRUS (COVID-19) PANDEMIC. https://www.ic3.gov/media/2020/200320.aspx
• 19 March 2020. Congressional Research Unit. COVID-19: Cybercrime Opportunities and Law Enforcement Response https://crsreports.congress.gov/product/pdf/IN/IN11257
• 19 March 2020. Fidelis Security. COVID-19 / Coronavirus: Threats Facing a Remote Workforce and Industry https://www.fidelissecurity.com/threatgeek/threat-intelligence/covid-19-threats/
• 19 March 2020 Agari. Covid lures used in Business Email Compromise https://www.agari.com/email-security-blog/business-email-compromise-bec-coronavirus-covid-19/
• 19 March 2020 EEAS SPECIAL REPORT: DISINFORMATION ON THE CORONAVIRUS – SHORT ASSESSMENT OF THE INFORMATION ENVIRONMENT https://euvsdisinfo.eu/eeas-special-report-disinformation-on-the-coronavirus-short-assessment-of-the-information-environment/
• 19 March 2020 Digital Shadows - Covid-19 Dark Web reactions. https://www.digitalshadows.com/blog-and-research/covid-19-dark-web-reactions/
• 19 March 2020 EFF Covid-19 phishing guide. https://www.eff.org/deeplinks/2020/03/phishing-time-covid-19-how-recognize-malicious-coronavirus-phishing-scams
• 19 March 2020. Digital Shadows. Covid-19 Dark Web reactions. https://www.digitalshadows.com/blog-and-research/covid-19-dark-web-reactions/
• 19 March 2020. ElecticIQ Investigating Phishing Attacks Exploiting Coronavirus Themes. https://blog.eclecticiq.com/covid-19/investigating-phishing-attacks-exploiting-coronavirus-covid-19-themes
• 19 March 2020. Fidelis Security. COVID-19 / Coronavirus: Threats Facing a Remote Workforce and Industry https://www.fidelissecurity.com/threatgeek/threat-intelligence/covid-19-threats/
• 19 March 2020. MDR Cyber. Covid-19 Cyber Update. https://www.mishcon.com/news/covid-19-cyber-security-update
• 19 March 2020. NCC Group. Threat Actors: exploiting the pandemic. https://research.nccgroup.com/2020/03/19/threat-actors-exploiting-the-pandemic/
• 19 March 2020. Cofense. Threat Actors Innovate to Exploit COVID-19, Delivering OpenOffice .OPD Attachments on a Shoestring Budget https://cofense.com/threat-actors-innovate-exploit-covid-19-delivering-openoffice-opd-attachments-shoestring-budget/
• 19 March 2020. Cofense. Threat Actors Innovate to Exploit COVID-19, Delivering OpenOffice .OPD Attachments on a Shoestring Budget. https://cofense.com/threat-actors-innovate-exploit-covid-19-delivering-openoffice-opd-attachments-shoestring-budget/
• 19 March 2020. Herjavec Group. Threat Advisory: Additional Information Regarding COVID-19 Related Cyber Attacks. herjavecgroup.com/threat-advisory-additional-information-covid19-cyber-attacks/
• 19 March 2020. Obrela. Attackers Taking Advantage of the Coronavirus/COVID-19 outbreak. https://www.obrela.com/attackers-taking-advantage-of-the-coronavirus-covid-19-outbreak/
• 18 March 2020. Cybereason. UST BECAUSE YOU’RE HOME DOESN’T MEAN YOU’RE SAFE https://www.cybereason.com/blog/just-because-youre-home-doesnt-mean-youre-safe
• 18 March 2020. Lookout. New Threat Discovery Shows Commercial Surveillanceware Operators Latest to Exploit COVID-19. https://blog.lookout.com/commercial-surveillanceware-operators-latest-to-take-advantage-of-covid-19
• 18 March 2020. Authorities Eye Using Mobile Phone Tracking COVID-19’s Spread. https://threatpost.com/authorities-mobile-phone-tracking-covid-19-spread/153903/
• 18 March 2020. Media. Ransomware Gangs to Stop Attacking Health Orgs During Pandemic. https://www.bleepingcomputer.com/news/security/ransomware-gangs-to-stop-attacking-health-orgs-during-pandemic/
• 18 March 2020. Qualys. Cyber Criminals using Coronavirus Fears to Spread Information-Stealing Malware https://blog.qualys.com/indication-of-compromise/2020/03/18/cyber-criminals-using-coronavirus-fears-to-spread-information-stealing-malware
