A collection of Covid-19 related threat intelligence and related resources. Please send resources to [email protected] or submit a pull request.
- IOC Sources
- Incidents
- Intelligence Reports and Updates
- Remote Working & Conferencing Software
- Cybersecurity Reports
- Tools
Please note, we have removed most media reporting unless it adds specific threat information or insight in addition to the resources above. Simarly we have ignored resources that do not add specific insight or original content. Where resources are behind a registration page this is indicated. We have not tested any of of the tools or code listed and you use them at your own risk.
- Cyber Threat Coalition. https://blacklist.cyberthreatcoalition.org/ and join Slack at https://covid19cybert-qvl7792.slack.com/join/shared_invite/zt-cyt9l8z9-wojJ6lHvlLKbWU0GnoUfXQ, OTX group at https://otx.alienvault.com/group/840/pulses.
- Domaintools - Domains with high risk scores. https://www.domaintools.com/resources/blog/free-covid-19-threat-list-domain-risk-assessments-for-coronavirus-threats (NB: Behind registration form).
- Malware Patrol - List of newly registered domains with Covid-19 related keywords. https://www.malwarepatrol.net/coronavirus-covid-19-online-scams-data/
- Covid-19 Host Reputation feed. https://cv-feed.pocnroll.com/
- ThreatConnect Dashboards and Playbooks. https://threatconnect.com/blog/playbook-fridays-covid-19-dashboard-metrics-and-search/
- Joe Tidy - Phishing Scams Search. https://coronavirusphishing.com/
- APKLab - App Malware samples and domain list (clean and malicious). https://www.apklab.io/covid19
- Cofense - Coronavirus Phishing. https://cofense.com/solutions/topic/coronavirus-infocenter/
- List of IOCs (Hashes, domains, IPs) used in COVID-19 attacks https://github.com/parthdmaniar/coronavirus-covid-19-SARS-CoV-2-IoCs/blob/master/All%20IOCs
- CyberReason - Various IOCs. https://www.cybereason.com/hubfs/Indicators%20of%20Compromise/Coronavirus-Themed%20Malware%20IOCs.pdf
- Sophos - Various IOCs. https://github.com/sophoslabs/covid-iocs
- MISP-Project - Covid-19 dedicated MISP. https://covid-19.iglocska.eu/. For access, send a DM to https://twitter.com/MISPProject
- MalwareHunterTeam (Twitter). https://twitter.com/malwrhunterteam and others such as Targetting of Ukraine Center for Public Health https://twitter.com/malwrhunterteam/status/1231239497666482177
- Parth D. Maniar. Covid IOCs. https://github.com/parthdmaniar/coronavirus-covid-19-SARS-CoV-2-IoCs
- Bloomver. Covid IOCs. https://github.com/Bloomvertech/covid-iocs
- Thugcrowd. COVID-19 Real Time Scam Hunter https://thugcrowd.com/covid-19/
- SANS. Covid Domain Classifier. https://isc.sans.edu/covidclassifier.html
- Managed Sentinel. COVID-19 Indicators of Compromise and Azure Sentinel Alerts https://www.managedsentinel.com/2020/03/27/azure-sentinel-covid-19-alerts-and-iocs/
- Proofpoint. Practitioners Update: Free COVID-19 Related IDS Rules https://www.proofpoint.com/us/threat-insight/post/practitioners-update-free-covid-19-related-ids-rules
- SOCPrime. SOC PRIME PROVIDES HEALTHCARE ORGANIZATIONS WITH FREE SIEM CONTENT FOR COVID19 PHISHING ATTACKS DETECTION https://socprime.com/blog/soc-prime-provides-healthcare-organizations-with-free-siem-content-for-covid19-phishing-attacks-detection/
- North Dakota Response. COVID-19 Cyber Threats https://ndresponse.gov/covid-19-resources/covid-19-cyber-threats
- Phishlabs. COVID-19 Threat Intelligence. https://www.phishlabs.com/covid-19-threat-intelligence/
- robindimyan. Turkish Covid Response. https://github.com/robindimyan/covid-cyber-response
- MalwareBazaar COVID-19 Database - https://bazaar.abuse.ch/browse/tag/COVID-19/-
- RicheyMay. Updated Live: COVID-19 Indicator of Compromise Tracker https://www.richeymaytech.com/updated-live-covid-19-indicator-of-compromise-tracker/
- 09 June 2020. Reuters. South Africa's Life Healthcare hit by cyber attack. https://uk.reuters.com/article/us-life-healthcare-cyber/south-africas-life-healthcare-hit-by-cyber-attack-idUKKBN23G0MY
- 01 June 2020. BBC News. Hackers in £800K Bitcoin ransom note to Kent PPE firm. https://www.bbc.co.uk/news/uk-england-kent-52880218#:~:text=A%20gang%20demanded%20an%20%C2%A3,data%20on%20the%20dark%20web
- 13 May 2020. BBC News. Coronavirus: Cyber-attacks hit hospital construction companies. https://www.bbc.co.uk/news/technology-52646808
- 6 May 2020. KrebsOnSecurity. Europe’s Largest Private Hospital Operator Fresenius Hit by Ransomware. https://krebsonsecurity.com/2020/05/europes-largest-private-hospital-operator-fresenius-hit-by-ransomware/
- 4 May 2020. InfoSecurity Group. 'Vaccines' Containing Blood of Recovered #COVID19 Patients for Sale on Dark Web. https://www.infosecurity-magazine.com/news/dark-web-fake-vaccines-blood/
- 1 May 2020. Abnormal Security. Abnormal Attack Stories: Microsoft Teams Impersonation. https://abnormalsecurity.com/blog/abnormal-attack-stories-microsoft-teams-impersonation/
- 25 April 2020. Hackers claim to have breached Chinese Medical Provider https://medium.com/@cyble/huiying-medical-breached-source-code-for-ai-assisted-covid-19-detection-and-experimental-data-of-1f5c6426121c
- 17 April 2020. Coronavirus: Czech Republic reports attempted cyber attack on healthcare systems https://globalnews.ca/news/6836374/czech-republic-cyber-attacks-healthcare/
- 16 April 2020. Stolen ActiveDircetory credentials used in Hospital ransomware https://www.bleepingcomputer.com/news/security/us-govt-hacker-used-stolen-ad-credentials-to-ransom-hospitals/
- 02 April 2020. Forbes/Davey Winder. Cyber Attack Disrupts COVID-19 Payouts: Hackers Take Down Italian Social Security Site https://www.forbes.com/sites/daveywinder/2020/04/02/covid-19-payouts-disrupted-as-heartless-hackers-attack-italian-crisis-benefits-site/#300531c15f10
- 02 April 2020. RedDrip Team HWP document containing COVID-19 contents possibly utilized by Lazarus Group to attack South Korea. A backdoor gets dropped out to perform remote control. https://twitter.com/reddrip7/status/1245557988401623040
- 26 March 2020. Telsy. CYBERCRIMINALS TROJANIZED ORGINAL SM COVID-19 AWARENESS ANDROID APP TO TARGET ITALY. https://blog.telsy.com/cybercriminals-trojanized-orginal-sm-covid-19-awareness-android-app-to-target-italy/
- 24 March 2020. Computing. Spanish hospitals targeted with coronavirus-themed phishing lures in Netwalker ransomware attacks. https://www.computing.co.uk/news/4012969/hospitals-coronavirus-ransomware
- 23 March 2020. Forbes/Davey Winder. COVID-19 Vaccine Test Center Hit By Cyber Attack, Stolen Data Posted Online. https://www.forbes.com/sites/daveywinder/2020/03/23/covid-19-vaccine-test-center-hit-by-cyber-attack-stolen-data-posted-online/#3b5f1f5918e5
- 23 March 2020. Bleeping Computer. Hackers Hijack Routers’ DNS to Spread Malicious COVID-19 Apps. https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
- 23 March 2020 HHS.gov Open Redirect Used by Coronavirus Phishing to Spread Malware https://www.bleepingcomputer.com/news/security/hhsgov-open-redirect-used-by-coronavirus-phishing-to-spread-malware/
- 23 March 2020 Hackers Hijack Routers’ DNS to Spread Malicious COVID-19 Apps https://www.bleepingcomputer.com/news/security/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps/
- 23 March 2020. Ransomware gang breaks promise not to target medical organizations during coronavirus outbreak. techspot.com/news/84501-ransomware-gang-breaks-promise-not-target-medical-organizations.html
