Increased Russian Cyber Threat Activity Since COVID-19

by Apr 22, 2020Cyber Security

Since the abrupt and dramatic shift to a remote employee working environment for almost every industry, there has also been a dramatic increase in COVID-19 related cyber threat activity. From Zoom-bombing to increased phishing activity, sophisticated Advanced Persistent Threats (APT) are taking on inventive ways to target their victims.1 In some of the greatest collaborative efforts, we are coming together to beat COVID-19, and in many similar ways, private and government entities are working to help protect people and organizations from increased cyber threats.

Protecting Yourself
Awareness is the first step to successful avoidance. Understand there are threat actors who are actively phishing with COVID-19 subject lines and spoofing addresses from entities like the World Health Organization (WHO), Centers for Disease Control (CDC), and other health or government-related entities. Searching for coronavirus information is also risky, as thousands of new COVID related domains have popped up in recent weeks, many of them malicious. So much so that one UK domain registry site took the unprecedented action of blocking over 600 sites2 from going live in the first place.

Protecting Your Company
Working remotely means you are going to need access to confidential data that needs to remain private. Zoom meeting security issues3 aside, you need to make sure that your remote credentials are not being compromised. A recent spear-phishing attempt made headlines for attempting to compromise WHO employees by spoofing the employee login portal4 – thankfully this attempt was unsuccessful. Organizations are seeing shifts in cyber threat TTPs (Tactics, Techniques, and Procedures) that are increasingly sophisticated, and almost overwhelming in volume.

Increased Cyber Threat Activity from Russia Across our Customers
Recently, at Gradient, we noticed a significant spike in activity from Russia between March 22-30 noting an unusually high volume of network anomalies and extraordinarily high POB scores (Probability of Bad) (see figure 1). This is a screenshot from just one of our customers and is representative of what we saw across an overwhelming majority of our customer base. Such insights are particularly valuable to enable additional security measures like geo-blocking. Additionally interesting to note, we saw a similar burst in scanning activity from Russian threat actors using sites in the Netherlands in an attempt to circumvent geo-blocking.

Figure 1:

Tips for Staying Cyber-safe From Increased COVID-19 Threats

Best practices remain the same but with more vigilance. Don’t click on links from sources that you don’t know and cannot vet and be especially aware of spear phishing attempts that are trying to spoof organizations you do business with as a means to compromise your system.

Limit your sharing of sites claiming cures, links promoting breakthrough remedies, breaking news claims and the latest ‘insider’ info – many of these contain malware and trojans or point to malicious sites.

Organizations should apply known patches, as this is not only the simplest way to help maintain clean cyber health but is often the cause of headline-grabbing breaches.

If you think you’ve been compromised, contact your organization’s IT or cybersecurity staff immediately. Not only can they help prevent further compromise of your own system, but the entire organization’s cyber health could be at stake.






Suggested Reading

Combining Military Science with Data Science

Combining Military Science with Data Science

In the aftermath of WWI, France built an elaborate defensive system that became known as the “Maginot Line.” It was designed to block an invading army and considered impenetrable. Hitler’s forces overcame these defenses by land, sea, and air to defeat France in 6...