COVID-19: useful cyber security resources Posted June 26, 2020

New Zealand’s National Cyber Security Centre (NCSC) is encouraging organisations to maintain a high level of cyber security resilience and awareness during the national response to COVID-19. Cyber actors are likely to exploit public concern around COVID-19, and all organisations should ensure they have robust cyber security measures in place.

On this page we’ve compiled a list of resources produced by our partner agencies and other trusted organisations to help address cyber security challenges that are likely to emerge as more people work from home. We intend to regularly update this page as further information becomes available.

Update for June 26^th, 2020

• The Canadian Centre for Cyber Security (CCCS) has posted a bulletin describing the impact of COVID-19 on cyber threats to the health sector.

Update for June 3^rd, 2020

• The Canadian Centre for Cyber Security (CCCS) has posted an assessment of the impact of COVID-19 on cyber threat activity.

Update for May 25^th, 2020

• The Australian Cyber Security Centre (ACSC) has released advice for critical infrastructure providers who are deploying business continuity plans for Operational Technology Environments (OTE)/Industrial Control Systems (ICS) during the COVID-19 pandemic.

Update for May 13^th, 2020

• The USA's Cybersecurity and Infrastructure Security Agency (CISA) has posted a list of their top 10 routinely exploited vulnerabilities, and mitigations for each of them.

Update for May 6^th, 2020

• The UK's NCSC and the USA's CISA have issued a joint alert to update on malicious cyber activity during COVID-19. This alert focuses on password-spraying campaigns targeting healthcare entities and essential services.

Update for May 4^th, 2020

• The USA's Cybersecurity and Infrastructure Security Agency (CISA) has posted a helpful guidance section for organisations and staff working remotely, including a sheet of video conferencing tips and recommendations for securing video conferencing.

Update for April 30^th, 2020

• The USA's Cybersecurity and Infrastructure Security Agency (CISA) has posted an alert containing a list of recommended security configurations for organisations deploying Microsoft Office 365.

Update for April 24^th, 2020

• The UK's NCSC has launched a new Cyber Aware campaign which aims to help individuals and organisations to protect themselves online, especially in the context of the COVID-19 pandemic.

Updates for April 21^st, 2020

• The Australian Cyber Security Centre (ACSC) has written a useful overview of malicious cyber activity being observed during the COVID-19 crisis, including real-world examples of phishing emails and working-from-home scams.

• Also from the ACSC is guidance on how to select a web conferencing solution, and how to use it securely.

Update for April 14^th, 2020

• The Australian Cyber Security Centre (ACSC) has produced a guide to help small businesses protect against cyber attacks and disruptions during COVID-19.

Update for April 9^th, 2020

• The USA's Cybersecurity and Infrastructure Security Agency (CISA) and the UK's National Cyber Security Centre (NCSC) have issued a joint alert to provide information on exploitation of the COVID-19 pandemic by cybercriminal and advanced persistent threat groups.

Update for April 6^th, 2020

• The FBI has issued a summary of recent cyber crime activity related to COVID-19 and provided cyber security advice for remote workers and the education sector.

Updates for March 20^th to 26^th, 2020

• New Zealand’s Computer Emergency Response Team (CERT) has issued an advisory detailing reports of attackers using COVID-19 themed scams. Further COVID-19 guidance from CERT can be viewed here.

• The ACSC has produced a helpful guide to detecting socially engineered messages.

• The UK’s National Cyber Security Centre has released advice to help people identify and deal with suspicious emails.

• Also from the UK’s NCSC is guidance for organisations on choosing and purchasing mobile devices for end users.

• Criminals are using the names of legitimate entities such as the World Health Organisation (WHO) or the U.S. Centres for Disease Control and Prevention (CDC) in attempts to obtain personal information or funds. Read the warning issued by the WHO for further information.

• The United States Cybersecurity and Infrastructure Security Agency (CISA) has issued recommendations for improving enterprise Virtual Private Network (VPN) resilience. Also from CISA is advice on risk management for COVID-19.

• And finally, we suggest reading our own guidance on helping organisations and staff stay secure while working remotely.