Even when a deadly global pandemic has affected and killed hundreds and thousands worldwide, hackers continue to carry out phishing and password-stealing attacks. Hackers, like all us, might be staying at home, but there are not taking a break from their activities.
Forcepoint, a security firm, reports of finding numerous new malware and phishing scams that exploit people’s fears regarding the pandemic COVID-19. The tactics are old, attempts to steal passwords, scam ads selling fake products, etc. But this doesn’t imply that these attacks aren’t harmful.
Experts reveal that hackers are taking advantage of the disturbance caused by the virus to target people and steal their personal information by impersonating as trustworthy figures. According to Yeo Siang Tiong from Kaspersky, although the virus was mostly limited in China by the first week of February, there was an increase in malicious file distribution circulating as real documents containing information about the virus.
BBC reports of phishing emails in English, French, Italian, Japanese, and Turkish. And it is not only individuals who are the target, but cybercriminals are also affecting industries that include aerospace, transport, manufacturing, hospitality, healthcare, and insurance.
Phishing emails with malicious attachments
With countries practicing social distancing and everything in a lockdown, people are stuck at home and using the web, a bit more than usual. This includes employees, and as a result, increases the chances of attacks. Phishing attacks are attempts to steal emails, passwords, and other credentials.
Forcepoint talks of an example where you get an email that seems to have a voicemail link containing COVID-19 update. The emails have a small HTML file that takes the user to a hoax Microsoft Outlook login page where they have to log in for accessing the voicemail. This is an attempt to get hold of user passwords. And it may look like the real deal but is not. Apart from looking at the URL, there is no way of knowing that the page is fake.
Chief security officer Etay Maor at IntSights, a cyber-intelligence firm, revealed that there were just 190 domain names with the terms COVID/corona last year. By the end of March, more than 70,000 domain names related to these terms popped up. Some of them are legit, some were just names that people registered, but there were some phishing attacks as well.
Spam Messages with Cures
People are on edge right now and anxious about what the future will hold. This mental state makes it all the more convenient to find comfort in false advice regardless of how damaging it could be. Spams messages with fake products, virus-proofing methods, and promises of natural cures from the coronavirus are making rounds on the internet. These emails contain links to suspicious websites and other scams so hackers can get hold of user credentials and rip them off their money.
To educate people and give them information, authorities publish statistics online. They also get in touch with those who may have been exposed to someone infected with the virus.
This, again, allows cybercriminals to prey on people’s fear. And they impersonate as health authorities and send scam emails to people. They send phishing emails regarding COVID-19, impersonating as trusted sources and government bodies like the U.S. Center for Disease Control and Prevention, Department of Homeland Security in the U.S., World Health Organization, and the Chinese health ministry. These attacks are challenging because hackers are not targeting a particular entity.
Malware droppers sidestep traditional security as they do not contain any malware themselves. Malware droppers install other malware on the computers by running simple scripts on them. The common means are malicious attachments and documents. These, too, are disguised as COVID-19 information.
Forcepoint cited another example in the report from Italy, where the information seems to be from WHO. In the attached document, you are allegedly going to find information to fight and prevent infections. But it is nothing more than a malware dropper that runs automatically once the victim opens the infected filed while permitting running scripts.
New research from Microsoft found that hackers are launching coronavirus-themed attacks in 241 countries and territories, and every country has witnessed at least one such attack. Hackers are designing phishing emails and other malware, that mentions the disease and people are getting affected as people need health information online now more than ever as they are going through difficult times.
Corporate vice president of Microsoft 365 Security, Rob Lefferts reports that the success of these attacks is a direct correlation to the size of the growth of the pandemic. “The countries with the highest number of cases are affected the most by these lures. People are confused, concerned, and afraid that is making them click which attackers exploit.”
Also, the company’s suite of cybersecurity tools, Microsoft Threat Protection that monitors and block threats, came across about 60,000 emails with COVID-19 related malicious attachments or URLs that are sent 2% a day. Since it is a small percentage of the overall scam emails, it is comforting that the threats are not increasing.
Lefferts said that “We’re seeing a changing of lures, not a surge in attacks. Our intelligence shows that these attacks are settling into a rhythm that is the normal ebb and flow of the threat environment.”
With a large majority working from home globally, using remote video conferencing services and other remote tools pose a wide range of threats and present vulnerabilities that hackers and cybercriminals can easily exploit.
Apart from phishing emails, VPNs and remote working platforms are equally at risk. Take Zoom, for example. Millions of users were added in the last few months due to work from home. But the company has come under fire over its lapses in security.
How to stay safe online
Forcepoint’s principal security analyst, Carl Leonard, says that these social engineering tactics that are these scammers use are especially damaging right now because of the growing fear of the pandemic among people. When it comes to online threats, anxiety, and depression could make a person let his guard down.
Here are a few things that you ought to do in the normal routine as well to keep your data safe:
- Avoid opening email attachments from unknown people or suspicious-looking links.
- Do not click on any link on an email that asks you to log in to a website. If you are not sure, try navigating to the login page in your web browser and try logging in there.
- Take a look at the web and email addresses. If they look fake, they probably are. Do not open their message/email.
- If the email claims to have important information in the form of an attachment, chances are it’s a scam. If any health organization wants to tell the Dos and Don’ts to help with prevention, they would tell you in the body of the email.
- Always keep your web browser, router firmware, and computer updated. And have updated security software installed in it as well.
Stay sharp. If you have reason to question the legality of a message, just ignore it. If it is from a real person and they are not impersonating anyone else, they would follow up to get your response.