DWQA QuestionsCategory: Phishing ThreatsHave you seen any covid-19 specific zero-days or unique attacks that you’ve discovered in recent times?
wpengine Staff asked 8 months ago

1 Answers
wpengine Staff answered 8 months ago

Answered by Nick Klein, Managing Director, Klein & Co., A CyberCX Company


We are seeing that attackers are not necessarily creating new zero-days or using new techniques. They’re using the same techniques and the same methods but adapted to this new situation. The easiest thing for an attacker to change in a kill chain for example might be phishing emails. Where a phishing email previously might have been an offer, or promotion, it will be information on COVID-19, how to get your government COVID-19 subsidy.

There are some technical things that are changing. We advise increasing scans across home networks, which is not a zero-day scenario, but utilising some old vulnerabilities where attackers are targeting home routers. We also see exploit kits being customised. There was a java-based exploit kit that mimics a coronavirus outbreak map in circulation. The attackers used this to inject malware for password stealing, spam, malicious advertising or ransomware. So, we’re not seeing zero-day style activity. What we’re seeing is familiar attacks.

This is both good and bad. It’s difficult because it means you need to be vigilant in looking out for these adaptations, but it is easier once you spot the attack. You can be pretty confident that the rest of the kill chain will involve similar techniques to what we’re used to and we know how to respond to them.


View our 5 easy steps to improve your cyber resilience.

Cyber Resilience Strategies