In the latest COVID-19-related fraud scheme, threat actors are looking to exploit the Coronavirus Aid, Relief, and Economic Security (CARES) Act economic impact payments to steal personal and financial information from individuals, according to an alert from the Department of Homeland Security Cybersecurity and Infrastructure Security Agency , Department of the Treasury, the IRS, and the Secret Service.
Given the rise in telework in the wake of the pandemic, healthcare organizations should review the alert to ensure its workforce understands the potential risk posed by this threat. Security leaders should also provide employees with information around how IRS interacts with taxpayers.
As part of the CARES Act, businesses and individuals impacted by the crisis will receive payments from the government. In response, hackers are using lures tied to Coronavirus and the economic impact payments in an attempt to disrupt those payouts.
Federal agencies have continued to detect malicious attempts leveraging stimulus-themed emails and text messages to obtain personally identifiable information and bank account details from individuals. Officials explained it’s expected hackers will also continue to leverage these attacks to gain access to computer networks or launch potential ransomware attacks.
The detected scams are tied to personal checks, loan and grant programs, or other CARES Act subjects. Further, these attempts could be tied to later cyberattacks that could impact the CARES ACT rollout in its entirety.
“On the most dangerous end of the spectrum, criminals and adversaries may pursue activities that go beyond stealing information or funds and seek to disrupt the operations of the organizations responsible for implementing the CARES Act, including through the use of ransomware to extort money from victims, steal personal information, or interrupt the flow of CARES Act funds,” officials explained.
“The USSS is focusing its investigative operations on ensuring that those who seek to exploit this pandemic are brought to justice, and that the proceeds of their criminal activity are recovered,” officials added. “These investigations will include actions over the near term, but also in the coming months and years to hold criminals accountable and recover assets.”
All federal, state, local, and tribal agencies are encouraged to initiative a comprehensive security review of their critical system, especially systems tied to payments, banking, and loan processing. These threats could also pose a risk for potential ransomware attacks.
Throughout the pandemic, federal agencies have ramped up threat intelligence sharing, as well as providing all organizations resources around best practice security measures. These insights shed light on malicious cyber actors and advanced persistent threat (APT) actors leveraging COVID-19 to target healthcare, and a host of other fraud schemes and attempts to exploit endpoints used for teleworking.
Employees should be encouraged to report potential security incidents tied to this threat to security leadership or the network administrator.
Healthcare organizations should review insights provided by a host of industry stakeholders to ensure their enterprise is secure from threats tied to COVID-19, including human-operated ransomware, Virtual Private Networks (VPNs), DNS routers, telework, cloud deployments, and videoconferencing, such as Zoom.
Most recently, the Healthcare and Public Health Sector Coordinating Council (HSCC) released healthcare sector-specific guidance for securing research and trade secrets, as well as employing tactical crisis response. Meanwhile, Proofpoint found hackers are using COVID-19 phishing and website spoofing to steal credentials.