The top cybersecurity agencies in the United States and the United Kingdom on Wednesday issued an alert warning that cyber criminals are stepping up attacks on health care groups and those working from home during the ongoing coronavirus pandemic.
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC) noted in the alert that the attacks often involved malicious phishing emails or ransomware attacks, in which an attacker locks up a system and demands payment to give the user access again.
“As the COVID-19 outbreak continues to evolve, bad actors are using these difficult times to exploit and take advantage of the public and business,” CISA Assistant Director Bryan Ware said in a statement.
The cyber criminals were often using coronavirus language to lure people into clicking on links in malicious emails or texts, or sending emails that appeared to be from agencies such as the World Health Organization (WHO) to trick people into thinking they are disclosing sensitive information to a trusted source.
NCSC Director of Operations Paul Chichester warned in a statement that “malicious cyber actors are adjusting their tactics to exploit the COVID-19 pandemic, and the NCSC is working round the clock with its partners to respond.”
Chichester strongly advised the public to only turn to “trusted sources of information” for details on the ongoing coronavirus pandemic, such as the U.K. government or National Health Service websites.
The two agencies highlighted the dangers of the new phenomenon of “Zoom bombing,” in which hackers have been able to gain access to meetings on video conferencing platform Zoom or through Microsoft Teams and disrupt them through unpatched software.
Hackers are also targeting the infrastructure used by millions in both the U.S. and the U.K. to work from home during the pandemic, with the agencies reporting heightened scanning of virtual private networks (VPNs), which are used to help employees access office information at home.
While cyber criminals are stepping up attacks now, the agencies expect these efforts to intensify.
“It is expected that the frequency and severity of COVID-19 related cyberattacks will increase over the coming weeks and months,” the agencies noted.
Ware stressed that “we urge everyone to remain vigilant to these threats, be on the lookout for suspicious emails and look to trusted sources for information and updates regarding COVID-19. We are all in this together and collectively we can help defend against these threats.”
The warning comes after agencies including WHO and the Department of Health and Human Services were targeted by hackers, and after experts have said they’ve seen a major spike in malicious emails during the coronavirus crisis.
CISA issued guidelines in March detailing essential jobs during the pandemic, which included those working to defend critical systems and healthcare organizations from cyberattacks.