Cybersecurity Briefing — COVID-19 phishing and malware surge
CISA Alert AA20-099A documents how COVID-19-themed phishing, SMS lures, and remote-work exploits are hammering enterprises, urging security teams to double down on MFA, telework hygiene, and IOC monitoring.
Executive briefing: CISA and the UK’s NCSC warn that both cybercriminals and state-backed groups are weaponizing pandemic fears. AA20-099A catalogs credential-phishing, COVID-19 malware droppers, domain registrations, and VPN exploit activity so SOC teams can tighten detections while executive leaders keep remote-work controls and user awareness aligned.
Action checklist
- Hunt for themed lures. Search mailboxes and proxy logs for COVID-19 subject lines, spoofed HR notices, and links containing strings such as “covid19-advisory” or “corona-virus-business-update.”
- Monitor telework infrastructure. Patch Citrix, Pulse Secure, Fortinet, and Palo Alto VPN appliances, enforce MFA, and baseline remote desktop exposure.
- Expand user defenses. Push phishing simulations and awareness updates that cover SMS smishing, conferencing hijacks, and fraudulent COVID-19 applications.
Source excerpts
Primary — Campaign scope: “Both CISA and NCSC are seeing a growing use of COVID-19-related themes by malicious cyber actors. At the same time, the surge in teleworking has increased the use of potentially vulnerable services, such as virtual private networks (VPNs), amplifying the threat to individuals and organizations.”
CISA AA20-099A
Primary — Attack techniques: “APT groups are using the COVID-19 pandemic as part of their cyber operations… Their activity includes using coronavirus-themed phishing messages or malicious applications… Cybercriminals are using the pandemic for commercial gain, deploying a variety of ransomware and other malware.”
CISA AA20-099A