The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has published a joint Alert with its U.K. counterpart, the National Cyber Security Centre (NCSC), warning that they continue to see indications advanced persistent threat (APT) groups are exploiting the COVID-19 pandemic. Although the Alert highlights activity by these actors against the healthcare sector, it also notes that other sectors, especially those that provide essential services during the pandemic, are being targeted. Targeted sectors include those associated with local governments. The Alert discusses one type of attack technique in particular, password spraying. With this type of attack, a threat actor tries a single and commonly used password against many accounts before moving on to try a second password, and so on. This technique allows the attacker to remain undetected by avoiding rapid or frequent account lockouts. These attacks are successful because, for any given large set of users, there will likely be some with common passwords. To help thwart these attacks, the Alert offers a series of links to resource documents and a list of recommended mitigation measures. It also encourages any entities that observe this activity to report it to CISA at CISAServiceDesk@cisa.dhs.gov. Read the Alert at CISA.

CISA and the NCSC have also published a COVID-19 Cyber Threat Exploitation “Tip” associated with the Alert (see below). In addition to providing an overview of the threat, this resource presents a series of “Actions To Take Today” and provides links to numerous resourced from both CISA and the NCSC.