- 20 March 2020. UK Middlesbrough Local Council targeted with COV_19-themed emails https://www.bbc.co.uk/news/uk-england-tees-51980150
- 18 March 2020. Zloader/SILENTNIGHT banking trojan distributed with COVID-19 compensation scheme lure https://www.fireeye.com/blog/threat-research/2020/03/stimulus-bill-social-engineering-covid-19-financial-compensation-schemes.html
- 18 March 2020. Health Services Journal (HSJ). Covid-19 response forces halt to NHS cyber security checks https://www.hsj.co.uk/technology-and-innovation/covid-19-response-forces-halt-to-nhs-cyber-security-checks/7027166.article
- 14 March 2020. HMR London Medical Facility attacked with Maze Ransomeware, data leaked. https://www.forbes.com/sites/daveywinder/2020/03/23/covid-19-vaccine-test-center-hit-by-cyber-attack-stolen-data-posted-online/#5a2fca3c18e5
- 14 March 2020 BlackWater Malware Abuses Cloudflare Workers for C2 Communication. https://www.bleepingcomputer.com/news/security/blackwater-malware-abuses-cloudflare-workers-for-c2-communication/
- 13 March 2020 REvil Ransomware attack against US biotech firm researching COVID-19 https://www.cyberscoop.com/covid-19-ransomware-10x-genomics-data-breach/
- 13 March 2020 Czech Covid-19 testing hospital hit with Ransomware. https://brnodaily.com/2020/03/13/news/serious-cyber-attack-targets-brno-university-hospital/
- 13 March 2020. Phishing campaign targeting World Health Organisation using typosquatted domain https://www.reuters.com/article/us-health-coronavirus-who-hack-exclusive-idUSKBN21A3BN
- 11 March 2020 Champaign-Urbana Public Health District website held hostage by ransomware (Netwalker) attack https://www.news-gazette.com/news/local/health-care/c-u-public-health-district-s-website-held-hostage-by/article_2dadedcd-aadb-5cb1-8740-8bd9e8800e27.html
- 09 March 2020 COVID-19, Info Stealer & the Map of Threats. https://blog.reasonsecurity.com/2020/03/09/covid-19-info-stealer-the-map-of-threats-threat-analysis-report/
- 04 March 2020 Trickbot campaign targets Coronavirus fears in Italy https://news.sophos.com/en-us/2020/03/04/trickbot-campaign-targets-coronavirus-fears-in-italy/
- 08 March 2020 Mobile Coronavirus Tracking App Coughs Up Ransomware. https://www.domaintools.com/resources/blog/covidlock-mobile-coronavirus-tracking-app-coughs-up-ransomware#
- World Economic Forum. COVID-19 Risks Outlook: A Preliminary Mapping and Its Implications. http://www3.weforum.org/docs/WEF_COVID_19_Risks_Outlook_Special_Edition_Pages.pdf
- RiskIQ Covid-19 daily update. https://www.riskiq.com/blog/analyst/covid19-daily-update/
- Silobreaker. Covid-19 Threat Daily Update. https://www.silobreaker.com/tag/covid19-threat-digest/.
- Fraud Watch International. Covid-19 Online Scams. https://fraudwatchinternational.com/covid19/
- KPN Security Research Team https://github.com/KPN-SRT/covid19_cyber_threats
- 11 June 2020. BBC News. The 'new normal' as cyber-spies navigate pandemic. https://www.bbc.co.uk/news/technology-52992677
- 4 June 2020. Financial Times. Sharp spike in HMRC coronavirus scams. https://www.ft.com/content/c0918719-cfcb-4b6b-afa7-a1a6baecaf0b
- 24 May 2020. The Guardian. Huge rise in hacking attacks on home workers during lockdown. https://www.theguardian.com/technology/2020/may/24/hacking-attacks-on-home-workers-see-huge-rise-during-lockdown
- 7 May 2020. Palo Alto Unit 42. SilverTerrier: New COVID-19 Themed Business Email Compromise Schemes. https://unit42.paloaltonetworks.com/silverterrier-covid-19-themed-business-email-compromise/
- 6 May 2020. Interpol. INTERPOL launches awareness campaign on COVID-19 cyberthreats. https://www.interpol.int/en/News-and-Events/News/2020/INTERPOL-launches-awareness-campaign-on-COVID-19-cyberthreats
- 5 May 2020. SentinelOne. Threat Intel | Cyber Attacks Leveraging the COVID-19/CoronaVirus Pandemic https://labs.sentinelone.com/threat-intel-update-cyber-attacks-leveraging-the-covid-19-coronavirus-pandemic/
- 4 May 2020. ThreatStop. ThreatStop Launches COVID-19 Malicious Domains Target. https://blog.threatstop.com/covid-19-malicious-domains-target
- 4 May 2020. Security Affairs. Nation-state actors are targeting UK universities to steal info on COVID-19 research. https://securityaffairs.co/wordpress/102731/cyber-warfare-2/hackers-covid-19-research.html
- 3 May 2020. Guardian. Hostile states trying to steal coronavirus research, says UK agency. https://www.theguardian.com/world/2020/may/03/hostile-states-trying-to-steal-coronavirus-research-says-uk-agency
- 30 April 2020. Intel471. COVID-19 pandemic: Through the cybercriminal’s eyes. https://blog.intel471.com/2020/04/30/covid-19-pandemic-through-the-cybercriminals-eyes/
- 30 April 2020. European Council. Declaration by the High Representative Josep Borrell, on behalf of the European Union, on malicious cyber activities exploiting the coronavirus pandemic https://www.consilium.europa.eu/en/press/press-releases/2020/04/30/declaration-by-the-high-representative-josep-borrell-on-behalf-of-the-european-union-on-malicious-cyber-activities-exploiting-the-coronavirus-pandemic/
- 30 April 2020. KrebsOnSecurity. How Cybercriminals are Weathering COVID-19. https://krebsonsecurity.com/2020/04/how-cybercriminals-are-weathering-covid-19/
- 29 April 2020. Kaspersky. Remote spring: the rise of RDP bruteforce attacks. https://securelist.com/remote-spring-the-rise-of-rdp-bruteforce-attacks/96820/
- 28 April 2020. ElecticIQ. EclecticIQ Pandemic Intelligence Update - Week 18. https://blog.eclecticiq.com/covid-19/eclecticiq-pandemic-intelligence-update-week-18
- 28 April 2020. Sophos Labs. Warning! Fake Zoom “HR meeting” emails phish for your password https://nakedsecurity.sophos.com/2020/04/28/warning-fake-zoom-hr-meeting-emails-phish-for-your-password/
- 27 April 2020. Orange Cyber Defence. COVID-19: A biological hazard goes digital https://orangecyberdefense.com/uk/whitepapers/covid-19-a-biological-hazard-goes-digital/
- 27 April 2020. kapersky. Fake deliveries in an age of lockdown. https://www.kaspersky.com/blog/covid-fake-delivery-service-spam-phishing/35125/
- 27 April 2020. Security Intelligence. SBA Spoofed in COVID-19 Spam to Deliver Remcos RAT https://securityintelligence.com/posts/sba-spoofed-in-covid-19-spam-to-deliver-remcos-rat/
- 27 April 2020. ZDNet. Australia and US call out cyber attacks on hospitals during COVID-19 pandemic https://www.zdnet.com/article/australia-and-us-call-out-cyber-attacks-on-hospitals-during-covid-19-pandemic/
- 25 April 2020. WHO reports fivefold increase in cyber attacks, urges vigilance https://www.who.int/news-room/detail/23-04-2020-who-reports-fivefold-increase-in-cyber-attacks-urges-vigilance
- 24 April 2020. F5. Mirai “COVID” Variant Disregards Stay-at-Home Orders. https://www.f5.com/labs/articles/threat-intelligence/mirai-covid-variant-disregards-stay-at-home-orders
- 22 April 2020. US Dept. of Justice. Department of Justice Announces Disruption of Hundreds of Online COVID-19 Related Scams. https://www.justice.gov/opa/pr/department-justice-announces-disruption-hundreds-online-covid-19-related-scams
- 22 April 2020. The Register. Yes, there's lots of COVID-19-themed scuminess around – but otherwise the level of cybercrime is the same https://www.theregister.co.uk/2020/04/22/secureworks_phishing_coronavirus_flat/
- 21 April 2020. SC Magazine. Nation-state hackers reportedly hunting for COVID-19 research. https://www.scmagazineuk.com/nation-state-hackers-reportedly-hunting-covid-19-research/article/1680822 (requires registration).
