Just because we are in the midst of a global pandemic does not mean we get a reprieve from cyber threats. Reports of COVID-19 related incidents show that many adversaries appear emboldened by the ongoing chaos and aim to compromise sensitive networks and systems while the workforce is adapting to the turmoil. For instance, a malicious coronavirus tracker was found to be spreading malware, the FBI has reported phishing campaigns with COVID-19 themed lures, and the Department of Health and Human Services (HHS) experienced DDoS attempts from multiple sources. Regardless of how long this current pandemic lasts, the age of mass teleworking is here. Adversaries are aware of the challenges that telework has introduced into the security landscape and they are leveraging the dynamics of the ongoing crisis to exploit corporate systems that may not have been adequately secured or prepared for the telework migration.

This report in association with ICIT (Institute for Critical Infrastructure Technology) provides detailed nontechnical and technical steps that can improve the security posture of any organization.