Blog
COVID-19 Key Developments: March 21-27
The spread of coronavirus continues to have a significant impact across the world. As a result, Flashpoint has developed an Analyst Knowledge Page around COVID-19 for our clients as a way to provide an overview of findings with the opportunity to dive deeper into the data.

The spread of coronavirus continues to have a significant impact across the world. As a result, Flashpoint has developed an Analyst Knowledge Page around COVID-19 for our clients as a way to provide an overview of findings with the opportunity to dive deeper into the data. This blog addresses key findings from Flashpoint analyst observations from this Knowledge Page with regards to government response, disinformation trends, cybercrime and more. To reference our previous updates, please visit our blog here.
Key Developments: March 21-27
Flashpoint published a blog Considerations for Updating Near-Term Intelligence Requirements in Response to COVID-19 that provides considerations for business operations as organizations shift to a larger remote workforce.
Government Responses:
Governments have continued to impose additional travel restrictions at local and federal levels in an effort to minimize continued spreading of coronavirus.
- South Korea updated its testing requirements for any foreign national entering the country this week, continuing their hardline stance to combat the spread. According to the new guidelines, all US citizens and Europeans will be tested upon arrival, and individuals must self-quarantine for 14 days even if they have negative results. Individuals will also have to download an app to provide updates to health safety officials, and will be deported immediately if they do not comply.
- On March 24, the International Olympic Committee and Japanese government officially postponed the 2020 Olympic Games until 2021 due to the global coronavirus pandemic. The Olympic flame will remain in Japan, and the games will still officially be called “Tokyo 2020” despite the date move.
- The US Department of Justice has indicated they may pursue terrorism charges against individuals who commit acts with the intent to spread coronavirus. In some instances, state and local governments have already applied their own terrorism statutes in charging individuals for criminal acts related to coronavirus. Source:
- On March 22, the US Justice Department announced its first law enforcement action for criminal activity exploiting coronavirus concerns. According to their press release, the Justice Department brought wire fraud charges against operators of the site “coronavirusmedicalkit[.]com,” which falsely claimed to sell World Health Organization (WHO) vaccine kits.
- The US Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) published a memorandum that identified blockchain managers as essential critical infrastructure during the coronavirus response. These workers were identified along with inventory control and warehouse workers, suggesting that the US government has recognized the increasing importance of this type of technology.
New Disinformation Trends:
Misinformation and disinformation continues to spread on social media platforms and via chat services. Narratives and major developments observed by Flashpoint analysts include:
Cybercrime and Coronavirus:
The coronavirus pandemic continues to be reflected in cybercriminal activities. Malicious actors are taking advantage of global fear and uncertainty and exploiting them through attack vectors that include tailored phishing lures and custom malware. Numerous domains and scampages continue to appear as threat actors leverage the pandemic to carry out various online fraud schemes.
- Sophos Labs revealed on March 23, that over thirty thousand domain names with “covid” or “corona” have been registered since February 2020. Sophos is analyzing the data to determine which are malicious, and will issue follow-up reporting accordingly.
- On March 23, a Hammersmith Medicines Research medical facility involved with testing coronavirus vaccines announced that it was hit by the Maze ransomware collective. Despite the collective’s previous statement that it would not attack medical facilities during the global pandemic, the actors stole the data and published it online, demanding a ransom payment. A spokesperson for the facility noted that the attack was caught in a timely manner and there was no downtime.
- While the breach itself is believed to have occurred before the Maze collective’s March 18 announcement that it would not target medical organizations, the Maze group does not appear to be adhering to their promise of leaving medical facilities out of ransomware campaigns.
- The World Health Organization (WHO) disclosed on March 23 that a group of malicious cyber actors tried to breach the WHO network earlier in the month, but was unsuccessful. Chief Information Security Officer (CISO) Flavio Aggio acknowledged that hacking attempts against the agency are significantly increasing. Aggio noted that this effort consisted of trying to steal passwords via a malicious website that mimicked the WHO’s email.
- Malicious infrastructure has targeted other healthcare and humanitarian entities as the coronavirus pandemic sweeps the globe.
- Threat actors continue to exploit coronavirus concerns to propagate phishing campaigns. A security researcher discovered that threat actors are currently using an HHS[.]gov open redirect to push malware payloads via coronavirus-themed phishing emails.
COVID-19 Global Impact:
Virus trackers have been established by the Center for Systems Science and Engineering at Johns Hopkins University, the New York Times, and the Washington Post. An analysis of the spread of COVID-19 can be found here.
Work-from-Home Tests Business Networks, Security Protocols:
With organizations encouraging and requiring employees to work remotely, this sets a new precedent for business networks and security protocols. In response, the CDC provides guidance for business and employers to plan and respond to COVID-19.
Many higher education institutions across the United States are closing their campuses through the end of term/spring 2020. Many of these universities have shifted to online-only classes and have asked students to vacate dorms. K-12 schools across the country have announced temporary closures as well, and some school districts have announced that they are shifting to online-only learning for the rest of the school year.
Delays and Disruptions to Major Events Possible:
Implications for Educational Institutions:
A number of scheduled conferences and events continue to experience delays or cancellations as a result of the virus. Cancelling events or limiting attendance is meant to prevent community spread. In addition, many professional sports across the world have announced postponed or suspended seasons, including the NBA, which made their announcement after a player tested positive for the virus. Disney and Universal Studios have announced park closures beginning this week through the end of March.
Forbes has compiled a master list of airline change and cancellation policies.A list of cancelled trade shows and technology conferences can be found here.