Cybercriminals are now using the panic brought about by the rising case of COVID-19 reports cybersecurity solutions firm, Kaspersky, which has been detecting new attack tools being used by malicious threat actors related to COVID-19.
According to the global cybersecurity provider, since the first week of February malicious PDF, MP4, and DOCX files disguised as documents relating to the then newly-discovered coronavirus. A week after, experts unmasked phishing emails sent to individuals concerned about the virus. To make it more believable, the cybercriminals used the Center for Disease Control and Prevention, a real organization in the US, as the source of an email with recommendations about the coronavirus.
The email looks legitimate, until you click the convincing domain, cdc-gov.org, and find yourself at an Outlook-like log-in page, a phishing page meant to steal email credentials.
More recently, Kaspersky detected emails offering products such as masks, and then the topic became more commonly used in Nigerian spam emails. Researchers also found scam emails with phishing links and malicious attachments.
One of the latest spam email campaign found mimics the World Health Organization (WHO), showing that cybercriminals recognize and are capitalizing on the important role of global organizations in providing trustworthy information about the coronavirus.
This scam gives users emails allegedly from WHO, which supposedly offer information about safety measures to be taken to avoid infection. Once the user clicks on the link embedded in the email, they are redirected to a phishing website and prompted to share personal information which ends up in the hands of cybercriminals.
This scam looks more realistic than other examples Kaspersky experts have seen lately, such as alleged donations from the World Bank or IMF for anyone who needs a loan.
Kaspersky detection technologies have also found malicious files disguised as documents related to the virus. The malicious files were masked under the guise of PDF, MP4, DOCX files about the coronavirus. The names of the files imply that they contain video instructions on how to protect yourself from the virus, updates on the threat, and even virus detection procedures, which is not actually the case. These files contained a range of threats, from Trojan to worms, which are capable of destroying, blocking, modifying or copying data, as well as interfering with the operation of computers or computer networks.
Some of these files are spread via email. An example of this is the excel file supposedly containing the list of names of affected victims supposedly sent by the WHO. The file turned out to be a Trojan-Downloader, which secret downloads and installs other malicious files. The second file is a Trojan-Spy designed to gather various data, including passwords, from the infected device and send it to the attacker.
“While medical experts are rushing to find a cure against coronavirus, it is clear that cybercriminals are equally busy trying new techniques and tactics to milk money on organizations and individuals by exploiting the public panic on this current epidemic. Our detections in the APAC region is just the tip of the iceberg. We urge everyone to keep calm but be very cautious at the same time,” comments Stephan Neumeier, managing director for Asia Pacific, Kaspersky.
In the APAC region, Kaspersky has detected 93 coronavirus-related malware in Bangladesh, 53 in the Philippines, 40 in China, 23 in Vietnam, 22 in India and 20 in Malaysia. Single-detections were monitored in Singapore, Japan, Indonesia, Hong Kong, Myanmar, and Thailand.
“We would encourage companies to be particularly vigilant at this time, and ensure employees who are working at home exercise caution. Businesses should communicate clearly with workers to ensure they are aware of the risks, and do everything they can to secure remote access for those self-isolating or working from home,” said David Emm, principal security researcher, Kaspersky.
“It is a known fact that once devices are taken outside of a company’s network infrastructure and are connected to new networks and WIFI, the risks to corporate information increase. It is high time that we boost not only our physical immunity but also our networks’ security against these damaging attacks,” adds Neumeier.
There are a number of steps that can be taken to reduce the cyber-risks associated with home working. Kaspersky advises the following:
- Provide a VPN for staff to connect securely to the corporate network
- All corporate devices — including mobiles and laptops — should be protected with appropriate security software, including mobile devices (e.g. allowing data to be wiped from devices that are reported lost or stolen, segregating personal and work data, along with restricting which apps can be installed)
- Always implement the latest updates to operating systems and apps
- Restrict the access rights of people connecting to the corporate network
- Ensure that staff are aware of the dangers of responding to unsolicited messages
- Employ training and activities which will educate employees about cybersecurity basics, for example, to not open or store files from unknown emails or websites as they could be harmful to the whole company
- Enforce the use of legitimate software, downloaded from official sources.
- Make backups of essential data and regularly update IT equipment and applications to avoid unpatched vulnerabilities that can become a reason for a breach.