Cyber Criminals are using Coronavirus as new weapon!
March 31, 2020
In 2020, the new decade presents a life challenge to humanity. COVID-19 a-k-a Corona Virus alarms the start of confusing times worldwide. Cybercriminals never leave an opportunity to exploit any vulnerability. In this tough time, Cybercriminals are taking leverage and launching several attacks. They are taking advantage of fear & panic caused by the spread of the Coronavirus.
Cybercriminals are using social engineering attacks to impersonate health sector authorities and send malicious phishing emails to trick users into clicking on a link that will redirect them to a fake health information website and steal sensitive information and/or launch further attacks.
Hackers have weaponized phishing attacks with malware including Kpot Stealer, Agent Testla, Tricky mouse, Remcost RAT and many more
Some highlighted malware attacks observed by security researchers are:
- One of the most recent campaigns included Kpot Stealer, KPOT Stealer is a “stealer” malware that focuses on exfiltrating account information and other data from web browsers, instant messengers, email, VPN, RDP, FTP, cryptocurrency, and gaming software.
- A campaign spoofing the World Health Organization (WHO) as the sender has been noted to deliver the Agent Tesla keylogger via a .exe attachment using a Microsoft Excel icon. The email claims that the attachment contains safety precautions regarding Coronavirus.
- Another phishing campaign masquerading as the WHO and the Ministry of Health of Ukraine has been targeting Russia, Ukraine, and several other European countries using a Coronavirus-themed email involving a Microsoft Word document attachment with an embedded macro. This time, the payload is named TrickyMouse, and possibly related to the Hades organization. The functions of this attack involve information gathering (user name, hostname, etc.) and a keylogger to steal credentials and screen capture.
- Another drive observed by researchers relies on a phishing email with a PDF offering safety measures against Coronavirus. Downloading the PDF attachment also downloads executables for a Remcos RAT dropper that runs together with a VBS file executing the malware. The backdoor has capabilities such as clipboard stealing, keylogging, and the ability to lift screenshots from a victim’s computer
Preventive measures for End Users/Employee:
- Verify the email sender address
- Don’t click on any links in the body of the email. If you are interested in new information, navigate to the website by directly by typing their domain name into your browser
- Don’t give out personal information. No authority will ever ask you to provide personal information or username/password to access public information
- Think critically and don’t act under pressure. Think Twice!
- If you think you already gave out your sensitive information, change your password on each site you have used it immediately
- Report any suspicious activities to your employer and/or authorities.
Preventive measures for Organizations:
- Should consider secure remote access solutions
- Implement Multiple factor authentication (MFA) solutions
- All systems should be fully patched
- Incident response plan should be ready in case of cyber attack
- Firewalls, IPS, IDS, Antimalware software should be updated
MBG, a pioneering technology services firm. Our mission is to provide clients with a holistic and proactive approach in resolving their key business pain points & help them to improve security posture of their organization.
- Conduct cybersecurity gap & maturity assessment
- Conduct Vulnerability assessment, Penetration testing & configuration review to mitigate risks.
- Provide information security awareness training to end-users
- Conduct phishing campaign
- Implement Business continuity plan
- Provide short & long term cybersecurity strategy
Madan Mohan
Designation: Associate Director
[email protected][/caption]
Madan Mohan is a leader in the Technology Advisory Services of MBG Group. He is Certified CISO, CISA, CISM, ISO27001 Lead Auditor, ISO 25999 Lead auditor and DCPLA (Privacy Lead Auditor).
He has over 16 years of experience in Technology security, servicing large clients and managing Information security, BCP, Privacy, Cyber Security, Risk Management, Compliance projects.
