Update COVID-19 Cybercrime

COVID-19 Update 3/30/2020

During the COVID-19 crisis, our analysts are tracking open-source information sources to keep our followers up to date with COVID-19 Cybercrime. Today’s report:

  • Cybercriminals are taking advantage of the spike in usage of online communication platforms by registering new fake "Zoom" domains and malicious "Zoom" executable files in an attempt to trick people into downloading malware on their devices, according to this The Hacker News report.
  • IBM and FireEye have spotted a campaign that relies on fake “COVID-19 Payment” emails to deliver the Zeus Sphinx banking trojan to people in the United States, Canada and Australia.
  • Hacker group, FIN7 gang, is mailing victims a USB storage device, with a teddy bear and purported $50 gift card to Best Buy, according to Data Breach Today. The USB device is a commercially available tool known as a ‘BadUSB’ that will download and execute a malware payload from an attacker-controlled server.
  • Bleeping Computer reports a new phishing campaign has been spotted that pretends to be from a local hospital telling the recipient that they have been exposed to the Coronavirus and need to be tested.
  • Times of crisis bring out the best in people, and the worst in scammers – as you can hear in these sample calls from Coronavirus scammers pretending to be from the Social Security Administration, offering fake Coronavirus tests to Medicare recipients, and attempting to scare small businesses into buying bogus online listing services.

We Can Secure Your Remote Infrastructure

IT managers must prioritize cybersecurity as they transition employees to work remotely. This massive shift in operations to a less secure home environment poses significant risks that must be managed.

ERMProtect's Weekly Newsletter

Get a curated briefing of the week's biggest cyber news every Friday.

Intelligence and Insights

pci dss in the cloud

How to Achieve PCI Compliance in the Cloud as Security Controls Evolve

The integration of cloud services with PCI DSS compliance is particularly crucial for enterprises that handle sensitive payment card information …
Digital Forensics Investigation

What Are the 5 Stages of a Digital Forensics Investigation?

In this article, we delve deeply into the five stages of a digital forensics investigation and provide tips on how to select the right digital forensics company …
Comprehensive Guide to Penetration Testing

A Comprehensive Guide to Penetration Testing – Types, Methods, Benefits and Best Practices

This penetration testing guide explains the different types of penetration testing, their benefits, and their purpose …