COVID-19 Creates an Environment Rife With Cyberthreats
COVID-19 has unveiled a bad actor's ideal playground. That’s because cybercriminals and scammers prey on human emotions like fear, curiosity, urgency, and uncertainty—and the coronavirus pandemic brings out all these feelings in spades.
During times like these, many people inadvertently drop their guard because they're stressed and less alert. That causes them to ignore signs that would normally raise red flags.
For that reason, we've rounded up some of the recent coronavirus-related schemes of which you should be aware, along with a few tips to help prevent any potential attacks.
Phishing and Email Attacks
As soon as word about COVID-19 began to spread, so did a flood of phishing campaigns. Researchers at Check Point spotted more than 4,000 newly registered malicious domains with the coronavirus theme in just two months.
- Numerous phishing campaigns, scammers are now distributing malware by impersonating global and national health authorities.
- In one scam, emails appearing to come from the Centers for Disease Control or other agencies contain malicious attachments disguised as coronavirus prevention tips. Malware observed in these attacks includes banking Trojan Trickbot and credential-stealing spyware Fareit.
- A malicious email claiming to contain advice from the World Health Organization (WHO) included an executable attachment with a new variant of keylogger malware HawkEye.
- Various organizations, such as the Massachusetts Institute of Technology, are reporting “internal" emails with links or attachments related to coronavirus information.
New Android apps—coming from third-party sites rather than the Android PlayStore—offer fake coronavirus impact maps. Since they use data provided by the official Johns Hopkins coronavirus tracker, these apps look entirely legitimate.
- One app, called corona live 1.1, tracked users with spyware that had previously been used in other malware campaigns.
- Another app, COVID19 tracker, contained ransomware. Once enabled, it pushed a note saying the user’s phone was encrypted, demanding bitcoin payment.
Scammers are also launching malicious websites that feed on the public's fears.
- Several websites offered an “antivirus" program that contained a remote access trojan (RAT) that could perform a variety of actions, including stealing passwords and performing DDoS attacks.
- At least one website leveraged the same Johns Hopkins real-time map as the mobile apps, distributing information-stealing malware AZORult.
Attacks on Government Agencies
Cybercriminals are going straight after government agencies to spread malware.
- One phishing campaign leveraged an open redirect on the U.S. Department of Health and Human Services' website to redirect users to a malicious landing page.
- Hackers tried to break into the WHO's IT systems. The agency said the attack didn't succeed, but warned that attacks against the WHO and its partner agencies have soared.
Be Wary of New Scams
With governments around the world providing aid programs to their citizens and businesses, expect to see an avalanche of phishing and other scams that take advantage of this activity.
Some targeted campaigns are already circulating:
In the U.S., similar scams will be forthcoming now that Congress has passed the CARES Act to provide payments to many Americans. Additionally, be on the lookout for charitable donation scams, as cybercriminals take advantage of people's goodwill to help those impacted by the pandemic.
With all of this in mind, what should you do? As we've come to learn, some of the best practices to protect against these threats include:
Educate users to be skeptical about any COVID-19 emails and text messages containing links and attachments. Train them on how to spot phishing attacks and conduct periodic penetration tests and simulated phishing attacks.
If your employees use personal devices for work, it's also essential to educate them about the risks of apps that don't come from an official marketplace offered by Apple, Google, or Microsoft. While plenty of malicious apps already make their way to the operating platforms' app stores, risk increases exponentially outside of these marketplaces.
Mobile device security
Protect your mobile workforce by adopting strong endpoint security and ensuring mobile devices are up to date. Require employees to enable multifactor authentication (MFA) and to use secure connections such as an enterprise-class virtual private network (VPN).
24x7 network monitoring
Even the most-sophisticated users get fooled by phishing and other scams. That’s why you need to monitor your network 24x7 for anomalies to quickly detect and respond to threats, and minimize the impact of security incidents on your network.
At Arctic Wolf, we'll continue to provide resources and actionable tips for keeping your organization secure during these trying times. Stay safe—and secure.
If your organization needs help staying protected against cyberthreats, a managed detection and response solution may be the answer. Contact Arctic Wolf to learn how you can take advantage of our expertise.