{ "id": "8203a8e9-3bec-44f4-aeee-a4d5d7b69e36", "created_at": "2026-04-06T00:17:29.555923Z", "updated_at": "2026-04-10T03:35:43.308213Z", "deleted_at": null, "sha1_hash": "86daccefefc7a00cf34e663f852f8c4879fe0641", "title": "On-demand Webcast: CrowdStrike Experts on COVID-19 Cybersecurity Challenges and Recommendations", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 65951, "plain_text": "On-demand Webcast: CrowdStrike Experts on COVID-19\r\nCybersecurity Challenges and Recommendations\r\nBy Michael Busselen\r\nArchived: 2026-04-02 12:19:40 UTC\r\nA new on-demand webcast, “Cybersecurity in the Time of COVID-19,” features CrowdStrike® CTO Mike\r\nSentonas, VP of Intelligence Adam Meyers and Sr. Director of Product Management Brian Trombley as they\r\ndiscuss ways for companies to overcome the cybersecurity challenges they’re facing during this worldwide crisis.\r\nAlong with recommendations, they also detail new programs CrowdStrike has introduced to help organizations\r\nsupport and secure a newly remote workforce. In setting a context for the webcast, Sentonas says, “The\r\ncybersecurity considerations organizations are facing at this time are as varied as they are complex, and we are\r\ngoing to try and touch on as many of them as possible.”\r\nChallenges of Working From Home\r\nSentonas points out that while CrowdStrike has been working remotely since the company began, many\r\ncompanies are not prepared to pivot rapidly and enable a large-scale remote workforce. This is especially\r\nchallenging as more regions establish guidelines and regulations to enforce social isolation and keep people at\r\nhome. He cites some of the issues that enabling a remote workforce can entail:\r\nIn addition to security considerations, a fast migration to employees using personal computers creates more\r\ncomplex connectivity problems.\r\nAlthough there are many organizations that already enable remote workers and are somewhat prepared for\r\nthe current crisis, many more are struggling to make this transition at speed.\r\nA lack of IT resources is a perpetual complaint in many organizations, but it’s significant in this case. The\r\nnumber of helpdesk calls goes way up when you are connecting from a home device — what do you\r\ntroubleshoot? We’re getting this feedback from a lot of organizations.\r\nSentonas also has some suggestions for how companies can help make a smoother and more secure transition to a\r\nremote workforce. If the following key factors aren’t already a part of your security strategy, they should be part\r\nof your planning going forward:\r\nMake sure you have current cybersecurity policies that include remote working.\r\nPlan for BYOD devices connecting to your organization.\r\nKnow that sensitive data may be accessed through unsafe WiFi networks.\r\nCybersecurity hygiene and visibility will be critical.\r\nContinued education is important as COVID-19 schemes escalate.\r\nCrisis management and IR plans need to be executable by a remote workforce.\r\nAdversaries Are Exploiting the COVID-19 Crisis\r\nhttps://www.crowdstrike.com/blog/on-demand-webcast-crowdstrike-experts-on-covid-19-cybersecurity-challenges-and-recommendations/\r\nPage 1 of 3\n\nIn the webcast, Meyers summarizes the CrowdStrike Intelligence team’s observations on nation-state and eCrime\r\nactors that are leveraging the pandemic to further their own criminal objectives. “What we're seeing from a threat\r\nintelligence perspective is that threat actors have been using and are continuing to use the COVID-19 pandemic as\r\nthemes and to help enable their operations.” Recent adversary activity his team has observed includes the\r\nfollowing:\r\nMUMMY SPIDER, an eCrime adversary originating out of Eastern Europe or the Russian Federation, is\r\nlinked to the core development of the malware most commonly known as Emotet or Geodo. This adversary\r\nhas been observed targeting a wide range of organizations globally and capitalizing on the ongoing\r\ncoronavirus outbreak by using the pandemic as a theme for email system attacks. “Emails were sent using a\r\ntechnique that we call email thread hijacking, where the adversary gets into a victim machine and is able to\r\naccess their email,” Meyers explains. “They look for a thread they can jump into and send, and inject\r\ncontent in order to increase the chances that somebody will trust that email enough to click on a link or\r\nopen an attachment.”