UK and US issue joint report about COVID-19 exploitation

The COVID-19 pandemic is being increasingly exploited by malicious cyber actors and advice has this week been issued by both the UK and the US.

A report, jointly published by the NCSC and the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA), provides information on exploitation by cyber criminals and advanced persistent threat (APT) groups of COVID-19. It also includes a list of indicators of compromise (IOCs) for detection as well as mitigation advice.

The data suggests that cyber crime has now increased, but both the NCSC and CISA have seen an increase in the user of COVID-19 related themes. The threat of cyber crime has also increased due to an increase in home working which has led to the use of more vulnerable services such Virtual Private Networks (VPNs).

Individuals, small businesses and large organisations are at risk of COVID-19 scams and phishing messages, but the advisory offers some practical advice about how to protect you and your business from these types of attack.

You can read the full advisory here, but you may also find the following guidance for businesses useful:

• Home working: preparing your organisation and staff

• Phishing attacks: defending your organisation

And for individuals and families:

• Phishing attacks: dealing with suspicious emails and messages

• Top tips for staying secure online

Microsoft Exchange admins urged to immediately patch critical flaw

In a blog post this week, cyber security firm Rapid7 revealed that over 350,000 Microsoft Exchange servers exposed on the internet haven’t been patched against the CVE-2020-0688 post-auth remote code execution vulnerability. This comes despite Microsoft issuing a patch for the vulnerability on February 22nd.

The remote code extension bug can be exploited by hackers to take over Microsoft Exchange servers using the stolen credentials of any associated user. When patching the flaw earlier this year, Microsoft tagged it with an "Exploitation More Likely" exploitability index assessment – suggesting that taking advantage of the flaw would be particularly attractive to hackers.

With 350,000 Exchange servers accounting for over 80% of those exposed on the internet, admins are being urged to ensure that their servers are patched. This should entail verifying the update’s deployment on any server with the Exchange Control Panel (ECP) enabled and checking for any signs of compromise.

Guidance on patching can be found in the NCSC’s Small Business Guide, but these other pieces of advice may also be helpful:

• Vulnerability management

• Protect your management interfaces

• Continually test your security