The ATO has been tracking an increase in threat actors exploiting the current situation concerning COVID-19 to conduct malicious cyber activity. Threat actors were observed leveraging COVID-19 themed email and SMS messages in an attempt to trick users into disclosing their myGov credentials and install malicious files. Examples of content include:
-statements from health and government authorities
-working from home statements
-myGov themed SMS campaigns
-COVID-19 payroll and invoice emails
-Recommendations to avoid infection.
It is recommended that businesses and organisations provide security awareness training to their staff about the increased risks associated with COVID-19 related phishing schemes and advisories while working from home and on bring your own devices (BYOD). Business and organisations should also ensure that VPN and RDP servers are patched and up to date. Businesses should ensure they monitor remote access events, remote access devices, data exfiltration points, and credential sharing
Information is available to support you if you experience data breaches including compliance with the Notifiable Data Breaches Scheme.