“Every country in the world has seen at least one COVID-19 themed attack”
"The tricky and pervasive Trickbot and Emotet malware are very active and rebranding their lures to take advantage of the COVID-19 outbreak."
"Microsoft tracks thousands of email phishing campaigns relating to the outbreak that cover millions of malicious messages every week."
These are just some of the headlines from a report on threat intelligence during COVID-19 published by Microsoft.
Ready or not, most organizations were thrust into working from home, which means employees and devices are now accessing sensitive corporate data across home networks. In addition, cybercriminals are making the most out of the situation and taking advantage of the coronavirus crisis. Amongst others, they are exploiting the public’s fear of rising coronavirus cases through:
Unfortunately, it is working, for one, because the attack surface has changed as many organizations are going digital without much preparation which exposes them to even more potential threats. However, most of the recent cyberattacks are exploiting fears, often as a result of disinformation and fake news, around the COVID-19 outbreak.
1. Email phishing
In a report published by Group-IB, it states that most COVID-19 related phishing emails were transmitted with AgentTesla (45%), NetWire (30%), and LokiBot (8%) – in all cases embedded as attachments with the goal of stealing personal and financial data. These emails masqueraded as health advisories from amongst others the World Health Organization, UNICEF, and other international agencies and companies such as Maersk, Pekos Valves, and CISCO.
2. Mobile malware and apps
Check Point Research, in turn, uncovered that at least 16 different mobile apps claim to offer outbreak-related information, but instead contained malware such as Hiddad and banker Trojans such as Cerberus. Again, the aim was to steal users’ personal information or generate fraudulent revenues from premium-rate services. Malware is further distributed via Google Play apps, using coronavirus-related keywords to rank in gameplay store searches.
3. Malicious websites
It seems bulk buying didn’t stop in the toilet paper aisles as Check Point’s Global Threat Index shows that cybercriminals have been very busy registering coronavirus-related domain names which will undoubtedly be used for phishing attempts. It is only natural that people will be searching online for the latest information and updates on how it might affect them – and this is where cybercriminals strike.
COVID-19 will be remembered as one of the most severe challenges that humans have faced, presenting health, business, and security risks to individuals and organizations across the world. Cybercriminals’ opportunistic activities acerbate this challenge, destabilize critical infrastructure and create panic. The only solution is to be prepared.
If you found this post interesting, you might enjoy these too: