'COVID-19 CTI League': How Cybersecurity Experts Team Up To Fight Coronavirus-Related Hacks


The coronavirus has been declared a pandemic. With many victims from many countries, many people are living in fear, isolated, quarantined inside their homes.

Making use of the situation, there has been an increase in hacking activities and malicious campaigns, preying on those unsuspecting victims.

While scientists are racing to create a vaccine for the real-world coronavirus threat, experts are also racing to stop hack attempts related to the coronavirus.

Here, an international group with expertise in cybersecurity formed a team called the 'COVID-19 CTI League', for cyber threat intelligence.

The group that spans in more than 40 countries around the globe came together on March 25, 2020. Members include professionals and seniors in companies like Microsoft and Amazon.

COVID-19 CTI League - logo

Based on its website:

"We are a community of CTI experts, Incident responders and Industry experts working to neutralize all cyber threats looking to exploit the current pandemic. We identify, analyze and neutralize all threats but at this most sensitive time are prioritizing front-line medical resources and critical infrastructure."

The site identified the four individuals who launched the effort: Ohad Zaidenberg, the lead cyber intelligence researcher at Israeli firm ClearSky Security; Nate Warfield and Chris Mills, two security researchers at Microsoft; and Marc Rogers, Head of Security at Def Con and Vice President of Okta.

Marc Roger said that creating a blanket against cyberattacks aimed at healthcare facilities and frontline responders including doctors, nurses, laboratories, etc. is the team's highest priority.

Besides healthcare, the COVID-19 CTI League's mission is also to neutralize other cyberthreats looking to exploit the coronavirus pandemic, according to a brief description on the group's website.

"Attackers are using a mixture of old, reskinned, and relatively new malware to attack users during the COVID-19 pandemic," Rogers said. "Their diversity indicates a global reach and a wide variety of campaigns. In essence, we are looking at a cybercrime gold rush."

Rogers also described the League as having hundreds of members.

"We are growing fast," he said. "It's important to us that this is a global effort because this is a global threat. That's why we made the call worldwide and were delighted when the world responded."

From impersonating WHO, creating malicious coronavirus tracker to creating fake coronavirus dashboard map, and delivering malware through email among others, hackers are on the move.

Since hacking attempts piggybacking the coronavirus trend is escalating, a few hundreds of experts may not be enough.

This is why Rogers said that the group is accepting volunteers. Anyone can apply, but it only considers those who have the right technical background or skills that can come useful in their contribution.

"The tasks here are very specific and every member has to hit the ground running," Rogers notes.

Rogers added the members of the new group will work with each other and industry to find COVID-19 related phishing and malware.

COVID-19 hacker

He stresses that he has never seen so high volumes of phishing earlier and has literally documented phishing messages in every known language to man.

"We then work with our incident response experts, industry partners, and law enforcement to ensure that the threats are taken down and any harm is neutralized."

Rogers however, said that the group won't engage in any kind of hacking-back activity. This is because the members are legally restricted in what they can and cannot do in their counter-offensive operations against hackers and their infrastructure.

"There is no hacking back," Rogers said.

"We are using tried and accepted processes to identify, analyze, and report threats to the appropriate organizations and where necessary law enforcement authorities. The difference is that now, working so closely together for a common cause, we are able to do this much faster. It is a collaborative effort across the board."

Rogers hopes that the level of collaboration researchers are showing around the COVID-19 initiative will remain after the immediate crisis has passed.

“I have never seen this level of cooperation,” Rogers said. “I hope it continues afterwards, because it’s a beautiful thing to see.”