Update: COVID19 Cybercrime

During the COVID-19 crisis, our analysts are tracking open-source information sources to keep our followers up to date with COVID-19 Cybercrime. Today’s report:

• ZDNet reports emails claiming to be from the leader of the World Health Organization are making the rounds in new phishingcampaigns designed to plant keyloggers on PCs.
• SC Magazine reports that the cybercriminal gang behind Maze ransomwarehas been extorting a UK-based clinical research organization that’s been preparing to play a potential role in testing vaccine candidates for the novel coronavirus, despite assurances that they would not harm any health care organizations during the COVID-19 crisis.
• Hackers have launched a distributed denial-of-service (DDoS) attack on Germany-based food delivery service Takeaway.com (Liefrando.de), according to a CISO MAG report. Attackers demanded two bitcoins (around US$11,000) in ransom to stop the attack. In DDoS attacks, hackers flood the target with useless traffic to inhibit the availability of services provided by the target.
• The US Department of Justice on Saturday filed its first court action against a website operator accused of committing fraud to profit from the global COVID-19 pandemic according to InfoSecurity Magazine. A temporary restraining order was filed in a federal court in Austin against the operator of coronavirusmedicalkit.com, who allegedly offered fake coronavirus vaccines for sale in a shameless attempt to cash in on a health crisis that has killed 15,430 people.
• State and federal law enforcement agencies in Virginia have created a new task force to deal specifically with the rising deluge of scams based around the COVID-19 outbreak.
• An HHS.gov open redirect is currently being used by attackers to push malware payloads onto unsuspecting victims' systems with the help of coronavirus-themed phishing emails, according to Bleeping Computer.
• Data Breach Today reports that TA505, a notorious cybercriminal group believed to be operating in Russia, is using business email compromise tactics to target Human Resources Departments, according to researchers from Prevailion, a security monitoring firm. In the campaign that Prevailion researchers examined, the cybercriminal gang began sending phishing emails impersonating job applicants that contained Trojanized versions of curriculum vitae files. The files contained commercially available malware that allowed the attackers to disguise their movements, steal data and credentials and gave them the ability to encrypt data.