When it comes to COVID-19, everyone wants to do their part to help the world win the battle against the virus. At Anomali, we are doing everything in our power to contribute to the cause. Our global workforce is personally committed to stopping the spread of the virus and we’ve shifted to a remote-work model that allows all of our employees to remain safe in their homes, as much as possible.
We’ve also committed to standing on the frontlines of the second battle raging, the COVID-19 cyberwar. Within the first few days of the start of the pandemic, Anomali Threat Research identified a dozen nefarious groups that had launched malicious email phishing campaigns that used lures themed around COVID-19. By the end of March, our research crew had detected more than 6,000 indicators of compromise (IOCs) about cyberattacks taking place. In the threat intelligence field, an IOC is evidence that an attack is taking place.
To help speed progress in the fight to stop the spread of the virus, many government organizations have partnered with Apple, Google, and other smartphone providers to enable digital contact tracing and exposure alerting. Anyone who opts-in can utilize their devices’ Bluetooth capability to receive an alert when they come into contact with someone who has either tested positive or been exposed to COVID-19. Designed to be anonymous and fully confidential, most agencies using these technologies promise that no personal information or location data will be captured or stored by them. All data is supposed to be kept on users’ devices. Anyone who receives an alert can then take the proper steps to quarantine and get tested. Today, the State of California became the latest to announce a contact tracing and alerting app, CA Notify.
Anomali applauds government agencies and consumers who turn to every means available to help end the pandemic. We are optimistic that mobile contact tracing apps may help. We acknowledge that the struggle against COVID-19 is an urgent one. We also want to make sure the world understands that when it comes to online activities, security demands vigilance, and consideration. In June, we detected the existence of fake contact tracing apps designed to infect smartphones that used the Android operating system. Although the attack did not happen in the United States, it is worth knowing that anyone who downloaded one of these apps made themselves vulnerable to having banking credentials or other personal information stolen and subjected their device to remote surveillance.
If you decide to participate in digital contact tracing and alerting, remember that cybercriminals are lurking. Make sure that any apps you download are genuine, and only engage with apps that are present on official platforms such as the Apple App Store and Google Play Store. Don’t, under any circumstances, click on links in emails or text messages urging you to download apps from random sources.
With the news that vaccines are on the way, the world is headed into 2021 hopeful that COVID-19 can be brought under control and eventually eradicated. We encourage everyone to do their part to bring this devastating period to an end while remaining vigilant in the face of cyber actors willing to take any opportunity to capitalize on the current health crisis.