There are numerous questions and concerns surrounding the COVID-19 pandemic, making it the perfect situation for cybercriminals to exploit. Bad actors have created websites, apps, and email campaigns, which seem to provide helpful and credible information, but in reality, they’re intended to infect computer systems with trojans, ransomware, bots, and other forms of malware. Here are some popular techniques threat actors are using to take advantage of this pandemic.
Email Spam from Spoofed Domains
Trend Micro reports that 65.7% of emails about COVID-19 are actually phishing emails used to manipulate users. These emails, when clicked on, can give cybercriminals access and control over the user’s devices. Since they seem to be from legitimate domains like who.int, World Health Organization (WHO) or whitehouse.gov, users tend to trust they are authentic. Here is an example:
This email came from a spoofed WHO email domain and pretends to provide prevention and cure guidelines in the attachments. The attachments actually contain malware that runs in the background and takes screenshots and logs keystrokes to steal username and passwords.
Many phishing campaigns falsely position themselves as soliciting donations to help COVID-19 victims. Remember: It’s very unlikely that the government and international organizations would solicit donations via emails.
Malware and Ransomware
Internet users tend to seek information about the pandemic from numerous, and sometimes unreliable and even malicious, sources. Opportunistic attackers are taking advantage of the situation from the shadows, targeting everyone from global corporations to mobile device users. According to Trend Micro, about 26.8% of threats are from COVID-19-themed malware and ransomware campaigns.
Researchers at Lookout, a mobile endpoint security service, have tracked a malicious Android application called "corona live 1.1," which is actually surveillance spyware. Upon first launch, the app informs the user that it doesn’t require special access privileges, but subsequently proceeds to request access to photos, files, device location, as well as permission to take pictures, and record videos. Attackers are spoofing a legitimate app called "corona live,” a Johns Hopkins University tracker dedicated to provide information on COVID-19 global cases.
As the healthcare system continues to battle the COVID-19 outbreak, their efforts are being complicated by ransomware. On March 12, the Champaign Urbana Public Health District (CHUPD) in Illinois had to set up an alternate website as it deals with a ransomware infection that took down its primary site. CHUPD confirmed that their system was infected by ransomware-as-a-service called Netwalker, also known as Mailto.
How to Protect Yourself and Your Business
As long as COVID-19 is top of everyone's mind and a topic of interest, cybercriminals are likely to exploit our fears and concerns. Any industry—enterprise to SMB—could become a target of such cyberattack. We recommend following these best practices:
Conduct a Security Assessment: The COVID-19 crisis has forced most employees to work from home, using VPN to access work-related resources on the corporate network. Unprepared for this change in the work environment, a lot of companies are facing unknown vulnerabilities in their network security as remote workers connect to the network using personal devices.
BlackHawk Data offers a thorough and pain-free Network and Security Optimization Assessment that provides a holistic view into your entire infrastructure, and helps you secure your environment to catch zero-day threats before they become breaches.
Educate End Users on Security: It’s concerning that most attacks find their breakthrough via a company’s own employees downloading malware. Educating your employees on how to not fall prey to savvy hackers and keeping them informed of the company’s security policy is a key line in your defenses. We also recommend you adapt a Principle of Least Privilege (PoLP) all across the organization, giving users only the bare minimum privileges necessary to perform their jobs—whether remote or on location.
Avoid Phishing Scams: Phishing emails are widely used by attackers to convince users to download infected files, and provide personal and confidential information. These emails have certain characteristics like a generic greeting, urgency to act promptly, and lure into clicking an URL or attachments. Users should treat emails with a healthy dose of skepticism—especially if files are unsolicited.
Implement System Upgrades and Software Patches: Security researchers have shown that installing system and software updates is the best defense against common viruses and malware. Software makers often release updates to address specific security threats that have come to their attention. If your IT team is short staffed or overworked, BlackHawk Data can help by handling your regularly scheduled updates, upgrades and patches.
BlackHawk Data is Here to Help
The BlackHawk Data team of engineers are ready to help you overcome the headaches that opportunistic threat actors are creating for your business. From empowering your remote workforce to helping you scale as needed to stay on top of this disruption. The BlackHawk Data team has always been there when you needed us most. We’re here to help.
By Md Shamim Sharafat, Network Engineer, BlackHawk Data