\r\nPIRATE PANDA, also known as APT23, KeyBoy and Tropic Trooper, was last observed in February. This\r\nadversary typically targets India, Japan, Mongolia, the Philippines, Taiwan and Vietnam. Recently the\r\nthreat actor has been observed using an English-language lure that appears to be from Mongolia’s ministry\r\nof health, and is formatted to look like a World Health Organization daily report. “Though we can't see\r\nexactly who was targeted, based on the content, we can see the types of entities that they would have\r\ntargeted, such as governmental organizations and non-governmental organizations (NGOs),” Meyers says.\r\nRansomware Big Game Hunting (BGH) — Meyers says his team has observed adversaries using\r\nransomware BGH attacks with COVID-19 lures against organizations that have a particularly critical need\r\nto stay operational, such as healthcare entities and state and local governments. He adds, “We're in a state\r\nof high alert when it comes to information pertaining to COVID-19. We're tracking threat actors that are\r\nrapidly trying to adopt this into their operations.”\r\nCrowdStrike Programs to Support Remote Workers\r\nIn his presentation, Trombley outlines two free programs that CrowdStrike has initiated to help customers move\r\nrapidly to a remote workforce model, while ensuring security across their enterprises and keeping costs low. These\r\ninclude a Burst Licensing program for organization-owned devices and a new version of CrowdStrike Falcon\r\nPreventTM next-generation antivirus protection for Home Use for employee-owned devices. The Burst Licensing\r\nprogram is designed to help customers alleviate concerns associated with licensing the CrowdStrike Falcon®\r\nplatform to protect a surging number of new systems being deployed for use by remote workers. This program is\r\nparticularly vital because these systems may only be needed for a short period of time. Falcon Prevent for Home\r\nUse provides organizations with a low-cost option for securing employees’ home Windows devices. For more\r\ninformation on these programs, read this blog: CrowdStrike Announces Two New Programs to Help Organizations\r\nSecure Remote Workers During COVID-19 Crisis. Both of these programs are being offered at no additional cost\r\nto existing CrowdStrike customers for a limited period of time. Don’t miss this important on-demand webcast:\r\n“Cybersecurity in the Time of COVID-19.”\r\nAdditional Resources\r\nhttps://www.crowdstrike.com/blog/on-demand-webcast-crowdstrike-experts-on-covid-19-cybersecurity-challenges-and-recommendations/\r\nPage 2 of 3\n\nRead a blog on COVID-19 cybersecurity from CrowdStrike CEO George Kurtz.\r\nLearn about adversary activities around the COVID-19 crisis and get weekly updates in this blog:\r\n\"Situational Awareness: Cyber Threats Heightened by COVID-19 and How to Protect Against Them.\"\r\nLearn more about the cybersecurity challenges during COVID-19 and recommendations for securing your\r\nremote workforce in blogs by CrowdStrike CTO Mike Sentonas and Chief Product and Engineering Officer\r\nAmol Kulkarni.\r\nAccess resources to help you ensure the security of your organization and remote workers by visiting the\r\nCrowdStrike COVID-19 resource webpage.\r\nDownload the CrowdStrike 2020 Global Threat Report.