- 21 April 2020. BBC/Joe Tidy. Coronavirus: UK forces hundreds of scam Covid-19 shops offline. https://www.bbc.co.uk/news/technology-52361618
- 20 April 2020. Phishlabs. COVID-19 Phishing Update: Bad Actors Use Stimulus Payment Delays to Capture Banking Credentials. https://info.phishlabs.com/blog/covid-19-phishing-update-bad-actors-use-stimulus-payment-delays-to-capture-banking-credentials
- 20 April 2020. Crowdstrike. Malspam in the Time of COVID-19. https://www.crowdstrike.com/blog/covid19-and-malspam/
- 20 April 2020. Nozomi Networks. COVID-19 Chinoxy Backdoor: A Network Perspective. https://www.nozominetworks.com/blog/covid-19-chinoxy-backdoor-a-network-perspective/
- 20 April 2020. Healix. Exploitation of COVID-19 by criminal and far-right extremist groups. https://healix.com/sharing-knowledge-and-news/exploitation-covid-19/
- 20 April 2020. Checkpoint. Coronavirus update: as economic stimulus payments start to flow, cyber-attackers want to get their share too https://blog.checkpoint.com/2020/04/20/coronavirus-update-as-economic-stimulus-payments-start-to-flow-cyber-attackers-want-to-get-their-share-too/
- 20 April 2020. DOD. Cyber Criminals Don’t Brake for Pandemics. https://www.defense.gov/Explore/Inside-DOD/Blog/Article/2156128/cyber-criminals-dont-brake-for-pandemics/
- 17 April 2020. Microsoft. TrickBot Covid Lures. https://twitter.com/MsftSecIntel/status/1251181180281450498
- 17 April 2020. Reuters/Joseph Menn. Hacking against corporations surges as workers take computers home. https://www.reuters.com/article/us-health-coronavirus-cyber-corporations/hacking-against-corporations-surges-as-workers-take-computers-home-idUSKBN21Z0Y6
- 16 April 2020. MDR Cyber. Forecasting cyber threats after the COVID-19 pandemic https://www.mishcon.com/news/forecasting-cyber-threats-after-the-covid-19-pandemic
- 15 April 2020/. The Economist. The inroads of organised crime in the era of covid-19 https://eiuperspectives.economist.com/healthcare/inroads-organised-crime-era-covid-19
- 15 April 2020. Deloitte. Global Cyber Executive Briefing. https://www2.deloitte.com/content/dam/Deloitte/global/Documents/Risk/gx-cyber-covid-exec-briefing-14-April-20202.pdf
- 14 April 2020. Cyber Threat Coalition. 2020-04-14 Weekly Threat Advisory https://www.cyberthreatcoalition.org/covid-19-cyber-threat-updates-blog/2020-04-14-weekly-threat-advisory
- 14 April 2020. Sophos. Facing down the myriad threats tied to COVID-19. https://news.sophos.com/en-us/2020/04/14/covidmalware/
- 14 April 2020. Palo Alto Unit42. Malicious Attackers Target Government and Medical Organizations With COVID-19 Themed Phishing Campaigns https://unit42.paloaltonetworks.com/covid-19-themed-cyber-attacks-target-government-and-medical-organizations/
- 9 April 2020. Microsoft: #COVID19 Threats Less Than 2% of Total Daily Volume https://www.infosecurity-magazine.com/news/covid19-threats-less-than-2-daily/
- 8 April 2020. Secureworks. How Cyber Adversaries are Adapting to Exploit the Global Pandemic https://www.secureworks.com/blog/how-cyber-adversaries-are-adapting-to-exploit-the-global-pandemic
- 8 April 2020. Cofense. Coronavirus-Themed Phish Continue to Surge https://cofense.com/coronavirus-themed-phish-continue-surge/
- 8 April 2020. Carbon Black. COVID-19: Cybersecurity Community Resources https://www.carbonblack.com/2020/04/08/covid-19-cybersecurity-community-resources/
- 8 April 2020. Microsoft. Microsoft shares new threat intelligence, security guidance during global crisis. https://www.microsoft.com/security/blog/2020/04/08/microsoft-shares-new-threat-intelligence-security-guidance-during-global-crisis/
- 8 April 2020. Fireeye. Limited Shifts in the Cyber Threat Landscape Driven by COVID-19 https://www.fireeye.com/blog/threat-research/2020/04/limited-shifts-in-cyber-threat-landscape-driven-by-covid-19.html
- 8 April 2020. CISA and NCSC. COVID-19 Exploited by Malicious Cyber Actors https://www.us-cert.gov/ncas/alerts/aa20-099a and https://www.ncsc.gov.uk/news/covid-19-exploited-by-cyber-actors-advisory
- 7 April 2020. SonicWall. The New Front in Hospitals’ Battle Against COVID-19: Ransomware https://blog.sonicwall.com/en-us/2020/04/the-new-front-in-hospitals-battle-against-covid-19-ransomware/
- 6 April 2020. Redscan. REDSCAN REVEALS GOOGLE SECURITY SEARCH TRENDS DURING COVID-19 PANDEMIC https://www.redscan.com/news/covid-19-google-security-search-trends/
- 6 April 2020. FBI warn BEC frauds exploiting COVID-19 https://www.fbi.gov/news/pressrel/press-releases/fbi-anticipates-rise-in-business-email-compromise-schemes-related-to-the-covid-19-pandemic
- 6 April 2020. FBI warn about money mule scams exploiting home-working https://www.fbi.gov/news/pressrel/press-releases/fbi-warns-of-money-mule-schemes-exploiting-the-covid-19-pandemic
- 6 April 2020. BEC gift card scams going digital https://www.agari.com/email-security-blog/bec-gift-card-scams-covid-19/
- 6 April 2020. NASA CIO. NASA CIO Agencywide Memo: Alert: Cyber Threats Significantly Increasing During Coronavirus Pandemic http://www.spaceref.com/news/viewsr.html?pid=53512
- 6 April 2020. Danish Gov. Threat Assessment: The Cyber Threat Against Denmark During the COVID-19 Pandemic. https://fe-ddis.dk/cfcs/publikationer/Documents/The%20Cyber%20Threat%20Against%20Denmark%20During%20the%20COVID-19%20Pandemic.pdf
- 5 April 2020. Webhose. How Dark Web Criminals are Taking Advantage of the COVID-19 Crisis https://webhose.io/blog/dark-web/dark-web-criminals-take-advantage-covid19-crisis/
- 4 April 2020. Interpol. https://www.interpol.int/News-and-Events/News/2020/Cybercriminals-targeting-critical-healthcare-institutions-with-ransomware
- 4 April 2020. Cybercriminals targeting critical healthcare institutions with ransomware https://www.interpol.int/en/News-and-Events/News/2020/Cybercriminals-targeting-critical-healthcare-institutions-with-ransomware
- 3 April 2020. Symantec/Broadcom. COVID-19 Outbreak Prompts Opportunistic Wave of Malicious Email Campaigns https://symantec-blogs.broadcom.com/blogs/threat-intelligence/covid-19-outbreak-prompts-opportunistic-wave-malicious-email-campaigns
- 3 April 2020. European Commission. COVID-19: Commission and national consumer authorities are on high alert and call on platforms to stop scams and unfair practices https://ec.europa.eu/info/live-work-travel-eu/consumers/enforcement-consumer-protection/scams-related-covid-19_en
- 3 April 2020. Europol. CATCHING THE VIRUS CYBERCRIME, DISINFORMATION AND THE COVID-19 PANDEMIC. https://www.europol.europa.eu/publications-documents/catching-virus-cybercrime-disinformation-and-covid-19-pandemic
- 2 April 2020. Chatham House. Supporting NHS Cybersecurity During COVID-19 is Vital. https://www.chathamhouse.org/expert/comment/supporting-nhs-cybersecurity-during-covid-19-vital
- 2 April 2020. Fortinet. Latest Global COVID-19/Coronavirus Spearphishing Campaign Drops Infostealer https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html
- 2 April 2020. TrendMicro. Developing Story: COVID-19 Used in Malicious Campaigns https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/coronavirus-used-in-spam-malware-file-names-and-malicious-domains
- 2 April 2020. MDR Cyber. COVID-19: Cyber Security Update – 2 April https://www.mishcon.com/news/covid-19-cyber-security-update-2-april
