skip to top

Understanding the first and final mile of Coronavirus-related cyber threats

The COVID-19 pandemic has resulted in a renewed surge of cyber attacks and exploits. Open-source intelligence holds keys to investigating these types of emerging cyber threats.

Coverage of the Coronavirus pandemic has dominated the news cycle these past weeks and months. The world is fixated on a health crisis unseen in most of our lifetimes. As leaders in government and medical professionals apply themselves to the task of responding, the rest of us are glued to our computers and phones. Crises such as these bring out the best in people, but they also surface some of the worst qualities – threat actors have always taken advantage in times of hardship. The COVID-19 pandemic has resulted in a renewed surge of cyber attacks and exploits, making capital of the panic, the desire for information, and the increased vulnerabilities of the stay-at-home workforce. Open-source intelligence holds many keys to identifying and tracking emerging cyber threats during the Coronavirus crisis.

History does not always repeat itself. During the Spanish Flu pandemic of 1918, it might surprise you that criminal activity took a massive dive. Closure orders and fear of the virus forced people to stay home – there were simply fewer opportunities to commit robberies or petty theft. The consequent risks that arise during a crisis have changed in the age of information. The Internet, for all its benefits, has bridged the divide between threat actors and victims during a pandemic. Social isolation does not mean digital isolation, and the Internet has quickly become the whole world’s only window to the outside.

The COVID-19 pandemic has resulted in a renewed surge of cyber attacks and exploits, making capital of the panic, the desire for information, and the increased vulnerabilities of the stay-at-home workforce. Open-source intelligence holds many keys to identifying and tracking emerging cyber threats during the Coronavirus crisis.

For cybersecurity professionals, the Internet can be a valuable resource as well, providing a window to some of the emerging threats that will come out of this crisis. OSINT techniques are used every day by law enforcement, corporate and cybersecurity professionals. Open-source intelligence is crucial to understanding the first and final mile of cyberattacks. These are already unprecedented times. During the COVID-19 pandemic, open-source intelligence gathering yields valuable information necessary to understand and even project possible threats.

Assessing Your Assets

No one is truly safe, but bad actors targeting professionals in procurement, health and safety can be especially damaging. Mind you, it is possible that you have already done this type of assessment for executives and higher-ups, but with COVID-19 there is value in consolidating online footprint data for roles critical to the response.

Media Sonar Digital Footprint search automates this process and lets you conduct footprint assessments to show what information is already available publicly, and that could be leveraged. Be aware of who is most easily targeted within your organization, and who the most lucrative targets might be during different types of crises. Mitigating cyberattacks during a pandemic may require a different kind of thinking than what we are used to. Start first by making sure you know your weakest links.

Media Reports & Research

To perform an initial screening for possible consequent threats coming from hackers during the Coronavirus pandemic, research from trusted sources and mainstream media reports are a good place to start. You cannot trust everything you read, but this can generate ideas and understand what exploits have already been discovered.

It helps to have a tool that consolidates all these sources for you. The Media Sonar platform lets you search easily with advanced functions to limit the amount of noise you get back. Consumer search engines will always fall short here – they are monetized and flawed for use as open-source intelligence tools.

Deep & Dark Web Hacker Intelligence

If you have some information to go on or are searching for unknown threats, the Deep and Dark Web, which is used by bad actors to stay hidden, can be searched to gather intelligence on potential threat vectors. It is common for threat actors to use the big news topics to be used, for example, in phishing attacks to incite their targets to open a crafted attachment linked to a website. 

Media Sonar provides access to sites and markets on the TOR network to search for information and guides developed by hackers for hackers and specialized for the types of attacks we are seeing take place.

Our platform provides searchable access to data sources relevant to cyber professionals using OSINT techniques to collect information. The TOR network, now regularly used by threat actors to host Dark Web markets to sell drugs and weapons, is even more widely employed as a means of information sharing within the hacker community. Media Sonar provides access to sites and markets on the TOR network to search for information and guides developed by hackers for hackers and specialized for the types of attacks we are seeing take place. Other public communication channels such as Telegram and Discord are also useful for cyber analysts to understand the patterns and templates used to phish or extort money from individuals who are easy prey under present circumstances. Across the Deep and Dark web, you will also, in time, come to see the spoils of these attacks being listed for sale from these same threat actors. Understanding the risks will help your organization make better decisions about how to best mitigate and respond to them if they do occur.

Threat Actor Footprints

Organizations are being targeted by threat actors motivated by profits or, worse yet, in an effort to destabilize efforts to respond to the COVID-19 pandemic. When our very lives are already at stake, influence from outside individuals, groups, and nations can come at great cost. Motivations matter, and understanding the threat actor is important to get to the intent behind the attack.

OSINT techniques are useful in identifying why and who may be involved in a cyberattack, current or future. Identifying the extent of their presence online, the sites they frequent, and the people they communicate within their network can be tracked using the Media Sonar platform. We make it possible to conduct these types of investigations far quicker, which is necessary during times of crisis when every second counts.

What Next?

The COVID-19 pandemic has prompted a significant increase in online activity and, while much of this activity is coming from legitimate sources, we have witnessed an increase in malicious activity. We have learned about phishing emails promising information about the Coronavirus and the response that appear to come from reputable sources, or possibly also emails selling medical supplies containing suspicious links. People are always the weakest link. In a time of the pandemic, our guard must be up – threat actors are motivated and the world is more susceptible. Weathering the COVID-19 crisis together depends not only on health professionals who care for the risk but also on security professionals who can safeguard the world’s data and networks. To do this, they need a robust understanding of emerging risks. 

Media Sonar has been working with customers since the start of this crisis to monitor the impact of COVID-19 across their organizations, from disruptions in the supply chain to the safety of communities. Tracking possible emerging cyber threats and gathering intelligence to make informed decisions under normal conditions is challenging. Initiating it when already dealing with a crisis even more so. Our Product Specialists can help reduce those barriers for you.

Contact us for more information about using OSINT during COVID-19, and how the Media Sonar platform can help you understand and avoid emerging cyber threats.

Related Posts