FBI's Internet Crime Complaint Center (IC3) issued a public service announcement today about the risk of attacks exploiting the increased usage of online communication platforms for remote working and distance learning caused by the SARS-CoV-2 pandemic.
The FBI says that it's expecting an acceleration of exploitation attempts of virtual communication environments used by government agencies, private organizations, and individuals as a direct result of the COVID-19 outbreak.
"Computer systems and virtual environments provide essential communication services for telework and education, in addition to conducting regular business," IC3's PSA said.
"Cyber actors exploit vulnerabilities in these systems to steal sensitive information, target individuals and businesses performing financial transactions, and engage in extortion."
Private and government entities under siege
FBI's warning mentions over 1,200 complaints related to coronavirus scams being received and reviewed since March 30, 2020, with threat actors engaging in phishing campaigns targeting first responders, launching Distributed Denial of Service (DDoS) attacks against government agencies, deployed ransomware on health care facilities, as well as creating fake COVID-19 landing pages to be used in attacks that infect victim's devices with malware.
In early-February, the FBI issued a Private Industry Notification (PIN) informing of a potential DDoS attack that targeted a state-level voter registration and information site.
During late-March, a PSA published on the IC3 platform warned of a series of phishing attacks delivering spam that used fake government economic stimulus checks as a lure to steal personal information from victims.
"Based on recent trends, the FBI assesses these same groups will target businesses and individuals working from home via telework software vulnerabilities, education technology platforms, and new Business Email Compromise schemes," the federal law enforcement agency said.
Attacks on remote work communication services
The US domestic intelligence and security service advises employees that work remotely throughout this period to carefully select the telework software they use to access company resources remotely and collaborate with colleagues online, as well as to make sure they understand the risks seeing the malicious actors' ongoing attempts to exploit telework software vulnerabilities.
"While telework software provides individuals, businesses, and academic institutions with a mechanism to work remotely, users should consider the risks associated with them and apply cyber best practices to protect critical information, safeguard user privacy, and prevent eavesdropping," the FBI explained.
Threat actors can use any of the tactics outlined below to successfully compromise remote working services and platforms:
• Software from Untrusted Sources: booby-trapped telework software platforms designed to look like legitimate ones
• Communication Tools: video-teleconferencing hijacking, conference eavesdropping
• Remote Desktop Access: desktop sharing abuse
• Supply Chain: rented IT equipment with pre-installed malicious tools
Online classrooms under assault
Malicious actors have been exploiting vulnerabilities in schools' information technology (IT) systems and online learning platforms for years, hacking their way in and stealing students' personal information, medical records, and school reports to run blackmail campaigns.
"The actors sent text messages to parents and local law enforcement, publicized students' private information, posted student personally identifiable information on social media, and stated how the release of such information could help child predators identify new targets," the PSA reads.
"Additionally, parents and caretakers should be aware of new technology issued to children who do not already have a foundation for online safety.
"Children may not recognize the dangers of visiting unknown websites or communicating with strangers online."
Just three days ago, the FBI's Boston Division warned of ongoing Zoom-bombing attacks where hijackers joining and disrupting Zoom video conferences used for online lessons.
To defend yourself and your organization against attackers that would exploit weaknesses in education and telework communication services to security vulnerabilities in other software, the FBI recommends not to:
• Share links to remote meetings, conference calls, or virtual classrooms on open websites or open social media profiles.
• Open attachments or click links within emails from senders you do not recognize.
• Enable remote desktop access functions like Remote Desktop Protocol (RDP) or Virtual Network Computing (VNC) unless absolutely needed.
• Provide exact information on children when creating user profiles (e.g., use initials instead of full names, avoid using exact dates of birth, avoid including photos, etc.)
• Open attachments or click links within emails received from senders you do not recognize.
• Provide usernames, passwords, birth dates, social security numbers, financial data, or other personal information in response to an email or phone call.
• Use public or non-secure Wi-Fi access points to access sensitive information.
• Use the same password for multiple accounts.
BEC scammers also on the loose
On top of the increased risk of attacks targeting remote working and learning platforms, the FBI also says that Business Email Compromise (BEC) fraudsters have also started targeting businesses to ask them for early payments because of the pandemic.
During mid-March, a BEC scammer group tracked by Agari researchers as Ancient Tortoise launched the first known coronavirus-themed BEC attack specifically designed to exploit the global COVID-19 event.
"Due to the news of the Corona-virus disease (COVID-19) we are changing banks and sending payments directly to our factory for payments, so please let me know total payment ready to be made so I can forward you our updated payment information," the crooks said in their scam emails.
IC3' 2019 Internet Crime Report released in February says that BEC was the cybercrime type with the highest reported total victim losses in 2019 as it was behind roughly $1.8 billion in losses following attacks that targeted wire transfer payments of both individuals and businesses.
The FBI also warned private industry partners during early March of threat actors actively abusing Microsoft Office 365 and Google G Suite in BEC attacks.
To protect against such scams, the FBI recommends paying attention and avoid acting on a payment request if any of the following signs are identified:
- The use of urgency and last-minute changes in wire instructions or recipient account information;
- Last-minute changes in established communication platforms or email account addresses;
- Communications only in email and refusal to communicate via telephone;
- Requests for advanced payment of services when not previously required; and
- Requests from employees to change direct deposit information.
The FBI recommends visiting the Internet Crime Complaint Center website at www.ic3.gov if you have any evidence that your child's data may have been compromised, if you were the victim of an internet scam or cybercrime, or if you want to report any suspicious activity you may have encountered online.
More tips on what do to protect yourself against the incoming wave of attacks targeting online collaboration and communication services are provided by the FBI in the public service announcement published today.
Post a Comment Community Rules
You need to login in order to post a comment
Not a member yet? Register Now