To aid organizations in communicating common and emerging threats to users, we are providing a list of example threats that we’re watching specific to the COVID-19 outbreak.
|Coronavirus Related Threats||Recommendations and Resources|
|A new ransomware called CoronaVirus has been distributed through a fake website pretending to promote the system optimization software and utilities from WiseCleaner.
|Ensure all users working from home are required to have modern endpoint protection installed and functioning properly.
Some resources to obtain EPP software temporarily:
SentinelOne –https://www.sentinelone.com/press/covid-19-sentinelone-offers-free-platform-access-to-help-enterprises-around-the-globe-embrace-secure-remote-work-and-stay-protected/Cisco –https://blogs.cisco.com/security/cisco-expands-free-security-offerings-to-help-with-rise-in-remote-workers
|Bogus Coronavirus Trackers Could Infect Your Computer. https://lifehacker.com/these-bogus-coronavirus-trackers-could-infect-your-comp-1842293731||Ensure that users interested in COVID-19 updates are bookmarking Johns Hopkins’s official tracker and only using this source: https://gisanddata.maps.arcgis.com/apps/opsdashboard/index.html#/ bda7594740fd40299423467b48e9ecf6
LinkedIn also provides an excellent page of verified COVID-19 sources: https://www.linkedin.com/feed/news/coronavirus-official-updates-4513283/
|Spear-phishing emails that purport to detail information about coronavirus||Once again, advanced EPP solutions will help, but you must ensure users have proper security training. We recommend putting all users through security training right away, and then consider frequent refresher courses.|
|Watch out for any links texted to your Android phone promising an app to track coronavirus.||The best protection is to add an EPP solution to employee mobile devices as well, but we understand this may not be possible. In lieu of that, train end users with clear instructions not to click links in SMS or download new applications onto their mobile devices.|
Other Useful Resources
Go here first. A highly useful kit by SANS to ensure companies can train and secure their remote workforce. These resources and training materials are a combination of both public resources and paid training materials which SANS is releasing for free. StratoZen highly recommends that all partners and customers utilize the SANS kit to educate employees on how to avoid cybersecurity threats while working from home. https://www.sans.org/security-awareness-training/sans-security-awareness-work-home-deployment-kit
Excellent advice article from SentinelOne: https://www.sentinelone.com/blog/covid-19-outbreak-employees-working-from-home-its-time-to-prepare/
Good collection of resources from MSP industry veteran, MJ Shoer: https://www.mjshoer.com/post/resources-to-help-you-through