• 18 March 2020. Proofpoint. Coronavirus Threat Landscape Update. https://www.proofpoint.com/us/threat-insight/post/coronavirus-threat-landscape-update
• 17 March 2020. IBM X-Force Threat Intelligence Cybersecurity Brief: Novel Coronavirus (COVID-19) https://securityintelligence.com/posts/ibm-x-force-threat-intelligence-cybersecurity-brief-novel-coronavirus-covid-19/
• 16 March 2020. Infoblox. Series of New Agent Tesla Infostealer Campaigns Use Coronavirus Themes. https://www.infoblox.com/wp-content/uploads/threat-intelligence-report-agent-telsa-infostealer-use-coronavirus-themes-v2.pdf
• 16 March 2020. Zscaler. CovidLock: Android Ransomware Walkthrough and Unlocking Routine https://www.zscaler.com/blogs/research/covidlock-android-ransomware-walkthrough-and-unlocking-routine
• 16 March 2020. Malware Bytes. APT36 jumps on the coronavirus bandwagon, delivers Crimson RAT. https://blog.malwarebytes.com/threat-analysis/2020/03/apt36-jumps-on-the-coronavirus-bandwagon-delivers-crimson-rat/
• 16 March 2020. National Cyber Security Centre. Cyber experts step in as criminals seek to exploit Coronavirus fears. https://www.ncsc.gov.uk/news/cyber-experts-step-criminals-exploit-coronavirus
• 16 March 2020. DomainTools. CovidLock Update: Deeper Analysis of Coronavirus Android Ransomware https://www.domaintools.com/resources/blog/covidlock-update-coronavirus-ransomware
• 16 March 2020. AusCERT. COVID-19 Cyber Threats: Observations, OSINT and Safety Recommendations https://www.auscert.org.au/blog/2020-03-16-covid-19-observations-osint-and-safety-recommendations
• 16 March 2020. Flashpoint. Covid-19 Key Developments. https://www.flashpoint-intel.com/blog/covid-19-key-developments/
• 13 March 2020. State-sponsored attackers using COVID-19 Lures (Russia, China, North Korea) https://www.zdnet.com/article/state-sponsored-hackers-are-now-using-coronavirus-lures-to-infect-their-targets/
• 13 March 2020. F-Secure. Coronavirus email attacks evolving as outbreak spreads. https://blog.f-secure.com/coronavirus-email-attacks-evolving-as-outbreak-spreads/
• 13 March 2020 ZDNet. State-sponsored attackers using COVID-19 Lures (Russia, China, North Korea) https://www.zdnet.com/article/state-sponsored-hackers-are-now-using-coronavirus-lures-to-infect-their-targets/
• 12 March 2020. RecordFuture. Capitalizing on Coronavirus Panic, Threat Actors Target Victims Worldwide https://www.recordedfuture.com/coronavirus-panic-exploit/
• 12 March 2020. Tenable. COVID-19: Coronavirus Fears Seized by Cybercriminals. https://www.tenable.com/blog/covid-19-coronavirus-fears-seized-by-cybercriminals
• 12 March 2020. Intsights. Cybercriminals Exploit Coronavirus Spread with Malware, Phishing Schemes https://intsights.com/blog/cybercriminals-exploit-coronavirus-spread-with-malware-phishing-schemes-1
• 12 March 2020. Blueliv. Cybercriminals taking advantage of the Coronavirus. https://www.blueliv.com/cyber-security-and-cyber-threat-intelligence-blog-blueliv/industry/cybercriminals-taking-advantage-of-the-coronavirus/
• 12 March 2020. Checkpoint. Vicious Panda: The COVID Campaign https://research.checkpoint.com/2020/vicious-panda-the-covid-campaign/
• 11 March 2020. Avast. Iranian Coronavirus app collecting sensitive information https://blog.avast.com/iranian-coronavirus-app-collecting-sensitive-information-avast
• 9 March 2020. ElecticIQ. Investigating Phishing Attacks Exploiting Coronavirus Themes https://blog.eclecticiq.com/investigating-phishing-attacks-exploiting-coronavirus-covid-19-themes
• 9 March 2020. Reason Security. COVID-19, Info Stealer & the Map of Threats – Threat Analysis Report https://blog.reasonsecurity.com/2020/03/09/covid-19-info-stealer-the-map-of-threats-threat-analysis-report/
