COVID-19 Update 4/6/2020

During the COVID-19 crisis, our analysts are tracking open-source information sources to keep our followers up to date with COVID-19 Cybercrime. Today’s report:

• A fraudulent third-party store is offering a version of Zoom that is bundled with malicious software. To avoid this scam, be sure to only download software form the official company download site. Read more in this SC magazine report.
• Concerns over privacy prompted New York City to ban the use of Zoom by city schools and move instead to approved platforms such as Google Meet or Microsoft Teams “as soon as possible,” according to a SC Magazine report.
• The Department of Health and Human Services (HHS) will ease the sanctioning of penalties in relation to specific data privacy breaches during the COVID19 pandemic. This will be in place for breaches related to the HIPAA privacy rule against healthcare providers or their business associates for good-faith disclosures of protected health information for public health purposes during the current health crisis Compliance Junction reports.
• Threat actors are sending out a phishing email with the World Health Organization logo that unleashes the LokiBot trojan if downloaded and executed. The email pretends to be a WHO announcement attempting to clear up misinformation related to COVID-19, according to a Threat Post report.