- 2 April 2020. Checkpoint. Coronavirus update: In the cyber world, the graph has yet to flatten. https://blog.checkpoint.com/2020/04/02/coronavirus-update-in-the-cyber-world-the-graph-has-yet-to-flatten/
- 2 April 2020. IRS. IRS issues warning about Coronavirus-related scams; watch out for schemes tied to economic impact payments https://www.irs.gov/newsroom/irs-issues-warning-about-coronavirus-related-scams-watch-out-for-schemes-tied-to-economic-impact-payments
- 2 April 2020. Phishlabs. COVID-19 Phishing Update: Infected Coworker Email Targets Enterprise O365 Credentials
- 2 April 2020. Akamai. THREAT ACTORS RECYCLING PHISHING KITS IN NEW CORONAVIRUS (COVID-19) CAMPAIGNS. https://blogs.akamai.com/sitr/2020/04/threat-actors-recycling-phishing-kits-in-new-coronavirus-covid-19-campaigns.html
- 2 April 2020. Wardialing Zoom tool automates finding open rooms https://krebsonsecurity.com/2020/04/war-dialing-tool-exposes-zooms-password-problems/
- 2 April 2020. OODALoop. Zoom zero days https://www.oodaloop.com/briefs/2020/04/02/two-zoom-zero-day-flaws-uncovered/
- 1 April 2020. Proofpoint. Coronavirus/COVID-19 Payment Lures on the Rise. https://www.proofpoint.com/us/threat-insight/post/coronaviruscovid-19-payment-lures-rise
- 1 April 2020. DXC.Technology. Threat Intelligence Report https://assets1.dxc.technology/security/downloads/DXC-Threat_Intelligence_Report_-_April_2020.pdf
- 1 April 2020. Nokia. A growing cyber threat linked to COVID-19. https://onestore.nokia.com/asset/207324
- 1 April 2020. Microsoft. Microsoft works with healthcare organizations to protect from popular ransomware during COVID-19 crisis: Here’s what to do https://www.microsoft.com/security/blog/2020/04/01/microsoft-works-with-healthcare-organizations-to-protect-from-popular-ransomware-during-covid-19-crisis-heres-what-to-do/
- 31 March 2020. Trustwave. COVID-19 Malspam Activity Ramps Up. https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/covid-19-malspam-activity-ramps-up/
- 31 March 2020. Sophos. Sexortion threatening infection with Coronavirus https://nakedsecurity.sophos.com/2020/03/19/dirty-little-secret-extortion-email-threatens-to-give-your-family-coronavirus/
- 31 March 2020. Cyjax. COVID-19 Cyber Situation Update – 31 March https://www.cyjax.com/2020/03/31/covid-19-cyber-situation-update-31-march/
- 30 March 2020. F-Secure. Latest Covid-19-related cyber security news: Hospitals under attack https://blog.f-secure.com/covid-19-cyber-security/
- 30 March 2020. ESET. COVID-19 scams and social engineering capitalize on rapid change. https://www.eset.com/blog/enterprise/covid-19-scams-and-social-engineering-capitalize-on-rapid-change/
- 30 March 2020. Checkpoint. COVID-19 Impact: Cyber Criminals Target Zoom Domains. https://blog.checkpoint.com/2020/03/30/covid-19-impact-cyber-criminals-target-zoom-domains/
- 30 March 2020. KnowB4. Email campaign claiming "you are infected" with Coronavirus https://blog.knowbe4.com/cyberheistnews-vol-10-14-dont-hit-the-panic-button-you-are-infected-bad-guys-launch-an-evil-new-corona-virus-attack
- 30 March 2020. Threatpost. Zeus Sphinx Banking Trojan Arises Amid COVID-19 https://threatpost.com/zeus-sphinx-banking-trojan-covid-19/154274/
- 30 March 2020. ElecticIQ. EclecticIQ Pandemic Intelligence Update - Week 14. https://blog.eclecticiq.com/covid-19/eclecticiq-pandemic-intelligence-update-week-14
- 30 March 2020. RecordedFuture. Chinese State Media Seeks to Influence International Perceptions of COVID-19 Pandemic https://www.recordedfuture.com/covid-19-chinese-media-influence/
- 30 March 2020. Flashpoint. COVID-19 Key Developments: March 21-27. https://www.flashpoint-intel.com/blog/covid-19-key-developments-march-21-27/
- 30 March 2020. Phishlabs. COVID-19 Phishing Update: Your Bank is Not Texting You About Coronavirus. https://info.phishlabs.com/blog/covid-19-phishing-update-your-bank-is-not-texting-you-about-coronavirus
- 27 March 2020. KnowBe4. https://blog.knowbe4.com/bad-guys-push-new-covid-19-message-you-are-infected. Bad Guys Push New COVID-19 Message: You Are Infected.
- 27 March 2020. Fireeye. Social Engineering Based on Stimulus Bill and COVID-19 Financial Compensation Schemes Expected to Grow in Coming Weeks. https://www.fireeye.com/blog/threat-research/2020/03/stimulus-bill-social-engineering-covid-19-financial-compensation-schemes.html
- 27 March 2020. Austrialian Cybersecurity Centre. Threat update: COVID-19 malicious cyber activity https://www.cyber.gov.au/threats/threat-update-covid-19-malicious-cyber-activity
- 27 March 2020. Europol. PANDEMIC PROFITEERING: HOW CRIMINALS EXPLOIT THE COVID-19 CRISIS. https://www.europol.europa.eu/publications-documents/pandemic-profiteering-how-criminals-exploit-covid-19-crisis
- 27 March 2020. Trend Micro. Developing Story: COVID-19 Used in Malicious Campaigns https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/coronavirus-used-in-spam-malware-file-names-and-malicious-domains
- 26 March 2020. Cisco TALOS. Threat Update: COVID-19 https://blog.talosintelligence.com/2020/03/covid-19-pandemic-threats.html
- 26 March 2020. Kaspersky. Coronavirus as a hook. https://www.kaspersky.com/blog/coronavirus-corporate-phishing/34445/
- 26 March 2020. KnowBe4. [HEADS UP] Cybercriminals Attempt to Exploit Stimulus Package for COVID-19. https://blog.knowbe4.com/heads-up-cybercriminals-attempt-to-exploit-stimulus-packages-for-covid-19
- 26 March 2020. Phishlabs. COVID-19 Phishing Update: Threat Actors Impersonating CDC, WHO https://info.phishlabs.com/blog/covid-19-phishing-update-threat-actors-target-cdc-who
- 26 March 2020. Digital Shadows. COVID-19: Companies and Verticals At Risk For Cyber Attacks https://www.digitalshadows.com/blog-and-research/covid-19-companies-and-verticals-at-risk-for-cyber-attacks/
- 26 March 2020. CERT NZ. Attackers using COVID-19 themed scams - updated alert. https://www.cert.govt.nz/individuals/alerts/attackers-using-covid-19-themed-scams-updated-alert/
- 26 March 2020. Malysian National Cyber Security Agency (NACSA). Advisory on Cyber Threat Using COVID-19 Outbreak As Theme. https://www.nacsa.gov.my/advisory2.php
- 26 March 2020. Chartered Trading Standards Institute. Scam Alert: New COVID-19 coronavirus text scam. https://www.tradingstandards.uk/news-policy/news-room/2020/scam-alert-new-covid-19-coronavirus-text-scam
- 26 March 2020. Cyberpeace Institute. How the COVID-19 Infodemic Accelerates Cyberattacks. https://cyberpeaceinstitute.org/blog/2020-03-26-the-covid-19-infodemic-and-malicious-cyber-activities
- 25 March 2020. World Economic Forum. How COVID-19 shows the urgent need to address the cyber poverty gap. https://www.weforum.org/agenda/2020/03/covid-19-pandemic-shows-the-urgency-for-addressing-the-cyber-poverty-gap/
- 25 March 2020. Mimecast. Unsafe Clicks From COVID-19-Themed Email Phishing Attacks Nearly Double In Recent Weeks; Mimecast Blocks Up To 5,000 URLs Related To The Coronavirus A Day. https://www.mimecast.com/blog/2020/03/coronavirus-phishing-attacks-speed-up-globally/
- 25 March 2020. CyberInt. COVID-19 Ongoing Cyber Updates https://blog.cyberint.com/covid-19-ongoing-cyber-updates
- 25 March 2020. Looking Glass Cyber. THREAT ACTORS EXPLOIT COVID-19 IN CYBER CRIME CAMPAIGNS https://www.lookingglasscyber.com/blog/threat-actors-exploit-covid-19-in-cyber-crime-campaigns/
- Silobreaker. Covid-19 Threat Daily Update. https://www.silobreaker.com/tag/covid19-threat-digest/.
