03.05.2020 - Beware Hackers Exploiting Corona Virus

Phishing Attacks, Social Media Scams Emerge

The global outbreak of the COVID-19 virus has been hogging headlines as the unabated spread of the virus continues to be a big cause for concern. Historically though, whenever we’ve been gripped by our deepest fears, there have been unscrupulous elements waiting patiently at the sidelines to take advantage of the situation.

Not surprisingly, this time, hackers have again leveraged our fear of death. Cybercriminals have launched phishing attacks with emails that use disguised malware-laden attachments to lure victims.  These attachments purportedly provide guidance on safety measures that “save you”, “tests”  that verify if you have a coronavirus infection, and other such ruses.

One fake email making the rounds purports to be from the World Health Organization, including a WHO logo and instructions on how to monitor crews aboard ships for coronavirus symptoms. The scam became so pervasive that the Geneva-based agency has published a warning on its website about phishing attempts.

Experts worry that hackers will also doctor emails to look like they are from government agencies providing health information or from companies offering access to masks and other supplies.

But the scams are not just limited to email. Social networking and messaging platforms such as WeChat have seen malware-laden files circulating with names like "coronavirus.exe" and "novel coronavirus pneumonia.exe.”

What could this malware be? It could be a Trojan that offers a hacker backdoor access to your device. It could be a keylogger that secretly sends your every single keystroke to a hacker. Or it could be ransomware that encrypts all your files and demands a ransom for the decryption key.

Here are just some of the known strains of malware that have been found in the coronavirus-related attachments floating around the Internet:

  • WinLNK.Agent. gg,
  • WinLNK.Agent.ew,
  • VBS.Dinihou.r,
  • Python.Agent.c,
  • HEUR:Trojan.WinLNK.Agent.gen,
  • HEUR:Trojan.PDF.Badur.b.
  • UDS:DangerousObject.Multi.Generic,

Some attacks don’t involve an attachment. There have been examples of emails that read - "This little measure can save you." These included a link that would likely take you to an infected website where a “drive-by download” would ensure that your device or computer is infected.

We’re in an age where we want everything to happen “now.” Common sense will tell you that you’re not going to find out if you have a coronavirus infection by “checking online.” But impatience, curiosity and fear often get the better of us, and that’s exactly what cybercriminals will exploit.

Here are some tips to protect yourself:

  • Do not click on suspicious links or open suspicious attachments promising exclusive content. Rely on information from official sources. Remember that if someone you trust or know sends you something, it’s not necessarily trustworthy because the person who sent it to you might have been hacked and may not even know that s/he sent you something.
  • Avoid emails, messages, and other online communications that offer something that is clearly illogical – such as an online diagnosis, for instance, or free medical supplies.
  • Do not reply to suspicious emails or enter your personal information on suspicious web forms.
  • For information, go to reliable sources such as the Centers for Disease Control (CDC) or the National Institutes of Health (NIH).

Additionally, here is guidance from WHO on how to prevent phishing:

  1. Verify the sender by checking their email address.
    Make sure the sender has an email address such as ‘person@who.int’ If there is anything other than ‘who.int’ after the ‘@’ symbol, this sender is not from WHO.
    WHO does not send email from addresses ending in ‘@who.com’ , ‘@who.org’ or ‘@who-safety.org’ for example.
  2. Check the link before you click.
    Make sure the link starts with ‘https://www.who.int’.  Better still, navigate to the WHO website directly, by typing ‘https://www.who.int’ into your browser.
  3. Be careful when providing personal information.
    Always consider why someone wants your information and if it is appropriate. There is no reason someone would need your username & password to access public information.
  4. Do not rush or feel under pressure.
    Cybercriminals use emergencies such as 2019-nCov to get people to make decisions quickly. Always take time to think about a request for your personal information, and whether the request is appropriate.
  5. If you gave sensitive information, don’t panic.
    If you believe you have given data such as your username or passwords to cybercriminals, immediately change your credentials on each site where you have used them.
ERMProtect's Weekly Newsletter

Get a curated briefing of the week's biggest cyber news every Friday.

Stop Phishing Attacks with ERMProtect's Security Awareness Training

Turn your employees into a human firewall with our innovative Security Awareness Training.

Our e-learning modules take the boring out of security training.

Intelligence and Insights

New York Cybersecurity Regulation

Tough New Amendments to New York Cybersecurity Regulation Kick in Soon

Entities must take proactive steps to assess their compliance with the amended Cybersecurity Regulation and rapidly work to address any gaps …
federal trade commission

New FTC Rule Requires Vast New Range of Businesses to Report Data Breaches

Starting May 13th, a broad new set of businesses, ranging from car dealerships to mortgage lenders, will need to report certain data breaches to the FTC …
IT Risk Assessment

Uncovering Six Common Issues That Could Impact Your IT Risk Assessment

IT Risk Assessments play a critical role in protecting organizations against ever changing cyber threats …