• 5 March 2020. Check Point. Update: Coronavirus-themed domains 50% more likely to be malicious than other domains. https://blog.checkpoint.com/2020/03/05/update-coronavirus-themed-domains-50-more-likely-to-be-malicious-than-other-domains/
• 4 March 2020. Fortinet. Attackers Taking Advantage of the Coronavirus/COVID-19 Media Frenzy https://www.fortinet.com/blog/threat-research/attackers-taking-advantage-of-the-coronavirus-covid-19-media-frenzy.html
• 19 Feb 2020. United Nations. UN health agency warns against coronavirus COVID-19 criminal scams. https://news.un.org/en/story/2020/02/1058381
• 13 Feb 2020. Cisco Talos. Threat actors attempt to capitalize on coronavirus outbreak. https://blog.talosintelligence.com/2020/02/coronavirus-themed-malware.html
• 10 Feb 2020. FTC. Coronavirus: Scammers follow the headlines. https://www.consumer.ftc.gov/blog/2020/02/coronavirus-scammers-follow-headlines
• 7 Feb 2020. Kaspersky - Coronavirus phishing. https://www.kaspersky.com/blog/coronavirus-phishing/32395/
• 3 Feb 2020. Health Sector Cybersecurity Coordination Center. Coronavirus Themed E-mail Phishing. https://www.aha.org/guidesreports/2020-02-04-coronavirus-themed-e-mail-phishing
• 13 Jan 2020. Checkpoint. Coronavirus-themed spam spreads malicious Emotet malware. https://blog.checkpoint.com/2020/02/13/january-2020s-most-wanted-malware-coronavirus-themed-spam-spreads-malicious-emotet-malware/
• RiskIQ. Ransomware Attacks the Next Consequence of the Coronavirus Outbreak (requires registration). https://www.riskiq.com/research/ransomware-attacks-the-next-consequence-of-the-coronavirus-outbreak/
• Marsh. COVID-19: Implications for Cyber, Media, and Tech E&O Coverage. https://www.marsh.com/uk/insights/research/covid-19-implications-for-cyber-media-tech.html
• Norton. Coronavirus phishing emails: How to protect against COVID-19 scams https://us.norton.com/internetsecurity-online-scams-coronavirus-phishing-scams.html
• Enigma Software. COVID-19 WordPress Malware. https://www.enigmasoftware.com/covid19wordpressmalware-removal/

Remote Working & Conferencing Software

• 3 April 2020. Citizen Lab. Move Fast & Roll Your Own Crypto A Quick Look at the Confidentiality of Zoom Meetings https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick-look-at-the-confidentiality-of-zoom-meetings/
• Zoom Security White Paper - https://zoom.us/docs/doc/Zoom-Security-White-Paper.pdf
• 2 April 2020. FBI. FBI Releases Guidance on Defending Against VTC Hijacking and Zoom-bombing https://www.us-cert.gov/ncas/current-activity/2020/04/02/fbi-releases-guidance-defending-against-vtc-hijacking-and-zoom
• 1 April 2020. The Register. Zoom's end-to-end encryption isn't actually end-to-end at all. https://www.theregister.co.uk/2020/04/01/zoom_spotlight/
• 1 April 2020. Securonix Threat Research: Securing Your Remote Workforce – Detecting the Latest Cyberattacks in the Work-From-Home (WFH) World: Part 1 https://www.securonix.com/securonix-threat-research-securing-your-remote-workforce-detecting-the-latest-cyberattacks-in-the-work-from-home-wfh-world-part-1/
• 31 March 2020. Bleeping Computer/Matthew Hickey. Zoom Client Leaks Windows Login Credentials to Attackers https://www.bleepingcomputer.com/news/security/zoom-client-leaks-windows-login-credentials-to-attackers/ and https://twitter.com/hackerfantastic/status/1245133371262619654
• 30 March 2020. Lexology. Ethical Issues with Remote Work During COVID-19 https://www.lexology.com/library/detail.aspx?g=320c6cfe-fceb-463f-b8ec-5f247de4c843
• 20 March 2020. GovTech/DAN LOHRMANN How Is Covid-19 Creating Data Breaches? https://www.govtech.com/blogs/lohrmann-on-cybersecurity/how-is-covid-19-creating-data-breaches.html
