COVID-Related Cybersecurity Attacks To Be Aware Of

April 28, 2020

COVID-19 Creates an Environment Rife With Cyberthreats

COVID-19 has unveiled a bad actor's ideal playground. That’s because cybercriminals and scammers prey on human emotions like fear, curiosity, urgency, and uncertainty—and the coronavirus pandemic brings out all these feelings in spades.

During times like these, many people inadvertently drop their guard because they're stressed and less alert. That causes them to ignore signs that would normally raise red flags.

For that reason, we've rounded up some of the recent coronavirus-related schemes of which you should be aware, along with a few tips to help prevent any potential attacks.

Woman holding a tablet while at work in a cybersecurity center.

Phishing and Email Attacks

As soon as word about COVID-19 began to spread, so did a flood of phishing campaigns. Researchers at Check Point spotted more than 4,000 newly registered malicious domains with the coronavirus theme in just two months.

  • Numerous phishing campaigns, scammers are now distributing malware by impersonating global and national health authorities.
  • In one scam, emails appearing to come from the Centers for Disease Control or other agencies contain malicious attachments disguised as coronavirus prevention tips. Malware observed in these attacks includes banking Trojan Trickbot and credential-stealing spyware Fareit.
  • A malicious email claiming to contain advice from the World Health Organization (WHO) included an executable attachment with a new variant of keylogger malware HawkEye.
  • Various organizations, such as the Massachusetts Institute of Technology, are reporting “internal" emails with links or attachments related to coronavirus information.

Mobile-Device Attacks

New Android apps—coming from third-party sites rather than the Android PlayStore—offer fake coronavirus impact maps. Since they use data provided by the official Johns Hopkins coronavirus tracker, these apps look entirely legitimate.

  • One app, called corona live 1.1, tracked users with spyware that had previously been used in other malware campaigns.
  • Another app, COVID19 tracker, contained ransomware. Once enabled, it pushed a note saying the user’s phone was encrypted, demanding bitcoin payment.

Suspicious Websites

Scammers are also launching malicious websites that feed on the public's fears.

Attacks on Government Agencies

Cybercriminals are going straight after government agencies to spread malware.

Be Wary of New Scams

With governments around the world providing aid programs to their citizens and businesses, expect to see an avalanche of phishing and other scams that take advantage of this activity.

Some targeted campaigns are already circulating:

In the U.S., similar scams will be forthcoming now that Congress has passed the CARES Act to provide payments to many Americans. Additionally, be on the lookout for charitable donation scams, as cybercriminals take advantage of people's goodwill to help those impacted by the pandemic.

Prevention Tips

With all of this in mind, what should you do? As we've come to learn, some of the best practices to protect against these threats include:

User awareness 

Educate users to be skeptical about any COVID-19 emails and text messages containing links and attachments. Train them on how to spot phishing attacks and conduct periodic penetration tests and simulated phishing attacks.

If your employees use personal devices for work, it's also essential to educate them about the risks of apps that don't come from an official marketplace offered by Apple, Google, or Microsoft. While plenty of malicious apps already make their way to the operating platforms' app stores, risk increases exponentially outside of these marketplaces.

Mobile device security

Protect your mobile workforce by adopting strong endpoint security and ensuring mobile devices are up to date. Require employees to enable multifactor authentication (MFA) and to use secure connections such as an enterprise-class virtual private network (VPN).

24x7 network monitoring

Even the most-sophisticated users get fooled by phishing and other scams. That’s why you need to monitor your network 24x7 for anomalies to quickly detect and respond to threats, and minimize the impact of security incidents on your network.

At Arctic Wolf, we'll continue to provide resources and actionable tips for keeping your organization secure during these trying times. Stay safe—and secure.

Need Help?

If your organization needs help staying protected against cyberthreats, a managed detection and response solution may be the answer. Contact Arctic Wolf to learn how you can take advantage of our expertise.

Previous Article
COVID-19 Weekly Threat Roundup: May 1
COVID-19 Weekly Threat Roundup: May 1

The May 1 COVID-19 Weekly Threat Roundup includes news on recent cyberattacks, along with attack vectors, I...

Next Article
COVID-19 Weekly Threat Roundup: April 24
COVID-19 Weekly Threat Roundup: April 24

COVID-19 Weekly Threat Roundup includes info on the latest cyberattacks, with attack vectors, IOCs, and sec...