Coronavirus & Cyber Attacks
Opportunist crooks are exploiting coronavirus as part of their phishing attacks, malware, ransomware and more. Sound
The National Cyber Security Centre (NCSC) is warning that criminals are looking to exploit the spread of coronavirus to conduct cyberattacks and hacking campaigns. They have spotted scams that look to take advantage of COVID-19 for their own malicious ends. Attacks include phishing attacks, credential theft, bitcoin and financial fraud, ransomware campaigns and more. In many cases, attacks are based around phishing emails containing links or attachments that claim to contain important information about the virus. Once opened, these infect the PC with malware that can be used to exploit the infected victim.
The NCSC says it has taken measures to automatically uncover and remove malicious websites run by cyber criminals running coronavirus scams and other malicious activity. This action comes after what the security agency describes as an increase in the registration of webpages relating to coronavirus, something the NCSC suspects to be the work of cyber criminals looking to exploit the outbreak. The agency warns that, as the outbreak intensifies, it's likely that the volume of hacking incidents looking to exploit coronavirus will also rise. "We know that cyber criminals are opportunistic and will look to exploit people's fears, and this has undoubtedly been the case with the coronavirus outbreak," said Paul Chichester, director of operations at the NCSC. "Our advice to the public is to follow our guidance, which includes everything from password advice to spotting suspect emails." "In the event that someone does fall victim to a phishing attempt, they should look to report this to Action Fraud as soon as possible."
They included a Trickbot trojan malware campaign disguised as medical advice about COVID-19 as detailed by Sophos, while researchers at Proofpoint have also identified a number of coronavirus-themed hacking campaigns that install malware including Emotet, NanoCore and Azorult. Security researchers have also warned that state-sponsored hacking campaigns are also beginning to use coronavirus as lures in attacks. The World Health Organisation (WHO) and the US Federal Trade Commission have both also warned about scammers spreading coronavirus-related phishing attacks via email and social media. Phoney emails about health advice and more are being used to steal login credentials and financial details. Cyber criminals are aiming to take advantage of fears over coronavirus as a means of conducting phishing attacks and spreading malware, along with stealing login credentials and credit card details. Cybersecurity companies have identified a number of campaigns by hackers who are attempting to exploit concerns about the COVID-19 outbreak for their own criminal ends. Crooks often use current affairs to make their scams more timely.
The message text claims to offer advice from the World Health Organization (WHO) in a Word document that claims to be produced using an earlier version of Microsoft Word that means the user needs to enable macros in order to see the content. By doing this, it executes a chain of commands that installs Trickbot on the machine. Researchers at Sophos have identified a Trickbot banking trojan campaign specifically targeting Italian email addresses in an attempt to play on worries about the virus. As a banking trojan, Trickbot is primarily used to steal confidential information from victims – but once installed on a machine, it can also be used as a surrogate for installing other forms of malware, be that for the initial attacker, or leased out to other cyber criminals.
"The cybercriminals behind Trickbot are likely skilled attackers who leverage the concern of the day to scare people into clicking. While this is in Italy now, we would expect a similar attack in other countries where fears of COVID-19 outbreaks are high," said Chester Wisniewski, principal research scientist at Sophos. "The best approach to avoid this type of cyberattack is to turn off macros, be extra cautious about what you click, and delete email that is suspicious or from an unexpected source," he added.