True North Networks Blog
Hackers are using coronavirus concerns to trick you, cybersecurity pros warn
Hackers and cybercriminals have been leveraging the hype and fear connected with the growing COVID-19 pandemic as a tool to steal passwords and data.
Coronavirus-themed domain registrations are 50% more likely to be from malicious actors, Check Point Software Technologies Ltd. CHKP-2.93% found in a study. Since that report was released last week, there have been some high-profile examples, most notably an attack aimed at a popular interactive COVID-19 tracking map maintained by Johns Hopkins University.
Noted security blogger Brian Krebs reported Thursday that the map has been targeted by hackers who are selling malware claiming to compromise the map and infect users. Johns Hopkins spokeswoman Jill Rosen said the university is aware of the malware that impersonates its COVID-19 site, and warned users to only trust the maps at its own site and one maintained by ArcGIS. The malware requires users to download software to generate the fake map, Rosen told MarketWatch.
“If you receive an email containing a link to download such an item or come across the code for the malicious app please report it immediately to the Esri incident response team through ArcGIS Trust Center security concern page,” Rosen said in a statement.
Just as doctors say frequent hand-washing and respiratory hygiene is the best defense against the coronavirus, cybersecurity professionals stress that computer users need to be more wary of what they click, such as not downloading an email attachment from an unknown source, and other tips offered by the Cybersecurity and Infrastructure Security Agency.
These ploys of tricking computer users to download malware by tapping into fear and anxiety are as old as the internet, said Charles Poff, chief information security officer at SailPoint Technologies Holdings Inc. SAIL-21%
“Despite international efforts to quell the virus, the World Health Organization recently classified this as a global pandemic; online scammers are trying to exploit this uncertainty through phishing attempts and bunk domain names,” Poff said.
“An email seemingly from the CDC is trying to lure vulnerable people into clicking links to learn more about the virus but ultimately leading them astray,” Poff said. “Not only am I recommending people to be cautious about opening email and files received from unknown senders, but also to beware of look-alike domains that are phony websites.”
SailPoint noted that students and staff from universities that were canceling classes were also falling prey to hackers. Discovered by San Francisco-based Abnormal Security, one attack uses an email that looks like it is coming from the school’s “health team” leading to a fake login page that tries to steal the victim’s credentials.
Check Point researchers said Thursday that they found hackers based in China have been using rich text format, or RTF, coronavirus warnings against public-sector workers in Mongolia. If a target opens the RTF document, it attacks Microsoft Corp.’s MSFT-14.74% Word application, and seeks to take screenshots, list files and directories and download files.