Hackers around the world are using fears about coronavirus to spread malware. Researchers at Check Point Software Technologies Inc. have recently observed a noticeable number of new websites registered with domain names related to the virus, officially called COVID-19. More than 4,000 coronavirus-related domains were found to have been registered since the end of December, with 3% found to be malicious and an additional 5% suspicious. Why? In one example, a Russian website offers to sell “the best and fastest test for Coronavirus detection at the fantastic price of 19,000 Russian rubles (about US$300).”
In addition to getting users to click on malicious web site links, hackers are also sending along attachments that contain viruses. For instance, the transportation sector has seen a few emails purportedly from a World Health Organization employee. It includes a WHO logo and instructions about how to monitor crews aboard ships for coronavirus symptoms, and included an attachment with instructions, according to a screenshot provided by Proofpoint. The WHO, a United Nations agency based in Geneva, has since published a warning about coronavirus email scams on its website and asked victims to report emails.
Other types of scams that have popped up include emails made to look like a company’s purchase order for face masks or other medical supplies, with the goal to trick an employee into wiring payments to a fraudulent account. Individuals could also provide personal details in response to a phishing attempt that promises information about a company’s remote-work plan.
The fear that has come with the coronavirus outbreak has helped hackers come up with more creative ways to scam individuals and businesses. Orion Cassetto, director of product marketing at the security firm Exabeam Inc., told SiliconANGLE. “Phishing is essentially a form of social engineering. In this case, cybercriminals are utilizing the world’s alertness around COVID-19 to entice people to click on malevolent links and/or download attachments.”
Cassetto explains that phishing can lead to malware infection, lateral movement on the network, account takeover, identify theft and possibly worse. It is important for all organizations to ensure that their employees are suspicious of email. Checking the company or website the email purports to be from, instead of interacting with the email sender, is a good start. Phishing and security awareness programs are also important.