Security Warning for Public Authorities about Underestimating the Cybersecurity in Emergency State Caused by COVID-19

The National Cyber Security Centre SK-CERT (hereinafter referred to as SK-CERT) warns all public authorities, organizations of state administration and municipalities about underestimating the importance of cybersecurity in the current situation related to the spread of COVID-19. The operations (and services) of information technologies of public administration have a direct and significant impact on the security of the state as well as on the economic and social interests of the state.

Currently, in a situation in which the government declared the emergency state according to Article 5 of the Constitutional Act No. 227/2002 Coll., with effect from 16 March 2020 from 6.00 a.m., limiting the personal social contacts, introducing the teleworking (Home Office) and other similar actions have become the key measures in order to slow down the spread of the disease caused by COVID-19 virus.

For these measures, it is essential to ensure the smooth functioning of information and communication technologies environment in each organization. Remote work, good communication and information exchange requires a well-organized and secure environment. Therefore, SK-CERT warns all entities of public administration involved, the other operators of essential services included in a list, as well as other companies and organizations, to comply with the required security measures regarding to the Cybersecurity Act as responsibly as possible. The obligation to report all cybersecurity incidents at https://www.sk-cert.sk and to cooperate with SK-CERT in their handling is an important factor thereof.

In the field of operational measures it is recommended to follow the same measures as published on 16 March in Recommendations for the Health Sector.

At the same time, please note that there is an increasing number of attempts to exploit the COVID-19 coronavirus pandemic for a variety of harmful activities – from the collection of personal data to online fraud, or other forms of attacks on companies and organizations. These often include websites selling goods in short supply such as respirators, masks, thermometers, disinfectants and so on, for  which the customer pays but does not receive them (or gets them too late or incomplete), or spreading malicious code (malware, ransomware, etc.). The National Security Authority warns continuously against such forms of malicious activities on its website and on the SK-CERT website.

In this context, particularly ransomware attacks or DoS/DDoS attacks can be expected; then spreading malware or phishing campaigns using the identity theft and fake documents about the novel coronavirus; however, other types of attacks aimed at stealing the sensitive data or destroying the systems, and also advanced APT attacks are not excluded as well. Official websites of institutions of public administration can be also imitated and used by attackers to spread malicious codes, obtain illegally personal or other sensitive data, or spread hoaxes and alarm messages.

If you need any assistance in the field of cybersecurity, contact immediately the National Cyber Security Centre SK-CERT.

All warnings and recommendations of the National Cyber Security Centre SK-CERT regarding coronavirus disease or COVID-19 can be also found at https://www.korona.gov.sk/varovania-narodneho-centra-kybernetickej-bezpecnosti-sk-cert/.

« Späť na zoznam