- 25 March 2020. Kieren Nicolas. COVID-19 SECURITY ALERT - UK https://www.kierennicolas.com/blog/covid-19-security-alert-uk
- 25 March 2020. Yoroi. New Cyber Attack Campaign Leverages the COVID-19 Infodemic. https://yoroi.company/research/new-cyber-attack-campaign-leverages-the-covid-19-infodemic/
- 25 March 2020. Mimecast. WEBCAST RECAP: TUESDAY’S GLOBAL CYBER THREAT INTELLIGENCE WEEKLY BRIEFING https://www.mimecast.com/blog/2020/03/webcast-recap-global-cyber-threat-intelligence-weekly-briefing/
- 24 March 2020. Hot for Security/Graham Cluley. Free Netflix pass because of Coronavirus? It’s a scam. https://hotforsecurity.bitdefender.com/blog/free-netflix-pass-because-of-coronavirus-its-a-scam-22691.html
- 25 March 2020. MDR Cyber. Covid-19 Security Update. https://www.mishcon.com/news/covid-19-cyber-security-update-25-march
- 24 March 2020. Manchester Council. Coronavirus related fraud https://secure.manchester.gov.uk/info/500361/coronavirus/7928/coronavirus/17
- 24 March 2020. Lexology. COVID-19: Key EU And U.S. Cybersecurity Issues and Risk-Remediation Steps. COVID-19: Key EU And U.S. Cybersecurity Issues and Risk-Remediation Steps
- 24 March 2020. Sophos. Facing down the myriad threats tied to COVID-19 https://news.sophos.com/en-us/2020/03/24/covidmalware/
- 24 March 2020. Crowdstrike. Situational Awareness: Cyber Threats Heightened by COVID-19 and How to Protect Against Them. https://www.crowdstrike.com/blog/covid-19-cyber-threats/
- 24 March 2020. RUSI. How Covid-19 is Changing the Organised Crime Threat. https://rusi.org/commentary/how-covid-19-changing-organised-crime-threat
- 24 March 2020. Palo Alto Unit 42. Don’t Panic: COVID-19 Cyber Threats. https://unit42.paloaltonetworks.com/covid19-cyber-threats/
- 24 March 2020. Anomali. Anomali Aggregates Open Source Threat Intelligence to Fight COVID-19-themed Cyber Attacks. https://www.anomali.com/blog/anomali-aggregates-open-source-threat-intelligence-to-fight-covid-19-themed-cyber-attacks
- 24 March 2020. Ginp malware: "Coronavirus Finder" steals credit card information https://www.kaspersky.com/blog/ginp-trojan-coronavirus-finder/34338/
- March 23 2020. Exclusive: Elite hackers target WHO as coronavirus cyberattacks spike. https://www.reuters.com/article/us-health-coronavirus-who-hack-exclusive/exclusive-elite-hackers-target-who-as-coronavirus-cyberattacks-spike-idUSKBN21A3BN
- 23 March 2020. Securonix. COVID-19 Cyber Threat Update – March 23, 2020. https://www.securonix.com/securonix-covid-19-threat-update-march-23-2020/
- 23 March 2020. KnowBe4. [Heads-Up] Feeding Frenzy: COVID-19 Phishing Attacks Surge as U.S. Reels from Pandemic https://blog.knowbe4.com/heads-upfeeding-frenzy-covid-19-phishing-attacks-surge-as-u.s.-reels-from-pandemic
- 23 March 2020. Malwarebytes. Fake “Corona Antivirus” distributes BlackNET remote administration tool. https://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/
- 23 March 2020. Securonix. COVID-19 Cyber Threat Update – March 23, 2020 https://www.securonix.com/securonix-covid-19-threat-update-march-23-2020/
- 23 March 2020. Fake “Corona Antivirus” distributes BlackNET remote administration tool. https://blog.malwarebytes.com/threat-analysis/2020/03/fake-corona-antivirus-distributes-blacknet-remote-administration-tool/
- 23 March 2020. Cyjax. COVID-19 Cyber Situation Report. https://www.cyjax.com/2020/03/23/covid-19-cyber-situation-report/
- 22 March 2020. US DOJ - US Justice Department issues enforcement action against fraud wesbite. https://www.justice.gov/opa/pr/justice-department-files-its-first-enforcement-action-against-covid-19-fraud
- 22 March 2020. Verint. HACKERS CONTINUE TO EXPLOIT THE COVID-19 PANDEMIC IN MALICIOUS CAMPAIGNS https://cis.verint.com/2020/03/22/hackers-continue-to-exploit-the-covid-19-pandemic-in-malicious-campaigns/
- 21 March 2020. Security Arrairs. New Coronavirus-themed attack uses fake WHO chief emails. https://securityaffairs.co/wordpress/100147/cyber-crime/who-coronavirus-themed-attack.html
- 20 March 2020. PwC. Managing the impact of COVID-19 on cyber security. https://www.pwc.co.uk/cyber-security/pdf/impact-of-covid-19-on-cyber-security.pdf
- 20 March 2020. New York asks domain registrars to crack down on sites used for coronavirus scams. https://www.zdnet.com/article/new-york-asks-domain-registrars-to-crack-down-on-sites-used-for-coronavirus-scams/
- 20 March 2020. FBI - FBI Sees Rise in Farud Schemes Related to the Coronavirus (COVID-19) Pandemic. https://www.ic3.gov/media/2020/200320.aspx
- 20 March 2020. Microsoft - Protecting against coronavirus themed phishing attacks. https://www.microsoft.com/security/blog/2020/03/20/protecting-against-coronavirus-themed-phishing-attacks/.
- 20 March 2020. SentinelOne - Threat Intel Update | Cyber Attacks Leveraging the COVID-19/CoronaVirus Pandemic. https://labs.sentinelone.com/threat-intel-update-cyber-attacks-leveraging-the-covid-19-coronavirus-pandemic/
- 20 March 2020. Trend Micro - Developing Story: Coronavirus Used in Malicious Campaigns. https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/coronavirus-used-in-spam-malware-file-names-and-malicious-domains
- 20 March 2020. Malware Bytes. Coronavirus scams, found and explained https://blog.malwarebytes.com/scams/2020/03/coronavirus-scams-found-and-explained/
- 20 March 2020. Francois Mouton & Arno de Coning. COVID-19: Impact on the Cyber Security Threat Landscape, https://www.researchgate.net/publication/340066124_COVID-19_Impact_on_the_Cyber_Security_Threat_Landscape
- 20 March 2020 New York asks domain registrars to crack down on sites used for coronavirus scams https://www.zdnet.com/article/new-york-asks-domain-registrars-to-crack-down-on-sites-used-for-coronavirus-scams/
- 20 March 2020, FBI - FBI Sees Rise in Fraud Schemes Related to the Coronavirus (COVID-19) Pandemic https://www.ic3.gov/media/2020/200320.aspx
- 20 March 2020, Microsoft - Protecting against coronavirus themed phishing attacks https://www.microsoft.com/security/blog/2020/03/20/protecting-against-coronavirus-themed-phishing-attacks/.
