COVID-19 Key Developments: March 21-27
The spread of coronavirus continues to have a significant impact across the world. As a result, Flashpoint has developed an Analyst Knowledge Page around COVID-19 for our clients as a way to provide an overview of findings with the opportunity to dive deeper into the data. This blog addresses key findings from Flashpoint analyst observations from this Knowledge Page with regards to government response, disinformation trends, cybercrime and more. To reference our previous updates, please visit our blog here.
Key Developments: March 21-27
Flashpoint published a blog Considerations for Updating Near-Term Intelligence Requirements in Response to COVID-19 that provides considerations for business operations as organizations shift to a larger remote workforce.
Governments have continued to impose additional travel restrictions at local and federal levels in an effort to minimize continued spreading of coronavirus.
- South Korea updated its testing requirements for any foreign national entering the country this week, continuing their hardline stance to combat the spread. According to the new guidelines, all US citizens and Europeans will be tested upon arrival, and individuals must self-quarantine for 14 days even if they have negative results. Individuals will also have to download an app to provide updates to health safety officials, and will be deported immediately if they do not comply.
- On March 24, the International Olympic Committee and Japanese government officially postponed the 2020 Olympic Games until 2021 due to the global coronavirus pandemic. The Olympic flame will remain in Japan, and the games will still officially be called “Tokyo 2020” despite the date move.
- The US Department of Justice has indicated they may pursue terrorism charges against individuals who commit acts with the intent to spread coronavirus. In some instances, state and local governments have already applied their own terrorism statutes in charging individuals for criminal acts related to coronavirus. Source:
- On March 22, the US Justice Department announced its first law enforcement action for criminal activity exploiting coronavirus concerns. According to their press release, the Justice Department brought wire fraud charges against operators of the site “coronavirusmedicalkit[.]com,” which falsely claimed to sell World Health Organization (WHO) vaccine kits.
- The US Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) published a memorandum that identified blockchain managers as essential critical infrastructure during the coronavirus response. These workers were identified along with inventory control and warehouse workers, suggesting that the US government has recognized the increasing importance of this type of technology.
New Disinformation Trends:
Misinformation and disinformation continues to spread on social media platforms and via chat services. Narratives and major developments observed by Flashpoint analysts include:
- Fake cures: smoking (Telegram), homeopathy (social media), marijuana (social media), various ineffective pills (sold, among others by disinformation peddler Alex Jones);
- Misattributed footage of military vehicles in various cities keep spreading as an alleged proof that martial law is going to be introduced in the areas or countries in question. In extremist communities threat actors are actively discussing this;
- A conspiracy theory by a retired Russian officer who claims that COVID-19 was invented by the “deep state” to reduce the population of the world has been shared more than 3 million times by March 26 and might have inspired further misleading content.
- In what seems to be a coordinated disinformation campaign Chinese actors have been propagating various theories about the origin of COVID-19. Besides an older theory shared by the spokesperson of the Chinese Foreign Ministry, which claimed that the virus was made in an US military lab, another narrative originating from China now claims that the virus originated from Italy (simultaneously far-right political leaders in Italy shared content claiming that the virus was a Chinese bioweapon). The campaign reportedly involved hacked social media accounts and in its newest form (with several competing narratives) it has started to resemble Russian information operations.
- Both China and Russia are simultaneously conducting an active “positive” PR campaign in Europe, which includes shipping medical equipment (which according to Spanish, Italian and Czech media reports turned out to be overwhelmingly defective) and pushing a message contrasting decisive Chinese/Russian action with the EU’s “hesitation” and “lack of solidarity”. The apparent aim is to divide the EU and (for Russia) to achieve the removal of sanctions against the country.
Cybercrime and Coronavirus:
The coronavirus pandemic continues to be reflected in cybercriminal activities. Malicious actors are taking advantage of global fear and uncertainty and exploiting them through attack vectors that include tailored phishing lures and custom malware. Numerous domains and scampages continue to appear as threat actors leverage the pandemic to carry out various online fraud schemes.
- Sophos Labs revealed on March 23, that over thirty thousand domain names with “covid” or “corona” have been registered since February 2020. Sophos is analyzing the data to determine which are malicious, and will issue follow-up reporting accordingly.
- On March 23, a Hammersmith Medicines Research medical facility involved with testing coronavirus vaccines announced that it was hit by the Maze ransomware collective. Despite the collective’s previous statement that it would not attack medical facilities during the global pandemic, the actors stole the data and published it online, demanding a ransom payment. A spokesperson for the facility noted that the attack was caught in a timely manner and there was no downtime.
- While the breach itself is believed to have occurred before the Maze collective’s March 18 announcement that it would not target medical organizations, the Maze group does not appear to be adhering to their promise of leaving medical facilities out of ransomware campaigns.
- The World Health Organization (WHO) disclosed on March 23 that a group of malicious cyber actors tried to breach the WHO network earlier in the month, but was unsuccessful. Chief Information Security Officer (CISO) Flavio Aggio acknowledged that hacking attempts against the agency are significantly increasing. Aggio noted that this effort consisted of trying to steal passwords via a malicious website that mimicked the WHO’s email.
- Malicious infrastructure has targeted other healthcare and humanitarian entities as the coronavirus pandemic sweeps the globe.
- Threat actors continue to exploit coronavirus concerns to propagate phishing campaigns. A security researcher discovered that threat actors are currently using an HHS[.]gov open redirect to push malware payloads via coronavirus-themed phishing emails.
COVID-19 Global Impact:
Virus trackers have been established by the Center for Systems Science and Engineering at Johns Hopkins University, the New York Times, and the Washington Post. An analysis of the spread of COVID-19 can be found here.
Work-from-Home Tests Business Networks, Security Protocols:
With organizations encouraging and requiring employees to work remotely, this sets a new precedent for business networks and security protocols. In response, the CDC provides guidance for business and employers to plan and respond to COVID-19.
Implications for Educational Institutions:
Many higher education institutions across the United States are closing their campuses through the end of term/spring 2020. Many of these universities have shifted to online-only classes and have asked students to vacate dorms. K-12 schools across the country have announced temporary closures as well, and some school districts have announced that they are shifting to online-only learning for the rest of the school year.
Delays and Disruptions to Major Events Possible:
A number of scheduled conferences and events continue to experience delays or cancellations as a result of the virus. Cancelling events or limiting attendance is meant to prevent community spread. In addition, many professional sports across the world have announced postponed or suspended seasons, including the NBA, which made their announcement after a player tested positive for the virus. Disney and Universal Studios have announced park closures beginning this week through the end of March.