Cybercriminals are unleashing malicious tools in upon unsuspecting organizations and users all over the world. Thousands of COVID-19 themed scam and malware sites are launched daily. As government and healthcare officials continue to remind the public to continue social distancing and personal hygiene practices, IT and cybersecurity teams are having to work harder than ever to protect enterprises from the current barrage of attacks.
The World Health Organization has prominently been in the spotlight since the start of the COVID-19 pandemic and the sudden attention has made them a high value target for cybercriminals. As nations clamor for information on COVID-19 to protect their citizens against the pandemic, WHO is under assault. As a result, the organization has doubled the size of its internal security team and is currently working with five cybersecurity companies to bolster protection.
According to Reuters, WHO experienced an attack in mid-March involving a phishing website that emulated the WHO’s internal email server. The attackers tried to then lure agency employees into logging on to the site in order to capture their credentials. The attack originated from a group called Darkhotel that is believed to be based in Southeast Asia. The group got its name by tracking the hotel bookings of C-level executives and celebrities via compromised hotel web apps as they traveled the world.
You may be interested in this related article on staying safe while using Public Wi-Fi
In addition to the attacks on WHO itself, hackers are also specifically targeting top officials at the World Health Organization with spear phishing attacks. Targets include the WHO Director General as well as other senior officers. The majority of these attacks have involved phishing and/or spear phishing attempts crafted to lure WHO senior offices into clicking on embedded email links. The hackers behind the attack claim to have captured some passwords.
WHO is not the only health organization under attack. Last week the FBI reported an increase in reconnaissance activity and intrusions involving institutions involving COVID related research. It is believed that these are nation state sponsored attacks attempting to gain private research data and proprietary information involving the virus. One example was the attack on California based Genomics, a biotechnology research firm heavily involved in studying COVID-19. The attackers attempted to steal sensitive information and then cover their tracks with a supplemental ransomware attack. While the hackers were able to penetrate the network, the Genomics cybersecurity team was able to isolate the source of the attack and thwart the attack.
Just as the COVID-19 virus has spread around the world, hackers are targeting healthcare and government workers on every continent except for Antarctica. Hackers used a phishing campaign involving an open redirect on the HHS.gov website to steer users to a phishing webpage. The phishing email offered information on COVID-19 and then offered a link for users to research their medical symptoms.
Perhaps the cleverest attempt involves hackers exploiting the generosity of communities to offer and provide complimentary meals to healthcare workers that are working on the front line to combat the virus. The attack involved a phishing campaign that then directed healthcare workers to a website disguised as a page for arranging free meal deliveries. The purpose of the attack was to steal email credentials and is suspected to have been implemented by government backed attackers.
Don’t think you are currently safe from hackers just because you don’t work for a health related organization. Hackers are targeting media streaming services to capitalize on the binge watching taken place in households as citizens remain locked down. More than 700 suspicious domains have been recently registered to impersonate Netflix. These domains are mostly used for phishing campaigns but are also used in hopes of taking advantage of Netflix subscribers that misspell the company’s name. Phishing campaigns offer free subscriptions while the phony domains are used to data harvest personal information such as names, addresses and credit card information.
The continuing increase in coronavirus-themed scams is social engineering at work. We anticipate threat actors will continue with these strategies as the COVID-19 situation develops. It is obvious that businesses, organizations and personal users need to remain more vigilant than ever when it comes to cyber hygiene. TitanHQ are continuing to work to identify, detect and block these threats. We recommend all users have their email protected by a modern email security system such as SpamTitan. This includes features such as double antivirus protection, additional O365 protection layers, data leak prevention and sandboxing.
Sign-up for email updates...