• 27 March 2020. Doc Searls. Zoom needs to clean up its privacy act https://blogs.harvard.edu/doc/2020/03/27/zoom/
• 27 March 2020. Sky News. UK Government Uses Zoom Despite MoD Security Concerns https://news.sky.com/story/coronairus-cabinet-talks-held-on-zoom-days-after-software-was-banned-by-ministry-of-defence-11963889
• 27 March 2020. ACA Compliance Group. Keeping Children Safe Online During COVID-19 Social Distancing. https://www.acacompliancegroup.com/blog/keeping-children-safe-online-during-covid-19-social-distancing
• 26 March 2020. Lexology. COVID-19: Remote Working and Cybersecurity https://www.lexology.com/library/detail.aspx?g=4194be55-51e0-4227-ac98-dbbca209c2c1
• 24 March 2020. ENISA. Tips for cybersecurity when working from home. https://www.enisa.europa.eu/tips-for-cybersecurity-when-working-from-home
• 24 March 2020. H-ISAC Report: Hacking Healthcare - TLP White, March 24, 2020 (focus on Telework). https://www.aha.org/h-isac-reports/2020-03-25-h-isac-report-hacking-healthcare-tlp-white-march-24-2020
• 23 March 2020. ESET. Home office is where the heart is… https://www.eset.com/blog/consumer/home-office-is-where-the-heart-is/
• 21 March 2020. Kaspersky. Remote working safety and security https://www.kaspersky.co.uk/blog/remote-work-security/19472/
• 20 March 2020. Security Boulevard. Using Zoom? Here are the privacy issues you need to be aware of https://securityboulevard.com/2020/03/using-zoom-here-are-the-privacy-issues-you-need-to-be-aware-of/
• 20 March 2020. F-Secure. Protecting employees and systems in a time of pandemic https://blog.f-secure.com/protecting-employees-and-systems-in-a-time-of-pandemic/
• 20 March 2020. CSO Online. Free security resources for work-from-home employees during the COVID-19 crisis. https://www.csoonline.com/article/3532797/free-security-resources-for-work-from-home-employees-during-the-covid-19-crisis.html
• 20 March 2020. Fireeye. Remote Work in an Age of COVID-19 — Threat Modeling. https://www.fireeye.com/blog/executive-perspective/2020/03/remote-work-in-an-age-of-covid-19-threat-modeling-the-risks.html
• 19 March 2020. NIST. Telework Security Basics. https://www.nist.gov/blogs/cybersecurity-insights/telework-security-basics
• 19 March 2020. LexisNexis. COVID-19: Cyber and Data Security Legal Checklist. https://www.lexology.com/library/detail.aspx?g=a184ab86-5d62-4514-a39e-c0f0c0ee693d
• 17 March 2020. NIST. Preventing Eavesdropping and Protecting Privacy on Virtual Meetings https://www.nist.gov/blogs/cybersecurity-insights/preventing-eavesdropping-and-protecting-privacy-virtual-meetings
• 17 March 2020. National Cyber Security Centre - Home Working: preparing your organisation and staff. https://www.ncsc.gov.uk/guidance/home-working
• 16 March 2020. SANS - SANS Security Awareness Work-from-Home Deployment Kit. https://www.sans.org/security-awareness-training/sans-security-awareness-work-home-deployment-kit
• 16 March 2020. ESET. COVID‑19 and the shift to remote work https://www.welivesecurity.com/2020/03/16/covid19-forced-workplace-exodus/
• 13 March 2020. Threatpost. Working from Home: COVID-19’s Constellation of Security Challenges https://threatpost.com/working-from-home-covid-19s-constellation-of-security-challenges/153720/
• 11 March 2020. Crowdstrike. Cybersecurity in the Time of COVID-19: Keys to Embracing (and Securing) a Remote Workforce. https://www.crowdstrike.com/blog/securing-a-remote-workforce-in-the-time-of-covid-19/
• Cyber Readiness Institute. Securing a Remote Workforce. https://cyberreadinessinstitute.org/images/CRI-Securing-a-Remote-Workforce.pdf

Guides from vendors on the secure deployment of their remote working and conferencing tools, along with security advisory and subscription information are available in the Remote Working PSIRT project.

