CTI League Fights Cyber Threats During The COVID-19 Pandemic
The CTI League has published its inaugural report, detailing the ongoing cybersecurity projects its members are involved in to protect organizations from cybercrime during the COVID-19 pandemic.
It’s a dangerous time right now, and not just because of COVID-19. Cybercriminals are taking advantage of the confusion and lack of awareness resulting from the global pandemic. Case in point – CNN is reporting a 500% increase in phishing attacks since the start of the COVID-19 pandemic.
It’s for reason such as this that the Cyber Threat Intelligence (CTI) League has been formed.
What Is The CTI League?
The CTI League is an online coalition of cybersecurity sector volunteers working from around the world to identify and neutralize new cybercrime threats that exploit the ongoing COVID-19 pandemic. The CTI League prioritizes the protection of and support for the healthcare sector, recognizing its importance and value as a target for cybercriminals at this time.
In action, CTI League members carry out a range of vital cybersecurity tasks:
- Cyber-Attack Neutralization: CTI League volunteers’ primary goal is to eliminate cyber threats that exploit the COVID-19 pandemic, via one of three methods:
- Takedown: Members raise a takedown request for the removal of a dangerous website, web page, or file from the Internet.
- Triage: Members assess identified vulnerabilities in the healthcare sector and address them to mitigate any risks.
- Law enforcement escalations: Members escalate concerns to law enforcement agencies and national CERTs.
- Support: CTI League volunteers also deliver support, categorized in three ways:
- Medical Sector Support: Volunteers offer support to those in the healthcare industry that apply for it.
- Infrastructure Support: Volunteers protect and maintain critical infrastructure in the healthcare industry.
- Incident Response (IR) Support: When healthcare organizations are under attack, volunteers help them manage the identification, analysis, and response to the specific threat.
What Has The CTI League Achieved So Far?
Since being established on March 14, 2020, the CTI League has investigated and neutralized a wide range of cyber threats around the world.
- 2,883 takedowns requested for indicators of compromise (IoCs), removing malicious websites, webpages and files from the Internet
- Takedowns of specific COVID-19-based phishing campaigns:
- DDoS attack against governmental organizations (notification to Amazon)
- Malicious email notifications to Google’s CyberCrime Investigation Group (CCIG)
- Compromised companies for notification/remediation to FBI
More than 20,000 phishing domains and 2584 confirmed phishing messages were identified by the league.
- As a part of infrastructure support efforts, volunteers discovered and addressed more than 2000 vulnerabilities in hospitals, healthcare facilities, and their supporting organizations
- Volunteers identified and assessed a range of malicious files that were reported. With a total of 587 files, volunteers assigned threats to three different levels concerning their detection by antivirus solutions:
- Items that were flagged by most antivirus engines (198)
- Items only detected by a few antivirus engines (374)
- Items not detected by any of the public antivirus engines (15)
- Volunteers investigated disinformation campaigns:
- COVID-5G – Meant to encourage citizens to associate COVID-19 spread with the distribution of 5G equipment
- WeWontStayHome – Meant to encourage citizens to break quarantine
- Texasffrally – Meant to incite “Texas Freedom Force” rallies
- OperationGridlocck – Meant to incite vehicular based rallies to cause noise and ultimately gridlock streets
- Triage efforts, launched on March 31st, 2020, addressed 26 key vulnerabilities identified in the healthcare sector in just one week.
How Will The CTI League Proceed?
As you can see, CTI League volunteers have been busy in just the first month of their efforts. As the COVID-19 pandemic continues and develops, volunteers will continue to work around the globe to stop cybercriminals from exploiting the crisis.
Like this article? Check out the following blogs to learn more:
5-Minute Guide to DMARC Deployment