Situational Awareness: Cyber Threats Heightened by COVID-19 and How to Protect Against Them

CrowdStrike's blog outlines the cybersecurity threats and trends observed since the onset of the COVID-19 pandemic, highlighting the exploitation of the situation by cybercriminals through phishing, e-crime, and targeted intrusion campaigns. The pandemic has led to a surge in remote work, inadvertently exposing vulnerabilities as companies adapt to new operational dynamics. Notably, phishing attacks have become more sophisticated, leveraging health-related themes to exploit fear and misinformation. CrowdStrike has observed the use of COVID-19-themed lures by various threat actors, including nation-state adversaries, to deliver malware such as AgentTesla, LokiBot, and others, targeting sectors like healthcare, finance, and government. The report emphasizes the importance of heightened cybersecurity measures, advising organizations to ensure robust remote service configurations, implement multifactor authentication, and provide security awareness training to their employees. Additionally, CrowdStrike offers insights into the evolving tactics of adversaries, including the use of COVID-19 themes in social engineering to deceive targets, while also underscoring the need for continuous vigilance and adaptation in cybersecurity strategies.