Cybersecurity Reports

• Information Security Forum (ISF). ISF resource and content suite for the Coronavirus outbreak. https://www.securityforum.org/covid-19/
• April 1 2020. IANS Research. COVID-19 and InfoSec: What You Need to Know https://portal.iansresearch.com/content/4613/tpg/covid-19-and-infosec-what-you-need-to-know/
• 1 April 2020. Sophos. Protecting your company during COVID-19: guidance for CIOs and CISOs https://news.sophos.com/en-us/2020/04/01/protecting-your-company-during-covid-19-guidance-for-cios-and-cisos/
• 30 March 2020. Fireeye. With COVID-19 Themed Campaigns on the Rise, Here’s How to Manage Email Phishing Risks. https://www.fireeye.com/blog/executive-perspective/2020/03/managing-email-phishing-risks.html
• 28 March 2020. AlixPartners. ESSENTIAL STRATEGIES FOR MANAGING CYBER RISK IN DISRUPTIVE TIMES https://www.alixpartners.com/media/14661/covid-19-response-business-disruption_cyber-risk.pdf
• 28 March 2020. NHS. Reducing burden and releasing capacity at NHS providers and commissioners to manage the COVID-19 pandemic. (See Annex A). https://www.england.nhs.uk/coronavirus/wp-content/uploads/sites/52/2020/03/C0113-28-march-2020-reducing-burden-releasing-capacity-nhs-providers-commissioners-manage-covid-19-pandemic.pdf
• 27 March 2020. PwC. How to protect your companies from rising cyber attacks and fraud amid the COVID-19 outbreak https://www.pwc.com/us/en/library/covid-19/cyber-attacks.html
• 27 March 2020. Flashpoint. Considerations for Updating Near-Term Intelligence Requirements in Response to COVID-19 https://www.flashpoint-intel.com/blog/near-term-intelligence-requirements-in-response-to-covid-19/
• 26 March 2020. KPMG. COVID-19: Protecting your business from cyber crime. https://home.kpmg/au/en/home/insights/2020/03/covid-19-coronavirus-protecting-business-from-cyber-crime-sme.html
• 26 March 2020. Cisco Talos. Threat Update: COVID-19. https://blog.talosintelligence.com/2020/03/covid-19-pandemic-threats.html
• 20 March 2020. Secure Works. https://www.secureworks.com/blog/maintaining-cybersecurity-in-the-face-of-covid-19-driven-organizational-change
• 24 March 2020. F-Secure. COVID-19 and Your Company’s Security: The CISO Speaks https://blog.f-secure.com/podcast-covid19-company-security/
• 18 March 2020. Canadian Centre for Cybersecurity. Cyber Hygiene for COVID-19 https://cyber.gc.ca/en/guidance/cyber-hygiene-covid-19
• 16 March 2020. Harvard Buisness Review. Will Coronavirus Lead to More Cyber Attacks? https://hbr.org/2020/03/will-coronavirus-lead-to-more-cyber-attacks
• 16 March 2020. IRM. COVID-19: Data Protection & Cyber Security Paper https://cdn2.hubspot.net/hubfs/2539481/Reports-Guides-Whitepapers/Covid-19%20Data%20Protection%20&%20Cyber%20Security.pdf
• 6 March 2020. Cybersecurity and Infrastructure Security Agency (CISA). https://www.cisa.gov/sites/default/files/publications/20_0306_cisa_insights_risk_management_for_novel_coronavirus.pdf
• Deloitte. COVID-19: Cyber Preparedness & Response https://www2.deloitte.com/content/dam/Deloitte/ie/Documents/covid19/deloitte-ie-covid-19-cyber-infographic.pdf

Please note, we have removed most media reporting unless it adds specific threat information or insight in addition to the resources above. Simarly we have ignored resources that do not add specific insight or original content. Where resources are behind a registration page this is indicated. Please send resources to [email protected] or submit a pull request.