- 20 March 2020 SentinelOne - Threat Intel Update | Cyber Attacks Leveraging the COVID-19/CoronaVirus Pandemic. https://labs.sentinelone.com/threat-intel-update-cyber-attacks-leveraging-the-covid-19-coronavirus-pandemic/
- 20 March 2020 Trend Micro - Developing Story: Coronavirus Used in Malicious Campaigns. https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/coronavirus-used-in-spam-malware-file-names-and-malicious-domains
- 20 March 2020. Carbon Black. Technical Analysis: Hackers Leveraging COVID-19 Pandemic to Launch Phishing Attacks, Fake Apps/Maps, Trojans, Backdoors, Cryptominers, Botnets & Ransomware https://www.carbonblack.com/2020/03/19/technical-analysis-hackers-leveraging-covid-19-pandemic-to-launch-phishing-attacks-trojans-backdoors-cryptominers-botnets-ransomware/
- 20 March 2020. FBI. FBI SEES RISE IN FRAUD SCHEMES RELATED TO THE CORONAVIRUS (COVID-19) PANDEMIC. https://www.ic3.gov/media/2020/200320.aspx
- 19 March 2020. Congressional Research Unit. COVID-19: Cybercrime Opportunities and Law Enforcement Response https://crsreports.congress.gov/product/pdf/IN/IN11257
- 19 March 2020. Fidelis Security. COVID-19 / Coronavirus: Threats Facing a Remote Workforce and Industry https://www.fidelissecurity.com/threatgeek/threat-intelligence/covid-19-threats/
- 19 March 2020 Agari. Covid lures used in Business Email Compromise https://www.agari.com/email-security-blog/business-email-compromise-bec-coronavirus-covid-19/
- 19 March 2020 EEAS SPECIAL REPORT: DISINFORMATION ON THE CORONAVIRUS – SHORT ASSESSMENT OF THE INFORMATION ENVIRONMENT https://euvsdisinfo.eu/eeas-special-report-disinformation-on-the-coronavirus-short-assessment-of-the-information-environment/
- 19 March 2020 Digital Shadows - Covid-19 Dark Web reactions. https://www.digitalshadows.com/blog-and-research/covid-19-dark-web-reactions/
- 19 March 2020 EFF Covid-19 phishing guide. https://www.eff.org/deeplinks/2020/03/phishing-time-covid-19-how-recognize-malicious-coronavirus-phishing-scams
- 19 March 2020. Digital Shadows. Covid-19 Dark Web reactions. https://www.digitalshadows.com/blog-and-research/covid-19-dark-web-reactions/
- 19 March 2020. ElecticIQ Investigating Phishing Attacks Exploiting Coronavirus Themes. https://blog.eclecticiq.com/covid-19/investigating-phishing-attacks-exploiting-coronavirus-covid-19-themes
- 19 March 2020. Fidelis Security. COVID-19 / Coronavirus: Threats Facing a Remote Workforce and Industry https://www.fidelissecurity.com/threatgeek/threat-intelligence/covid-19-threats/
- 19 March 2020. MDR Cyber. Covid-19 Cyber Update. https://www.mishcon.com/news/covid-19-cyber-security-update
- 19 March 2020. NCC Group. Threat Actors: exploiting the pandemic. https://research.nccgroup.com/2020/03/19/threat-actors-exploiting-the-pandemic/
- 19 March 2020. Cofense. Threat Actors Innovate to Exploit COVID-19, Delivering OpenOffice .OPD Attachments on a Shoestring Budget https://cofense.com/threat-actors-innovate-exploit-covid-19-delivering-openoffice-opd-attachments-shoestring-budget/
- 19 March 2020. Cofense. Threat Actors Innovate to Exploit COVID-19, Delivering OpenOffice .OPD Attachments on a Shoestring Budget. https://cofense.com/threat-actors-innovate-exploit-covid-19-delivering-openoffice-opd-attachments-shoestring-budget/
- 19 March 2020. Herjavec Group. Threat Advisory: Additional Information Regarding COVID-19 Related Cyber Attacks. herjavecgroup.com/threat-advisory-additional-information-covid19-cyber-attacks/
- 19 March 2020. Obrela. Attackers Taking Advantage of the Coronavirus/COVID-19 outbreak. https://www.obrela.com/attackers-taking-advantage-of-the-coronavirus-covid-19-outbreak/
- 18 March 2020. Cybereason. UST BECAUSE YOU’RE HOME DOESN’T MEAN YOU’RE SAFE https://www.cybereason.com/blog/just-because-youre-home-doesnt-mean-youre-safe
- 18 March 2020. Lookout. New Threat Discovery Shows Commercial Surveillanceware Operators Latest to Exploit COVID-19. https://blog.lookout.com/commercial-surveillanceware-operators-latest-to-take-advantage-of-covid-19
- 18 March 2020. Authorities Eye Using Mobile Phone Tracking COVID-19’s Spread. https://threatpost.com/authorities-mobile-phone-tracking-covid-19-spread/153903/
- 18 March 2020. Media. Ransomware Gangs to Stop Attacking Health Orgs During Pandemic. https://www.bleepingcomputer.com/news/security/ransomware-gangs-to-stop-attacking-health-orgs-during-pandemic/
- 18 March 2020. Qualys. Cyber Criminals using Coronavirus Fears to Spread Information-Stealing Malware https://blog.qualys.com/indication-of-compromise/2020/03/18/cyber-criminals-using-coronavirus-fears-to-spread-information-stealing-malware
- 18 March 2020. Proofpoint. Coronavirus Threat Landscape Update. https://www.proofpoint.com/us/threat-insight/post/coronavirus-threat-landscape-update
- 17 March 2020. IBM X-Force Threat Intelligence Cybersecurity Brief: Novel Coronavirus (COVID-19) https://securityintelligence.com/posts/ibm-x-force-threat-intelligence-cybersecurity-brief-novel-coronavirus-covid-19/
- 16 March 2020. Infoblox. Series of New Agent Tesla Infostealer Campaigns Use Coronavirus Themes. https://www.infoblox.com/wp-content/uploads/threat-intelligence-report-agent-telsa-infostealer-use-coronavirus-themes-v2.pdf
- 16 March 2020. Zscaler. CovidLock: Android Ransomware Walkthrough and Unlocking Routine https://www.zscaler.com/blogs/research/covidlock-android-ransomware-walkthrough-and-unlocking-routine
- 16 March 2020. Malware Bytes. APT36 jumps on the coronavirus bandwagon, delivers Crimson RAT. https://blog.malwarebytes.com/threat-analysis/2020/03/apt36-jumps-on-the-coronavirus-bandwagon-delivers-crimson-rat/
- 16 March 2020. National Cyber Security Centre. Cyber experts step in as criminals seek to exploit Coronavirus fears. https://www.ncsc.gov.uk/news/cyber-experts-step-criminals-exploit-coronavirus
- 16 March 2020. DomainTools. CovidLock Update: Deeper Analysis of Coronavirus Android Ransomware https://www.domaintools.com/resources/blog/covidlock-update-coronavirus-ransomware
- 16 March 2020. AusCERT. COVID-19 Cyber Threats: Observations, OSINT and Safety Recommendations https://www.auscert.org.au/blog/2020-03-16-covid-19-observations-osint-and-safety-recommendations
- 16 March 2020. Flashpoint. Covid-19 Key Developments. https://www.flashpoint-intel.com/blog/covid-19-key-developments/
- 13 March 2020. State-sponsored attackers using COVID-19 Lures (Russia, China, North Korea) https://www.zdnet.com/article/state-sponsored-hackers-are-now-using-coronavirus-lures-to-infect-their-targets/
- 13 March 2020. F-Secure. Coronavirus email attacks evolving as outbreak spreads. https://blog.f-secure.com/coronavirus-email-attacks-evolving-as-outbreak-spreads/
- 13 March 2020 ZDNet. State-sponsored attackers using COVID-19 Lures (Russia, China, North Korea) https://www.zdnet.com/article/state-sponsored-hackers-are-now-using-coronavirus-lures-to-infect-their-targets/
- 12 March 2020. RecordFuture. Capitalizing on Coronavirus Panic, Threat Actors Target Victims Worldwide https://www.recordedfuture.com/coronavirus-panic-exploit/
- 12 March 2020. Tenable. COVID-19: Coronavirus Fears Seized by Cybercriminals. https://www.tenable.com/blog/covid-19-coronavirus-fears-seized-by-cybercriminals
- 12 March 2020. Intsights. Cybercriminals Exploit Coronavirus Spread with Malware, Phishing Schemes https://intsights.com/blog/cybercriminals-exploit-coronavirus-spread-with-malware-phishing-schemes-1
- 12 March 2020. Blueliv. Cybercriminals taking advantage of the Coronavirus. https://www.blueliv.com/cyber-security-and-cyber-threat-intelligence-blog-blueliv/industry/cybercriminals-taking-advantage-of-the-coronavirus/
- 12 March 2020. Checkpoint. Vicious Panda: The COVID Campaign https://research.checkpoint.com/2020/vicious-panda-the-covid-campaign/
- 11 March 2020. Avast. Iranian Coronavirus app collecting sensitive information https://blog.avast.com/iranian-coronavirus-app-collecting-sensitive-information-avast
- 9 March 2020. ElecticIQ. Investigating Phishing Attacks Exploiting Coronavirus Themes https://blog.eclecticiq.com/investigating-phishing-attacks-exploiting-coronavirus-covid-19-themes
- 9 March 2020. Reason Security. COVID-19, Info Stealer & the Map of Threats – Threat Analysis Report https://blog.reasonsecurity.com/2020/03/09/covid-19-info-stealer-the-map-of-threats-threat-analysis-report/
- 5 March 2020. Check Point. Update: Coronavirus-themed domains 50% more likely to be malicious than other domains. https://blog.checkpoint.com/2020/03/05/update-coronavirus-themed-domains-50-more-likely-to-be-malicious-than-other-domains/
- 4 March 2020. Fortinet. Attackers Taking Advantage of the Coronavirus/COVID-19 Media Frenzy https://www.fortinet.com/blog/threat-research/attackers-taking-advantage-of-the-coronavirus-covid-19-media-frenzy.html
- 19 Feb 2020. United Nations. UN health agency warns against coronavirus COVID-19 criminal scams. https://news.un.org/en/story/2020/02/1058381
- 13 Feb 2020. Cisco Talos. Threat actors attempt to capitalize on coronavirus outbreak. https://blog.talosintelligence.com/2020/02/coronavirus-themed-malware.html
- 10 Feb 2020. FTC. Coronavirus: Scammers follow the headlines. https://www.consumer.ftc.gov/blog/2020/02/coronavirus-scammers-follow-headlines
- 7 Feb 2020. Kaspersky - Coronavirus phishing. https://www.kaspersky.com/blog/coronavirus-phishing/32395/
