COVID-19: useful cyber security resources

New Zealand’s National Cyber Security Centre (NCSC) is encouraging organisations to maintain a high level of cyber security resilience and awareness during the national response to COVID-19. Cyber actors are likely to exploit public concern around COVID-19, and all organisations should ensure they have robust cyber security measures in place.

On this page we’ve compiled a list of resources produced by our partner agencies and other trusted organisations to help address cyber security challenges that are likely to emerge as more people work from home. We intend to regularly update this page as further information becomes available.

Update for June 26^th, 2020

• The Canadian Centre for Cyber Security (CCCS) has posted a bulletin describing the impact of COVID-19 on cyber threats to the health sector(external link).

Update for June 3^rd, 2020

• The Canadian Centre for Cyber Security (CCCS) has posted an assessment of the impact of COVID-19 on cyber threat activity(external link).

Update for May 25^th, 2020

• The Australian Cyber Security Centre (ACSC) has released advice for critical infrastructure providers(external link) who are deploying business continuity plans for Operational Technology Environments (OTE)/Industrial Control Systems (ICS) during the COVID-19 pandemic.

Update for May 13^th, 2020

• The USA's Cybersecurity and Infrastructure Security Agency (CISA) has posted a list of their top 10 routinely exploited vulnerabilities(external link), and mitigations for each of them.

Update for May 6^th, 2020

• The UK's NCSC and the USA's CISA have issued a joint alert(external link) to update on malicious cyber activity during COVID-19. This alert focuses on password-spraying campaigns targeting healthcare entities and essential services.

Update for May 4^th, 2020

• The USA's Cybersecurity and Infrastructure Security Agency (CISA) has posted a helpful guidance section(external link) for organisations and staff working remotely, including a sheet of video conferencing tips(external link) and recommendations for securing video conferencing(external link).

Update for April 30^th, 2020

• The USA's Cybersecurity and Infrastructure Security Agency (CISA) has posted an alert containing a list of recommended security configurations(external link) for organisations deploying Microsoft Office 365.

Update for April 24^th, 2020

• The UK's NCSC has launched a new Cyber Aware campaign(external link) which aims to help individuals and organisations to protect themselves online, especially in the context of the COVID-19 pandemic.

Updates for April 21^st, 2020

• The Australian Cyber Security Centre (ACSC) has written a useful overview of malicious cyber activity being observed(external link) during the COVID-19 crisis, including real-world examples of phishing emails and working-from-home scams.

• Also from the ACSC is guidance on how to select a web conferencing solution(external link), and how to use it securely.

Update for April 14^th, 2020

• The Australian Cyber Security Centre (ACSC) has produced a guide(external link) to help small businesses protect against cyber attacks and disruptions during COVID-19.

Update for April 9^th, 2020

• The USA's Cybersecurity and Infrastructure Security Agency (CISA) and the UK's National Cyber Security Centre (NCSC) have issued a joint alert(external link) to provide information on exploitation of the COVID-19 pandemic by cybercriminal and advanced persistent threat groups.

Update for April 6^th, 2020

• The FBI has issued a summary of recent cyber crime activity(external link) related to COVID-19 and provided cyber security advice for remote workers and the education sector.

Updates for March 20^th to 26^th, 2020

• New Zealand’s Computer Emergency Response Team (CERT) has issued an advisory detailing reports of attackers using COVID-19 themed scams(external link). Further COVID-19 guidance from CERT can be viewed here(external link).

• The ACSC has produced a helpful guide to detecting socially engineered messages(external link).

• The UK’s National Cyber Security Centre has released advice to help people identify and deal with suspicious emails(external link).

• Also from the UK’s NCSC is guidance for organisations on choosing and purchasing mobile devices for end users(external link).

• Criminals are using the names of legitimate entities such as the World Health Organisation (WHO) or the U.S. Centres for Disease Control and Prevention (CDC) in attempts to obtain personal information or funds. Read the warning issued by the WHO(external link) for further information.

• The United States Cybersecurity and Infrastructure Security Agency (CISA) has issued recommendations for improving enterprise Virtual Private Network (VPN) resilience(external link). Also from CISA is advice on risk management for COVID-19(external link).

• And finally, we suggest reading our own guidance on helping organisations and staff stay secure while working remotely.