\r\nSource: https://www.crowdstrike.com/blog/on-demand-webcast-crowdstrike-experts-on-covid-19-cybersecurity-challenges-and-recommendati\r\nons/\r\nhttps://www.crowdstrike.com/blog/on-demand-webcast-crowdstrike-experts-on-covid-19-cybersecurity-challenges-and-recommendations/\r\nPage 3 of 3", "extraction_quality": 1, "language": "EN", "sources": [ "MITRE" ], "references": [ "https://www.crowdstrike.com/blog/on-demand-webcast-crowdstrike-experts-on-covid-19-cybersecurity-challenges-and-recommendations/" ], "report_names": [ "on-demand-webcast-crowdstrike-experts-on-covid-19-cybersecurity-challenges-and-recommendations" ], "threat_actors": [ { "id": "e8e18067-f64b-4e54-9493-6d450b7d40df", "created_at": "2022-10-25T16:07:24.515213Z", "updated_at": "2026-04-10T02:00:05.018868Z", "deleted_at": null, "main_name": "Mummy Spider", "aliases": [ "ATK 104", "Gold Crestwood", "Mummy Spider", "TA542" ], "source_name": "ETDA:Mummy Spider", "tools": [ "Emotet", "Geodo", "Heodo" ], "source_id": "ETDA", "reports": null }, { "id": "506404b2-82fb-4b7e-b40d-57c2e9b59f40", "created_at": "2023-01-06T13:46:38.870883Z", "updated_at": "2026-04-10T02:00:03.128317Z", "deleted_at": null, "main_name": "MUMMY SPIDER", "aliases": [ "TA542", "GOLD CRESTWOOD" ], "source_name": "MISPGALAXY:MUMMY SPIDER", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "61ea51ed-a419-4b05-9241-5ab0dbba25fc", "created_at": "2023-01-06T13:46:38.354607Z", "updated_at": "2026-04-10T02:00:02.939761Z", "deleted_at": null, "main_name": "APT23", "aliases": [ "BRONZE HOBART", "G0081", "Red Orthrus", "Earth Centaur", "PIRATE PANDA", "KeyBoy", "Tropic Trooper" ], "source_name": "MISPGALAXY:APT23", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "bef7800a-a08f-4e21-b65c-4279c851e572", "created_at": "2022-10-25T15:50:23.409336Z", "updated_at": "2026-04-10T02:00:05.319608Z", "deleted_at": null, "main_name": "Tropic Trooper", "aliases": [ "Tropic Trooper", "Pirate Panda", "KeyBoy" ], "source_name": "MITRE:Tropic Trooper", "tools": [ "USBferry", "ShadowPad", "PoisonIvy", "BITSAdmin", "YAHOYAH", "KeyBoy" ], "source_id": "MITRE", "reports": null }, { "id": "578f8e62-2bb4-4ce4-a8b7-6c868fa29724", "created_at": "2022-10-25T16:07:24.344358Z", "updated_at": "2026-04-10T02:00:04.947834Z", "deleted_at": null, "main_name": "Tropic Trooper", "aliases": [ "APT 23", "Bronze Hobart", "Earth Centaur", "G0081", "KeyBoy", "Operation Tropic Trooper", "Pirate Panda", "Tropic Trooper" ], "source_name": "ETDA:Tropic Trooper", "tools": [ "8.t Dropper", "8.t RTF exploit builder", "8t_dropper", "ByPassGodzilla", "CHINACHOPPER", "CREDRIVER", "China Chopper", "Chymine", "Darkmoon", "Gen:Trojan.Heur.PT", "KeyBoy", "Neo-reGeorg", "PCShare", "POISONPLUG.SHADOW", "Poison Ivy", "RoyalRoad", "SPIVY", "ShadowPad Winnti", "SinoChopper", "Swor", "TSSL", "USBferry", "W32/Seeav", "Winsloader", "XShellGhost", "Yahoyah", "fscan", "pivy", "poisonivy" ], "source_id": "ETDA", "reports": null }, { "id": "86182dd7-646c-49c5-91a6-4b62fd2119a7", "created_at": "2025-08-07T02:03:24.617638Z", "updated_at": "2026-04-10T02:00:03.738499Z", "deleted_at": null, "main_name": "BRONZE HOBART", "aliases": [ "APT23", "Earth Centaur ", "KeyBoy ", "Pirate Panda ", "Red Orthrus ", "TA413 ", "Tropic Trooper " ], "source_name": "Secureworks:BRONZE HOBART", "tools": [ "Crowdoor", "DSNGInstaller", "KeyBoy", "LOWZERO", "Mofu", "Pfine", "Sepulcher", "Xiangoop Loader", "Yahaoyah" ], "source_id": "Secureworks", "reports": null }, { "id": "2ac83159-1d9d-4db4-a176-97be6b7b07c9", "created_at": "2024-06-19T02:03:08.024653Z", "updated_at": "2026-04-10T02:00:03.672512Z", "deleted_at": null, "main_name": "GOLD CRESTWOOD", "aliases": [ "Mummy Spider ", "TA542 " ], "source_name": "Secureworks:GOLD CRESTWOOD", "tools": [ "Emotet" ], "source_id": "Secureworks", "reports": null } ], "ts_created_at": 1775434649, "ts_updated_at": 1775792143, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/86daccefefc7a00cf34e663f852f8c4879fe0641.pdf", "text": "https://archive.orkl.eu/86daccefefc7a00cf34e663f852f8c4879fe0641.txt", "img": "https://archive.orkl.eu/86daccefefc7a00cf34e663f852f8c4879fe0641.jpg" } }