Along with the consistent increase of 2019 coronavirus cases comes the incessant techniques cybercriminals are using to prey on public panic amidst the global epidemic. Kaspersky has continuously been detecting new attack tools being used by malicious threat actors related to COVID-19.
During the first week of February, the global cybersecurity company has since warned the public about malicious pdf, mp4 and docx files disguised as documents relating to the then newly-discovered coronavirus. A week after, experts unmasked phishing emails sent to individuals concerned about the virus. To make it more believable, cybercriminals used the Centers for Disease Control and Prevention, which is a real organization in the United States as the source of an email with recommendations about the coronavirus.
Coronavirus phishing e-mails appear to come from the Centers for Disease Control and Prevention (CDC)
The email looks legitimate initially until you click the convincing domain, cdc-gov.org, and find yourself to an Outlook log-in page, a phishing page is meant to steal email credentials.
Most recently, Kaspersky also detected emails offering products such as masks, and then the topic became more commonly used in Nigerian spam emails. Researchers also found scam emails with phishing links and malicious attachments.
One of the latest spam campaigns mimics the World Health Organization (WHO), showing how cybercriminals recognize and are capitalizing on the important role WHO has in providing trustworthy information about the coronavirus.
Users receive emails allegedly from WHO, which supposedly offer information about safety measures to be taken to avoid infection. Once a user clicks on the link embedded in the email, they are redirected to a phishing website and prompted to share personal information, which ends up in the hands of cybercriminals.
This scam looks more realistic than other examples Kaspersky experts have seen lately, such as alleged donations from the World Bank or IMF for anyone who needs a loan.
An email allegedly from WHO leads to a phishing website that gathers victims’ personal data
Kaspersky detection technologies have also found malicious files disguised as documents related to the virus. The malicious files were masked under the guise of pdf, mp4 and docx files about the coronavirus. The names of files imply that they contain video instructions on how to protect yourself from the virus, updates on the threat and even virus detection procedures, which is not actually the case. In fact, these files contained a range of threats, from Trojans to worms, which are capable of destroying, blocking, modifying or copying data, as well as interfering with the operation of computers or computer networks.
Some malicious files are spread via email. For example, an Excel file distributed via email under the guise of a list of coronavirus victims allegedly sent from the World Health Organization (WHO) was, in fact, a Trojan-Downloader, which secretly downloads and installs another malicious file. This second file was a Trojan-Spy designed to gather various data, including passwords, from the infected device and send it to the attacker.
An infected Excel file was attached in the email that allegedly included information about the victims of coronavirus
“While medical experts are rushing to find a cure against coronavirus, it is clear that cybercriminals are equally busy trying new techniques and tactics to milk money on organizations and individuals by exploiting the public panic on this current epidemic. Our detections in the APAC region is just the tip of the iceberg. We urge everyone to keep calm but be very cautious at the same time,” comments Stephan Neumeier, Managing Director for Asia Pacific at Kaspersky.
In APAC, Kaspersky has detected 93 coronavirus-related malware in Bangladesh, 53 in the Philippines, 40 in China, 23 in Vietnam, 22 in India and 20 in Malaysia. Single-digit detections were monitored in Singapore, Japan, Indonesia, Hong Kong, Myanmar, and Thailand.
“We would encourage companies to be particularly vigilant at this time, and ensure employees who are working at home exercise caution. Businesses should communicate clearly with workers to ensure they are aware of the risks, and do everything they can to secure remote access for those self-isolating or working from home,” comments David Emm, principal security researcher, Kaspersky.
“It is a known fact that once devices are taken outside of a company’s network infrastructure and are connected to new networks and WIFI, the risks to corporate information increase. It is high time that we boost not only our physical immunity but also our networks’ security against these damaging attacks,” adds Neumeier.
There are a number of steps that can be taken to reduce the cyber-risks associated with home working. Kaspersky advises the following:
- Provide a VPN for staff to connect securely to the corporate network
- All corporate devices – including mobiles and laptops – should be protected with appropriate security software, including mobile devices (e.g. allowing data to be wiped from devices that are reported lost or stolen, segregating personal and work data, along with restricting which apps can be installed)
- Always implement the latest updates to operating systems and apps
- Restrict the access rights of people connecting to the corporate network
- Ensure that staff are aware of the dangers of responding to unsolicited messages
- Employ training and activities which will educate employees about cybersecurity basics, for example, to not open or store files from unknown emails or websites as they could be harmful to the whole company
- Enforce use of legitimate software, downloaded from official sources.
- Make backups of essential data and regularly update IT equipment and applications to avoid unpatched vulnerabilities that can become a reason of a breach