Coronavirus (COVID-19) Privacy Resource Center : Cybersecurity

Cybersecurity

The COVID-19 outbreak delivers array of cybersecurity challenges. Below are some relevant and helpful resources to address security and privacy concerns, stay safe online and remain vigilant for cyber threats during this pandemic. Click here to read more on how to avoiding COVID-19 cyber threats and scams.

May 6, 2020 – APT Groups Target Healthcare and Essential Services

OCR shared the following update from the Cybersecurity and Infrastructure Security Agency (CISA) at the U.S. Department of Homeland Security, warning individuals that advanced persistent threat (APT) groups are exploiting the Coronavirus Disease 2019 (COVID-19) pandemic as part of their cyber operations.

This is a joint alert from the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC). CISA and NCSC continue to see indications that advanced persistent threat (APT) groups are exploiting the Coronavirus Disease 2019 (COVID-19) pandemic as part of their cyber operations. This joint alert highlights ongoing activity by APT groups against organizations involved in both national and international COVID-19 responses. It describes some of the methods these actors are using to target organizations and provides mitigation advice.

April 30, 2020 – COVID-19 Cyber Threat Resources

Cyber-criminals may take advantage of the current COVID-19 global pandemic for their own financial gain or other malicious motives. However, resources are available to raise awareness of COVID-19 related cyber threats and help organizations detect, prevent, respond, and recover from these threats. OCR has provided resources that may be of interest to the healthcare community.

April 2, 2020 – FBI Releases Guidance on Defending Against VTC Hijacking and Zoom-bombing

The Federal Bureau of Investigation (FBI) has released an article on defending against video-teleconferencing (VTC) hijacking (referred to as “Zoom-bombing” when attacks are to the Zoom VTC platform). Many organizations and individuals are increasingly dependent on VTC platforms, such as Zoom and Microsoft Teams, to stay connected during the Coronavirus Disease 2019 (COVID-19) pandemic. The FBI has released this guidance in response to an increase in reports of VTC hijacking.

March 19, 2020 – NIST: Telework Security Basic

With many changes happening at once, telework security could be an afterthought or completely overlooked. This could put you and your organization at increased risk from attackers, who are always looking for opportunities to take advantage of disruption generally and weak security practices specifically. But it’s more than your organization at risk—if your telework device is compromised, anything else connected to your home network could be at risk too.

March 18, 2020 – Federal Trade Commission: Online Security Tips for Working from Home

Teleworking during the Coronavirus outbreak? While working from home can help slow the spread of the virus, it brings new challenges: juggling work while kids are home from school; learning new software and conferencing programs; and managing paper files at home. As you’re getting your work-at-home systems set up, here are some tips for protecting your devices and personal information.

March 17, 2020 – NIST: Preventing Eavesdropping and Protecting Privacy on Virtual Meetings

Conference calls and web meetings—virtual meetings—are a constant of modern work. And while many of us have become security-conscious in our online interactions, virtual meeting security is often an afterthought, at most. Unfortunately, if virtual meetings are not set up correctly, former coworkers, disgruntled employees, or hackers might be able to eavesdrop. Using some basic precautions can help ensure that your meetings are an opportunity to collaborate and work effectively – and not the genesis of a data breach or other embarrassing and costly security or privacy incident.

March 5, 2020 – National Cyber Security Alliance Encourages Vigilance Against Coronavirus Scams, Best Cybersecurity Practices for Remote Workers

Cybercriminals are seizing on coronavirus fears by using online scams to extract internet users’ personal and financial information. These scams – sent through email, texts or social media – claim to provide coronavirus awareness, sell virus prevention products and/or may ask for donations to a charity. They can often appear to be from a legitimate organization or individual, including a business partner or friend.

“Year round, the National Cyber Security Alliance encourages everyone to be safe and secure online,” said Kelvin Coleman, NCSA’s executive director. “However, during times of national hardship, such as the coronavirus outbreak, bad actors increase their fraudulent activities. As such, we urge everyone to be extra vigilant against online scams, including phishing and malware, that are more prevalent in times like these.”

CrowdStrike – Cybersecurity in the Time of COVID-19: Keys to Embracing (and Securing) a Remote Workforce

Globally, 50% of employees are working outside of their main headquarters for at least 2.5 days per week, according to the latest International Workplace Group report. However, COVID-19 is challenging more — perhaps all — organizations to potentially embrace a remote work style immediately. Aside from the pressure this office exodus puts on IT teams, network architectures and even equipment suppliers, there are real cybersecurity challenges organizations need to consider.

UMIT – Zoombooming

In response to the spread of COVID-19, the University of Miami (UM) has transitioned to online classes for the remainder of the Spring 2020 semester. As a result, our community is currently working, teaching, and learning via video conferencing platforms, including Zoom.

What is Zoombombing? A new form of trolling in which a participant uses Zoom’s screensharing feature to interrupt and disrupt meetings and classes.