Over the last several weeks as the pandemic has unfolded the number of cyber attacks originating out of China and Russia has increased (nearly doubled) and based on the phishing domains and monitoring one thing has become clear. Both China and Russia are targeting vaccine manufacturers in the US. Jigsaw Sensors have also detected criminal activity targeting businesses that are applying for the payroll protection loans being offered by the SBA.
Several alerts have been published by Jigsaw with indications that threat actors are going after educational, research and pharmaceutical companies as well as businesses that are already struggling to make it with the economic difficulties.
Some ransomware actors have stated on the dark web that they would refrain from attacking hospitals but insurance and medical institutions are still being targeted.
Recent COVID-19 phishing activity is up 400% over last month indicating that phishing attacks are increasing with these themes lures. CISA has put our guidance on recommended Exchange security enhancements as well as information on some recent threats.
Several of our public sensors are picking up many COVID themed incoming messages with various links to malicious sites including sites that are attempting to look like Sharepoint sites.
We will be publishing additional indicators and drop list for customers tomorrow and have already pushed updates to those customers using our sensors or PI-Hole DNS servers with our data.
There are 26 relevant events recorded in Jigsaw threat intelligence in the last 10 days.