“Every country in the world has seen at least one COVID-19 themed attack,” said Rob Lefferts, corporate vice president for Microsoft 365 Security. These attacks, however, account for less than 2% of all attacks analyzed by Microsoft on a daily basis.
“Our data shows that these COVID-19 themed threats are retreads of existing attacks that have been slightly altered to tie to this pandemic,” Lefferts added. “This means we’re seeing a changing of lures, not a surge in attacks.”
1 — Mobile Malware
Check Point Research uncovered at least 16 different mobile apps, which claimed to offer information related to the outbreak but instead contained malware, including adware (Hiddad) and banker Trojans (Cerberus), that stole users’ personal information or generated fraudulent revenues from premium-rate services.
“Skilled threat actors are exploiting people’s concerns about coronavirus to spread mobile malware, including Mobile Remote Access Trojans (MRATs), banker trojans, and premium dialers, via apps which claim to offer Coronavirus-related information and help for users,”
2 — Email Phishing
In a separate report published today and shared with Salam Digital, cybersecurity firm Group-IB claims to have found that most COVOD-19 related phishing emails came with AgentTesla (45%), NetWire (30%), and LokiBot (8%) embedded as attachments, thereby allowing the attacker to steal personal and financial data.
The emails, which were sent between February 13 and April 1, 2020, masqueraded as health advisories from the World Health Organization, UNICEF, and other international agencies and companies such as Maersk, Pekos Valves, and CISCO.
3 — Discounted off-the-shelf Malware
Group-IB’s research also found more than 500 posts on underground forums where users offered coronavirus discounts and promotional codes on DDoS, spamming, and other malware services.
This is consistent with Check Point Research’s earlier findings of hackers promoting their exploit tools on the darknet with ‘COVID19’ or ‘coronavirus’ as discount codes.
4 — SMS Phishing
The US Cybersecurity and Infrastructure Security Agency (CISA) and the UK’s National Cyber Security Centre (NCSC) also issued a joint advisory about fake SMS messages from senders such as “COVID” and “UKGOV” which contain a link to phishing sites.
“In addition to SMS, possible channels include WhatsApp and other messaging services,” CISA cautioned.
5 — Face Mask and Hand Sanitizer Scams
Europol recently arrested a 39-year-old man from Singapore for allegedly attempting to launder cash generated from a business email scam (BEC) by posing as a legitimate company that advertised the fast delivery of FFP2 surgical masks and hand sanitizers.
An unnamed pharmaceutical company, based in Europe, was defrauded out of €6.64 million after the items were never delivered, and the supplier became uncontactable. Europol had previously seized €13 million in potentially dangerous drugs as part of a counterfeit medicine trafficking operation.
6 — Malicious Software
As people increasingly work from home and online communication platforms such as Zoom and Microsoft Teams become crucial, threat actors are sending phishing emails that include malicious files with names such as “zoom-us-zoom_##########.exe” and “microsoft-teams_V#mu#D_##########.exe” in a bid to trick people into downloading malware on their devices.
7 — Ransomware Attacks
The International Criminal Police Organization (Interpol) warned member countries that cybercriminals are attempting to target major hospitals and other institutions on the front lines of the fight against COVID-19 with ransomware.
“Cybercriminals are using ransomware to hold hospitals and medical services digitally hostage, preventing them from accessing vital files and systems until a ransom is paid,” Interpol said.
Protecting Yourself from Coronavirus Threats Online
“Malicious cyber actors are continually adjusting their tactics to take advantage of new situations, and the COVID-19 pandemic is no exception,” CISA said.
“Malicious cyber actors are using the high appetite for COVID-19-related information as an opportunity to deliver malware and ransomware, and to steal user credentials. Individuals and organizations should remain vigilant.”
The NCSC has offered guidance on what to look out for when opening coronavirus-themed emails and text messages that contain links to such fake websites.
In general, avoid clicking on links in unsolicited emails and be wary of email attachments, and do not make meetings public and ensure they are protected by passwords to prevent videoconferencing hijacking.