- 3 Feb 2020. Health Sector Cybersecurity Coordination Center. Coronavirus Themed E-mail Phishing. https://www.aha.org/guidesreports/2020-02-04-coronavirus-themed-e-mail-phishing
- 13 Jan 2020. Checkpoint. Coronavirus-themed spam spreads malicious Emotet malware. https://blog.checkpoint.com/2020/02/13/january-2020s-most-wanted-malware-coronavirus-themed-spam-spreads-malicious-emotet-malware/
- RiskIQ. Ransomware Attacks the Next Consequence of the Coronavirus Outbreak (requires registration). https://www.riskiq.com/research/ransomware-attacks-the-next-consequence-of-the-coronavirus-outbreak/
- Marsh. COVID-19: Implications for Cyber, Media, and Tech E&O Coverage. https://www.marsh.com/uk/insights/research/covid-19-implications-for-cyber-media-tech.html
- Norton. Coronavirus phishing emails: How to protect against COVID-19 scams https://us.norton.com/internetsecurity-online-scams-coronavirus-phishing-scams.html
- Enigma Software. COVID-19 WordPress Malware. https://www.enigmasoftware.com/covid19wordpressmalware-removal/
- 7 May 2020. NHS Digital. Guidance on keeping safe and secure whilst working from home. https://digital.nhs.uk/cyber-and-data-security/guidance-and-assurance/guidance-on-keeping-safe-and-secure-whilst-working-from-home
- 29 April 2020. Forcepoint. Ensuring Remote Employees Can Access Classified Networks Securely. https://www.forcepoint.com/blog/insights/remote-work-access-classified-networks
- 28 April 2020. Intsights. Recycling Credentials in Four Easy Steps https://intsights.com/blog/recycling-credentials-in-four-easy-steps
- 20 April 2020. Marsh. COVID-19: Cybersecurity Checklist for Remote Working. https://www.marsh.com/bh/en/insights/risk-in-context/covid-19-cybersecurity-checklist-remote-working.html
- 14 April 2020. Australian Cyber Security Centre. COVID-19: Cyber Security Tips When Working From Home. https://www.cyber.gov.au/advice/covid-19-cyber-security-tips-when-working-home
- 14 April 2020. MossAdams. Cybersecurity Checklist for Remote Work. https://www.mossadams.com/articles/2020/04/cybersecurity-checklist-remote-work
- 13 April 2020. CNET/Rae Hodge. Zoom: Every security issue uncovered in the video chat app https://www.cnet.com/news/zoom-every-security-issue-uncovered-in-the-video-chat-app/
- 13 April 2020. Rapid7. Remote Work Readiness: How to Keep a Security Mindset https://blog.rapid7.com/2020/04/13/remote-work-readiness-how-to-keep-a-security-mindset/
- 12 April 2020. Forbes/Davey Winder. Zoom Isn’t Malware But Hackers Are Feeding That Narrative, And How: Zoom-Related Threats Up 2,000% https://www.forbes.com/sites/daveywinder/2020/04/12/zoom-isnt-malware-but-hackers-are-feeding-that-narrative-and-how-zoom-related-threats-up-2000/#342187691ae5
- 9 April 2020. Fireeye. Discussing Security with Remote Workers. https://www.fireeye.com/blog/executive-perspective/2020/04/discussing-security-with-remote-workers.html
- 8 April 2020. ESET. Top tips for videoconferencing security https://www.welivesecurity.com/2020/04/08/top-tips-videoconferencing-security/
- 8 April 2020. MDR Cyber. COVID-19: Securing the remote worker https://www.mishcon.com/news/covid-19-securing-the-remote-worker
- 8 April 2020. K2 Intelligence. COVID-19: Managing the Security Risks of a Remote Workforce https://www.k2intelligence.com/en/insights/thought-leadership/2020/covid-19-managing-the-security-risks-of-a-remote-workforce
- April 4 2020. Palo Alto. Best Practices for Video Conferencing Security https://blog.paloaltonetworks.com/2020/04/network-video-conferencing-security/
- 4 April 2020. CapGemini. Boosting cybersecurity immunity: Confronting cybersecurity risks in today’s work-from home world https://www.capgemini.com/wp-content/uploads/2020/04/Cybersecurity_2020403_V05.pdf
- 3 April 2020. Tidbits. Every Zoom Security and Privacy Flaw So Far, and What You Can Do to Protect Yourself. https://tidbits.com/2020/04/03/every-zoom-security-and-privacy-flaw-so-far-and-what-you-can-do-to-protect-yourself/
- 3 April 2020. Citizen Lab. Move Fast & Roll Your Own Crypto A Quick Look at the Confidentiality of Zoom Meetings https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick-look-at-the-confidentiality-of-zoom-meetings/
- Zoom Security White Paper - https://zoom.us/docs/doc/Zoom-Security-White-Paper.pdf
- 2 April 2020. Austrialian Cyber Security Centre. Web Conferencing Security https://www.cyber.gov.au/publications/web-conferencing-security
- 2 April 2020. FBI. FBI Releases Guidance on Defending Against VTC Hijacking and Zoom-bombing https://www.us-cert.gov/ncas/current-activity/2020/04/02/fbi-releases-guidance-defending-against-vtc-hijacking-and-zoom
- 1 April 2020. The Register. Zoom's end-to-end encryption isn't actually end-to-end at all. https://www.theregister.co.uk/2020/04/01/zoom_spotlight/
- 1 April 2020. Securonix Threat Research: Securing Your Remote Workforce – Detecting the Latest Cyberattacks in the Work-From-Home (WFH) World: Part 1 https://www.securonix.com/securonix-threat-research-securing-your-remote-workforce-detecting-the-latest-cyberattacks-in-the-work-from-home-wfh-world-part-1/
- 31 March 2020. Bleeping Computer/Matthew Hickey. Zoom Client Leaks Windows Login Credentials to Attackers https://www.bleepingcomputer.com/news/security/zoom-client-leaks-windows-login-credentials-to-attackers/ and https://twitter.com/hackerfantastic/status/1245133371262619654
- 30 March 2020. Lexology. Ethical Issues with Remote Work During COVID-19 https://www.lexology.com/library/detail.aspx?g=320c6cfe-fceb-463f-b8ec-5f247de4c843
- 20 March 2020. GovTech/DAN LOHRMANN How Is Covid-19 Creating Data Breaches? https://www.govtech.com/blogs/lohrmann-on-cybersecurity/how-is-covid-19-creating-data-breaches.html
- 27 March 2020. Doc Searls. Zoom needs to clean up its privacy act https://blogs.harvard.edu/doc/2020/03/27/zoom/
- 27 March 2020. Sky News. UK Government Uses Zoom Despite MoD Security Concerns https://news.sky.com/story/coronairus-cabinet-talks-held-on-zoom-days-after-software-was-banned-by-ministry-of-defence-11963889
- 27 March 2020. ACA Compliance Group. Keeping Children Safe Online During COVID-19 Social Distancing. https://www.acacompliancegroup.com/blog/keeping-children-safe-online-during-covid-19-social-distancing
- 26 March 2020. Lexology. COVID-19: Remote Working and Cybersecurity https://www.lexology.com/library/detail.aspx?g=4194be55-51e0-4227-ac98-dbbca209c2c1
- 24 March 2020. ENISA. Tips for cybersecurity when working from home. https://www.enisa.europa.eu/tips-for-cybersecurity-when-working-from-home
- 24 March 2020. H-ISAC Report: Hacking Healthcare - TLP White, March 24, 2020 (focus on Telework). https://www.aha.org/h-isac-reports/2020-03-25-h-isac-report-hacking-healthcare-tlp-white-march-24-2020
- 23 March 2020. ESET. Home office is where the heart is… https://www.eset.com/blog/consumer/home-office-is-where-the-heart-is/
- 21 March 2020. Kaspersky. Remote working safety and security https://www.kaspersky.co.uk/blog/remote-work-security/19472/
- 20 March 2020. Security Boulevard. Using Zoom? Here are the privacy issues you need to be aware of https://securityboulevard.com/2020/03/using-zoom-here-are-the-privacy-issues-you-need-to-be-aware-of/
- 20 March 2020. F-Secure. Protecting employees and systems in a time of pandemic https://blog.f-secure.com/protecting-employees-and-systems-in-a-time-of-pandemic/
- 20 March 2020. CSO Online. Free security resources for work-from-home employees during the COVID-19 crisis. https://www.csoonline.com/article/3532797/free-security-resources-for-work-from-home-employees-during-the-covid-19-crisis.html
- 20 March 2020. Fireeye. Remote Work in an Age of COVID-19 — Threat Modeling. https://www.fireeye.com/blog/executive-perspective/2020/03/remote-work-in-an-age-of-covid-19-threat-modeling-the-risks.html
- 19 March 2020. NIST. Telework Security Basics. https://www.nist.gov/blogs/cybersecurity-insights/telework-security-basics
- 19 March 2020. LexisNexis. COVID-19: Cyber and Data Security Legal Checklist. https://www.lexology.com/library/detail.aspx?g=a184ab86-5d62-4514-a39e-c0f0c0ee693d
- 17 March 2020. NIST. Preventing Eavesdropping and Protecting Privacy on Virtual Meetings https://www.nist.gov/blogs/cybersecurity-insights/preventing-eavesdropping-and-protecting-privacy-virtual-meetings
- 17 March 2020. National Cyber Security Centre - Home Working: preparing your organisation and staff. https://www.ncsc.gov.uk/guidance/home-working
- 16 March 2020. SANS - SANS Security Awareness Work-from-Home Deployment Kit. https://www.sans.org/security-awareness-training/sans-security-awareness-work-home-deployment-kit
- 16 March 2020. ESET. COVID‑19 and the shift to remote work https://www.welivesecurity.com/2020/03/16/covid19-forced-workplace-exodus/
- 13 March 2020. Threatpost. Working from Home: COVID-19’s Constellation of Security Challenges https://threatpost.com/working-from-home-covid-19s-constellation-of-security-challenges/153720/
- 11 March 2020. Crowdstrike. Cybersecurity in the Time of COVID-19: Keys to Embracing (and Securing) a Remote Workforce. https://www.crowdstrike.com/blog/securing-a-remote-workforce-in-the-time-of-covid-19/
- Cyber Readiness Institute. Securing a Remote Workforce. https://cyberreadinessinstitute.org/images/CRI-Securing-a-Remote-Workforce.pdf
Guides from vendors on the secure deployment of their remote working and conferencing tools, along with security advisory and subscription information are available in the Remote Working PSIRT project.
