Are we starting to sound like a broken record? Because we're starting to feel like one.
Sometimes, it feels like false information about this disease spreads even faster than the virus itself.
What makes this new alert different? This time, it has the attention of the U.S. Cybersecurity and Infrastructure Security Agency (CISA).
CISA warns against latest COVID-19 cyber scam
It's no surprise that small businesses have struggled amid the coronavirus pandemic. Unfortunately, hardships also make them prime targets for cybercriminals, who tend to seek out vulnerable organizations. It's part of the reason the healthcare industry has also struggled against cyberattacks during COVID-19.
And according to a recent alert from CISA, this cyber actor is particularly brutal to the groups who need the most help.
Through phishing emails, this scheme directs users to a spoofed Small Business Administration (SBA) COVID-19 loan relief web page. Rather than offering financial assistance, though, this web page is a tool for malicious redirects and credential stealing.
It's a cruel scam, and another reminder of the importance of strong cybersecurity practices for small businesses.
Mitigation techniques suggested by CISA
For organizations looking to improve their cybersecurity practices in response to this alert, CISA provides a list of mitigations:
- Include warning banners for all emails external to the organization.
- Maintain up-to-date antivirus signatures and engines.
- Ensure systems have the latest security updates.
- Disable file and printer sharing services. If these services are required, use strong passwords or Active Directory authentication.
- Restrict users' permissions to install and run unwanted software applications. Do not add users to the local administrators’ group unless required.
- Enforce a strong password policy.
- Exercise caution when opening email attachments, even if the attachment is expected and the sender appears to be known.
- Enable a personal firewall on agency workstations that is configured to deny unsolicited connection requests.
- Disable unnecessary services on agency workstations and servers.
- Scan for and remove suspicious email attachments; ensure the scanned attachment is its "true file type" (i.e., the extension matches the file header).
- Monitor users' web browsing habits; restrict access to sites with unfavorable content.
- Exercise caution when using removable media (e.g., USB thumb drives, external drives, CDs).
- Scan all software downloaded from the internet prior to executing.
- Maintain situational awareness of the latest threats and implement appropriate Access Control Lists (ACLs).