True North Networks Blog
Security Tips by TNN Cyber Team
Cybercriminals have been taking advantage of the novel coronavirus pandemic to bombard people with phishing emails, spam, and malware since the disease was first reported around the beginning of the year. The goal is to try to ensnare unsuspecting victims curious or concerned about the virus. Since the outbreak went global in February, coronavirus-theme spam has increased by 4,300%. And in just the last 14 days, such spam has skyrocketed by 14,000%. The spammers are employing a variety of tactics to catch people, according to IBM X-Force. Some campaigns target small businesses looking for government relief. Some use ransomware by threatening the health and safety of users if they don't pay. And others impersonate such groups as the World Health organization by promising information on COVID-19 but instead delivering malware.
Here are some of the themes being capitalized on, but expect these to be modified on a daily basis and many added as developments occur.
A Cure from the WHO: Cybercriminals have been targeting health agencies such as the World Health Organization with both direct attacks and spoofs for phishing emails. In this campaign, the emails claim to be from the WHO's Director-General, Dr. Tedros Adhanom Ghebreyesus, with details on drugs to take to prevent and cure the virus. In one instance, an attached document installs a keylogger and info-stealer. In another instance, the emails offer information on a virus vaccine but deliver malware instead.
Local Hospital alerts you of contact with an Infected Person: In a new low, a threat actor is pretending to be from a local hospital telling the recipient that they have been in contact with a colleague, friend, or family member who has tested positive for the COVID-19 virus. The email then tells the recipient to print the attached EmergencyContact.xlsm attachment and bring it with them to the nearest emergency clinic for testing. In fact, that form is a malicious, macro-laden Office document that is at the time of this report detected by only a handful of major anti-virus applications. This malware’s capabilities are incredibly sophisticated and dangerous.
Local Relief Funding: Cybercriminals send spam allegedly with information on how to get relief funds during the virus outbreak. If the user opens the attached document, malware infects the machine to steal online banking credentials.
Small Business Relief Spam: In this instance, spammers send emails claiming to be from the U.S. Small Business Administration with an attachment purporting to be an application for disaster assistance in light of the coronavirus. If someone takes the bait, the malicious file attachment executes malware that installs a Remote Access Trojan (RAT).
Government Stimulus Check Scams: The FBI's Internet Crime Complaint Center (IC3) issued an alert warning of coronavirus-related phishing attacks, particularly surrounding economic stimulus checks. Scammers are leveraging the COVID-19 pandemic to steal your money, your personal information, or both. “Look out for phishing emails asking you to verify your personal information in order to receive an economic stimulus check from the government,” the FBI says. The distribution of economic impact payments will begin in the next three weeks and will be distributed automatically, with no action required for most people. You will not be sent an unsolicited email seeking your private information in order to send you money. Here are the links to the FBI alert and the Stimulus update page: https://www.ic3.gov/media/2020/200320.aspx and https://www.irs.gov/coronavirus
Extortion: Over the past few days, two high-volume spam attacks have arisen, both threatening to infect the recipient and family with COVID-19 if they fail to pay a ransom. The first campaign comes from a spammer who usually specializes in sextortion. With the coronavirus now a worldwide fear, this criminal has simply switched gears to demand $500 in bitcoin or risk being infected in 72 hours.
Fake Apps: As people increasingly work from home and online communication platforms such as Zoom, Teams, Slack, House Party, etc., explode in popularity, cybercriminals are taking advantage of the spike in usage by registering new fake domains and malicious executable files in an attempt to trick people into downloading malware on their devices.
Other Topics: Here are some other topics we have seen used in fraudulent and phishing emails: notice from your internet provider regarding diminished speed or excessive data use, a spoofed email from your IT department with a malicious link to “securely connect to our network from home”, products that claim to prevent, treat, diagnose, or cure COVID-19, counterfeit products such as sanitizing products and personal protective equipment, airline carrier refunds, fake testing kits, and of course requests for charitable and general financial relief funds.
If you have made it this far, congratulations for sticking with me. Most of this is your normal run of the mill phishing, spoofing, and fraud that we see on a daily basis, but when people are fearful and stressed they fall for these tricks much more easily. Our cybersecurity training partner, KnowBe4, has released a free training module: "Internet Security When You Work From Home" this is a Public Service Announcement and anyone, anywhere, anytime can take this course: https://www.knowbe4.com/work-from-home-course
Please share with friends, family and coworkers!