The experts of Libraesva, a leading Italian company in the development and supply of advanced email security solutions, had identified the first attack on a large scale. A phishing email campaign with a link inside that boasted insights into the Coronavirus but led to a phishing page. It was then the turn of Check Point Research, which through the Global Threat Index of January 2020 warned that the coronavirus already became a vehicle for the spread of malware, and in particular the dreaded Emotet. SophosLabs highlighted a massive spam attack last week, spreading Trickbot malware, which steals sensitive data and passwords.
The Ministry of the Interior also raised the alarm on an email with a compressed Excel file attached that downloaded the RAT malware called “Pallax” to the computer of the unfortunate. It allowed hackers to take control of the device.
The precautions to be taken in order not to fall into the trap are the same in all cases.
If the subject of the message touches on a problem that is of great interest or that worries the public, the alert must be maximum. Cybercriminals know that the emotional component increases the success of a criminal operation.
Sender: Never assume that the sender is truthful. Any name can be entered arbitrarily in the “from” field of the emails.
Mistakes: Spam emails are often littered with grammatical or spelling errors. It is a detail to look for carefully and it is an unequivocal sign of a scam. The same goes for logos that are out of focus or with some minimal difference from the original.
Links: You should not click on links contained in emails. If the topic in question really interests, better conduct research independently, without clicking anything from the email. Look-are often used alike URLs– web addresses that resemble the original, except for one more or one less letter.
Personal data: Never enter personal data, especially passwords, on a site. In general, this is not a move to make, unless you are linked to a well-known login page.
Who has realized that you have entered your credentials on an insecure site, hurry to change your password promptly, before scammers can use it
The above is even more valid when information arrives via social media. Concurrent with the COVID-19 epidemic, there has been a proliferation of fake news via WhatsApp. Thanks to the fact that news shared from group to group become viral in a few hours, the social network has become a vehicle for digital infection. In addition to completely unreliable news, false messages at best generate completely unwarranted fear and panic at a time when keeping calm is imperative.
The only reliable information is published on institutional websites. When your contact or a group disseminates information, it is, therefore, a good idea to check it before taking it as true. If it is not, or if it is not possible to verify it, it is good to appeal to your civic sense and avoid “making it run”.
Another potential source of income for cybercriminals is Smart Working. COVID-19 has made many Italian companies discover that employees can work from home. Those that already applied smart working policies have extended them to the entire working week until a date to be decided. It is an opportunity, but it is also a risk.
Without the right tools, cybersecurity problems can arise. Here’s what companies should do to lower the risk of cyberattacks.
- VPN: Provide employees working from home with a VPN that allows them to securely connect to the corporate network. This should lower the risk threshold for computers that have always been connected only to the corporate network, and are now connected to home networks.
- Security Software: Equip all PCs with appropriate security software. In addition to protection, they must give the possibility to delete sensitive data in case of theft or loss of the mobile device.
- Updates and Access: Operating systems and software must be updated to the latest version. Updates often close security holes that can make you vulnerable.
Restrict the access rights of people who connect to the corporate network. In the absence of a pre-existing configuration, this requires a lot of extra work from the IT staff. However, by implementing these techniques, the damages in case of violation are limited.
- Spam: Make all personnel aware of the risks of replying to unsolicited messages. The reference is to targeted spam and phishing, therefore to emails with malicious attachments or links.
Ransomware Phishing Campaigns
RiskIQ security experts highlight ransomware campaigns targeting companies based in areas affected by the coronavirus outbreak. Cybercriminals would be implementing a well-known technique: phishing campaigns that exploit COVID-19 to infect victims. In this case, the malware used is AZORult.
The attacks mainly affect large companies, which work in markets or with supply chains in areas affected by the coronavirus. AZORult could be used to distribute ransomware. Cybercriminals target people who are tired or overworked, who can click on links in an absent-minded manner. The invitation to prudence and mistrust is therefore renewed.
Spear Phishing and Disinformation Campaigns
FireEye security experts have detected COVID-19-themed spear-phishing attacks globally. They are aimed both at carrying out espionage operations conducted by China, Russia, and North Korea against a series of targets and at carrying out disinformation campaigns. FireEye believes there will continue to be a use of Coronavirus-themed lures by opportunistic and financially motivated attackers due to the global relevance of the issue.
Instead, FireEye detected campaigns that use sending email attachments promising health information about the coronavirus. Too bad the files hide malware like Sogu and Cobalt Strike.
Proofpoint instead reports phishing emails spreading the AgentTesla keylogger and the NanoCore RAT. Both can steal personal information, including financial information.
Fortinet finally indicates “a significant increase in both legitimate and harmful activity based on the Coronavirus”. The malicious activity includes emails that appear to give Coronavirus updates from trusted sources, including governments, news agencies, and more.
the Android ransomware riding the coronavirus
The COVID-19 pandemic is an opportunity that cybercriminals are using to target Android users as well. Thanks to the constant and frantic search for information on the pandemic, and the fact that many consult the news via smartphones. What you need to watch out for is the Covid 19 Tracker app, which promises continuous updates on the spread of the virus in the area where you are. Instead of informing, it installs CovidLock ransomware, a known threat that triggers a screen-lock attack, on your smartphone. The result is that the smartphone is locked and a ransom payment of $ 100 in Bitcoin is required in order to access it again.
Researchers advise to be wary of coronavirus-themed apps, and as a precaution to set a screen lock password. They also remember to rely only on official information sources for news about the pandemic.
“CoronaVirus” ransomware “CoronaVirus”
malware is a new type of ransomware discovered by CyberArk researchers. It spreads through the malicious website WiseCleaner. Best, which automatically downloads the WSHSetup.exe downloader. It is programmed to download and launch other malicious files, including Kpot and CoronaVirus ransomware. The latter encrypts the victim’s data and demands a ransom of 0.008 Bitcoin, about $ 45. This is unusually low for ransomware.
The general tips to prevent bad situations are:
- Do not click on links that you are not sure of the origin
- Do not enter your data on sites you are not sure of
- Change your password often
In any case, the only official information comes from institutional sites, be wary of everyone else.