- Information Security Forum (ISF). ISF resource and content suite for the Coronavirus outbreak. https://www.securityforum.org/covid-19/
- 27 April 2020. UK CPNI. Staying secure during COVID-19 https://www.cpni.gov.uk/staying-secure-during-covid-19-0
- 23 April 2020. Fireeye. PICC Your Battles: Securing Emergency Field Hospitals and Temporary Medical Spaces. https://www.fireeye.com/blog/executive-perspective/2020/04/securing-emergency-field-hospitals-and-temporary-medical-spaces.html
- 23 April 2020. UK Gov. Guidance Coronavirus (COVID-19): fraud and cyber crime https://www.gov.uk/government/publications/coronavirus-covid-19-fraud-and-cyber-crime
- 22 April 2020. Palo Alto Unit 42. Studying How Cybercriminals Prey on the COVID-19 Pandemic https://unit42.paloaltonetworks.com/how-cybercriminals-prey-on-the-covid-19-pandemic/
- 22 April 2020. Fireeye. Vietnamese Threat Actors APT32 Targeting Wuhan Government and Chinese Ministry of Emergency Management in Latest Example of COVID-19 Related Espionage. https://www.fireeye.com/blog/threat-research/2020/04/apt32-targeting-chinese-government-in-covid-19-related-espionage.html
- 22 April 2020. EY. Seven ways to keep ahead of cyber attackers during COVID-19 https://www.ey.com/en_gl/advisory/seven-ways-to-keep-ahead-of-covid-19-cyber-attackers
- 22 April 2020. Marsh. COVID-19: Next Steps for Your Cyber Insurance. https://www.marsh.com/qa/en/insights/research-briefings/covid-19-next-steps-for-cyber-insurance.html
- 20 April 2020. Bank of Italy/Banca D'Italia. Cybersecurity at the time of COVID-19 https://www.bancaditalia.it/media/notizie/2020/GCSC_cyber_17042020.pdf?language_id=1 (in Italian).
- 8 April 2020. BEREC Summary Report on the status of internet capacity in light of Covid-19 crisis. https://berec.europa.eu/eng/document_register/subject_matter/berec/reports/9250-berec-summary-report-on-the-status-of-internet-capacity-in-light-of-covid-19-crisis
- 8 April 2020. Jones Day. Managing Cybersecurity and Data Privacy Concerns During the COVID-19 Pandemic https://www.jonesday.com/en/insights/2020/04/covid19-cybersecurity-and-data-privacy-concerns
- 4 April 2020. Alston. Cyber Alert: Cybersecurity and COVID-19: Four Categories of Cyber Threats and Practical Tips in Response https://www.alston.com/en/insights/publications/2020/04/cybersecurity-and-covid19/
- April 2020 - Austrialian Government. COVID-19: Protecting Your Small Business. https://www.cyber.gov.au/advice/covid-19-protecting-your-small-business
- 1 April 2020. IANS Research. COVID-19 and InfoSec: What You Need to Know https://portal.iansresearch.com/content/4613/tpg/covid-19-and-infosec-what-you-need-to-know/
- 1 April 2020. Sophos. Protecting your company during COVID-19: guidance for CIOs and CISOs https://news.sophos.com/en-us/2020/04/01/protecting-your-company-during-covid-19-guidance-for-cios-and-cisos/
- 30 March 2020. Fireeye. With COVID-19 Themed Campaigns on the Rise, Here’s How to Manage Email Phishing Risks. https://www.fireeye.com/blog/executive-perspective/2020/03/managing-email-phishing-risks.html
- 28 March 2020. AlixPartners. ESSENTIAL STRATEGIES FOR MANAGING CYBER RISK IN DISRUPTIVE TIMES https://www.alixpartners.com/media/14661/covid-19-response-business-disruption_cyber-risk.pdf
- 28 March 2020. NHS. Reducing burden and releasing capacity at NHS providers and commissioners to manage the COVID-19 pandemic. (See Annex A). https://www.england.nhs.uk/coronavirus/wp-content/uploads/sites/52/2020/03/C0113-28-march-2020-reducing-burden-releasing-capacity-nhs-providers-commissioners-manage-covid-19-pandemic.pdf
- 27 March 2020. PwC. How to protect your companies from rising cyber attacks and fraud amid the COVID-19 outbreak https://www.pwc.com/us/en/library/covid-19/cyber-attacks.html
- 27 March 2020. Flashpoint. Considerations for Updating Near-Term Intelligence Requirements in Response to COVID-19 https://www.flashpoint-intel.com/blog/near-term-intelligence-requirements-in-response-to-covid-19/
- 26 March 2020. KPMG. COVID-19: Protecting your business from cyber crime. https://home.kpmg/au/en/home/insights/2020/03/covid-19-coronavirus-protecting-business-from-cyber-crime-sme.html
- 26 March 2020. Cisco Talos. Threat Update: COVID-19. https://blog.talosintelligence.com/2020/03/covid-19-pandemic-threats.html
- 20 March 2020. Secure Works. https://www.secureworks.com/blog/maintaining-cybersecurity-in-the-face-of-covid-19-driven-organizational-change
- 24 March 2020. F-Secure. COVID-19 and Your Company’s Security: The CISO Speaks https://blog.f-secure.com/podcast-covid19-company-security/
- 18 March 2020. Canadian Centre for Cybersecurity. Cyber Hygiene for COVID-19 https://cyber.gc.ca/en/guidance/cyber-hygiene-covid-19
- 16 March 2020. Harvard Buisness Review. Will Coronavirus Lead to More Cyber Attacks? https://hbr.org/2020/03/will-coronavirus-lead-to-more-cyber-attacks
- 16 March 2020. IRM. COVID-19: Data Protection & Cyber Security Paper https://cdn2.hubspot.net/hubfs/2539481/Reports-Guides-Whitepapers/Covid-19%20Data%20Protection%20&%20Cyber%20Security.pdf
- 6 March 2020. Cybersecurity and Infrastructure Security Agency (CISA). https://www.cisa.gov/sites/default/files/publications/20_0306_cisa_insights_risk_management_for_novel_coronavirus.pdf
- Deloitte. COVID-19: Cyber Preparedness & Response https://www2.deloitte.com/content/dam/Deloitte/ie/Documents/covid19/deloitte-ie-covid-19-cyber-infographic.pdf
- L1NNA. Content-based URL monitoring and analysis for scam hunting. https://github.com/L1NNA/Covid19-CyberHunter
Please note, we have removed most media reporting unless it adds specific threat information or insight in addition to the resources above. Simarly we have ignored resources that do not add specific insight or original content. Where resources are behind a registration page this is indicated. We have not tested any of of the tools or code listed and you use them at your own risk. Please send resources to [email protected] or submit a pull request.