Advisory on Cyber Threat Using COVID-19 Outbreak As Theme
Image by Darwin Laganzon from Pixabay
The National Cyber Coordination and Command Centre (NC4) continuously monitor the cyber threat landscape that may affect national security both locally and globally. Following the COVID-19 outbreak, NACSA has observed several scams and malware activities that have employed the COVID-19 theme to lure victims to give out personal information and install malicious apps. Cyberattack campaigns, including Business Email Compromise, Malware, Ransomware and phone scams, are on the rise and are believed to be organized by APT groups and organised crime groups, leveraging on this situation for their latest campaigns.
With the recent announcement of Movement Control Order (MCO) by the Prime Minister of Malaysia, which requires all non-essential government and business premises to be closed from 18 to 14 April, the NC4, National Cyber Security Agency (NACSA), National Security Council (NSC) would like to remind everyone to be vigilant and to continue to observe the cyber hygiene practices while working from home.
Based on a report from Trend Micro, several malicious domains containing the word “corona” as part of the domain name have been identified and NC4 also has identified several malicious email subjects, attachments and malicious URLs that have used the word “COVID-19” and “coronavirus” in their phishing lures. The full list of malicious domains, email subjects and hashes are as in Appendix 1 below. The content of the Appendix 1 will be updated from time to time to reflect new indicator of compromise (IOC).
The NC4 would like to advice organisations and individuals to take the following precautionary steps during this period of MCO:
- To harden the ICT infrastructure that will support the Work-From-Home policy and the spike of online transactions from the public users;
- To verify any information received from emails, text messages and social media posts regarding COVID-19;
- To use Virtual Private Network (VPN) connections to access your internal resources;
- To not open any suspicious links or emails;
- To not visit any untrusted websites;
- To not simply enter personal information, such as email address or password, whenever you are requested to do so;
- To change your password if you think it is stolen;
- To update your mobile phone and computer’s operating system and applications regularly;
- To apply the latest patches for your system and application to protect from being exploited;
- To monitor your network traffic and block attempts to exploit your server and network;
- Be careful and verify any calls claiming from legal enforcement agencies, banks or companies that you may have been dealings with;
- To contact law enforcement agency should you suspect that you have been a victim of a scam;
- To block malicious emails with subjects and hashes listed in Appendix 1
- To report to NACSA if your server has been breached or defaced
For more information click here