Malware phishing scams are now taking advantage of the pervasive fears surrounding the spread of the coronavirus. Although the vast majority of campaigns have targeted consumers, a Proofpoint report indicates that cyber threat actors are taking aim at business organizations as well.

Alongside the flood of phishing scams that promise secret remedies to hook victims, Proofpoint researchers notice an emergence of campaigns that seem to take advantage of legitimate sources of medical health information in order to hustle users in to a false sense of security.

See Also:

In particular, one message allegedly titled “Confidential Cure Solution on Corona Virus,” presented the virus as a government devised, deadly virus designed by scientists as a means to reduce population growth to allow governments better control over the masses.

The body of the message proceeds to invite users to download a document containing information regarding a “cure” for the virus.

Unfortunately, it is not just the title and accompanied subject matter that malicious parties are taking advantage of. Researchers have also taken note of subtle differences in the malware being utilized for each of these carefully-crafted campaigns.

In the report, published February 13, 2020, Proofpoint researchers wrote: “In this latest round of campaigns, attackers have expanded the malware used in their Coronavirus attacks to include not just Emotet and AZORult information stealer, but also the AgentTesla Keylogger and NanoCore RAT, all of which have the ability to steal personal information, including financial information.”

In addition to this, researchers also have reported fake Office 365, Adobe, and DocuSign sites, all linked to corona-virus-themed emails, that had been expressly crafted to steal user credentials.

The initial targets of the coronavirus-themed attacks were heavily focused in the United States and Japan, who reported their first recorded death on account of “COVID-19”, on Thursday, February 13th. Further, researchers have now seen proof of observed threat actors targeting Italy and Australia. Apart from this shift in focus, researchers report an increase in the variety of industries being targeted in hopes to enhance their degree of success with the themed attacks.

“We have previously written about Coronavirus-themed attached centered on concerns around economic disruptions in light of the outbreak, specifically around shipping. This trend is continuing and has expanded to include manufacturing as well as shipping.”

Proofpoint Researchers

In addition to manufacturing, the degree of focus on economic concerns has begun to focus dedicated attacks directed at construction, education, energy, healthcare, industry, retail and transportation industries.

Lessons Learned

The continued focus on coronavirus as a theme in targeted cyber-attacks provides a valuable lesson for anyone engaged in InfoSec. Not only has coronavirus captivated media outlets around the globe, it has also proved to be an invaluable success for cybercriminals who clearly demonstrate no reservations exploiting human suffering for their own financial gain.

With this in mind, we would be wise to consider that any media story of similar caliber could become the next theme for cyber criminals to manipulate in the vested interest of their own objectives.

Cybersecurity Awareness Training & Objective-based Penetration Testing

For several years, the majority of cyber-attacks have attempted to make use of the human element through social engineering and phishing attempts. Malicious parties seek to trick users into granting them access to a computer network, user account or other critical digital resources. To be frank, the human element has just been the weakest link into any organization’s cyber security defenses.

One method that organizations have attempted to recognize and manage this weakness is security awareness training. Security awareness training typically consists of a number of repetitive training modules, and recurring tests/quizzes on a variety of exploitation tactics commonly used by hackers.

Some of the topics covered include, spam, phishing, malware/ransomware and social engineering; none of which give much attention to actual physical security concerns, for example.

At Packetlabs, our objective-based penetration testing (OBPT) is designed to cover all of the most common, and uncommon, methods of exploitation considered and utilized by malicious parties. Additionally, we offer cybersecurity awareness training that can either be paired with an OBPT, for best results, or considered on an individual basis.

For more information on anything you read here, objective-based penetration testing, or cybersecurity awareness training, please feel free to contact us for a free consultation call!