(925)277-0690 [email protected]

[EXPOSED:] Coronavirus Elicits Phishing Attacks

Apr 16, 2020 | Frontpage Article, Managed Security Services (MSSP)

Coronavirus Elicits Phishing Attacks

Growing interest in up-to-date news on the COVID-19 (Corona Virus) is making many vulnerable to online cyber-attacks. Hackers are exploiting the public’s need to feel safe and in control through phishing attacks.

Did you know Cybercriminals have ramped up phishing attacks over 667% in the month of March alone?

With cybercriminals in a feeding frenzy, it’s super-important to conduct phishing training during this time. Make sure that your users are prepared. It’s better to have a “fail safe” in place and direct your users to a learning moment than to have an employee click on a phishing email and have your entire organization experience a breach. According to Symantec, phishing emails have risen. Common spoofs include the Center for Disease Control (CDC) Health Alert Network claiming to provide a list of local active infections. The links take eager readers to a sign-up form that collects emails and passwords. Once these email/password pairs are stolen and in the hands of a cybercriminal, the damage can be catastrophic. Hackers use such methods to deliver payloads as clicking a link, opening a PDF, or installing a program that infects your systems.

Real-Life Examples:
As employees are working outside the walls of the office, bad guys are trying further efforts to exploit those working remotely. By laying prey to popular and relevant topics, a new phishing email has grown in popularity of use. The email sends a warning to recipients that they have been exposed to COVID-19 (Coronavirus) through personal contact with a colleague/friend/family member, directing viewers to download malicious attachments to proceed to their nearest hospital.

Simple, succinct, and alarming, these malicious actors are spoofing hospitals to add further credibility to their scheme. They’re designed to elicit a panicked response from the viewer, without rationale.

The email contains an attachment of a pre-filled out medical form for victims to bring to their care providers. That file is malicious and full of macros to serve as a backdoor trojan downloader. Only being detected by a few antivirus applications, users who make the mistake of enabling the macros in this Excel file will enable a sophisticated attack rising in popularity. First reported on March 27th, 2020 by VirusTotal, this payload is prepared to evade security applications and begin to worm itself deeper into the system, providing bad actors the ability to use the platform for a wide range of criminal activities.

5 High-Priority Recommendations:

Organizations are currently in the middle of enabling users to work from home securely. Apart from enforcing any remote work policies, we strongly recommend deploying these elements to further secure your workforce.

  1. Virtual Private Network (VPN)
  2. Single Sign On (SSO)
  3. Multi-Factor Authentication
  4. Immediate & Constant Security Awareness Training (SAT)
  5. Patched Machines in the office, the cloud and the house

The COVID-19 outbreak has provided these malicious actors with the opportunity to weaponize the widespread fear, and terror concerns of many in our communities. Using this as a social engineering scheme through malicious emails, the bad actors are surrounded by potential targets. As concerns continue to mount, employees need to be educated and trained to expect these styles of emails and be able to accurately identify them, and handle them safely.

Here are a few reminders:

  1. Trust Reputable Sources – When it comes to the Coronavirus, the CDC & the World Health Organization are where you will find some good news about the COVID-19 outbreak. This concept of trusting reputable sources goes beyond Coronavirus. Take the stock market for example: there were trusted resources that you may have looked towards for stock market concerns like your brokerage. Keep looking to those rather than clicking on a small site that may have “secret” information on how to position yourself.
  2. Learn to recognize the signs – There are several red flags of a social engineered email. But here are a few: Read the entire address. Many phishing criminals will use email addresses that look similar to addresses that you might think are familiar. For example: info@(insert your bank name)897237.com. Look for generic greetings that don’t include your name. I.e. “Dear sir,” “Hi there,” etc.
  3. Be skeptical of calls that invoke panic – So-called reputable sources that give you unexpected information are more than likely a scam. For example, if you are unsure and the call is from your bank/ medical facility and you are not expecting it, hang up and call back on a recognized number. Often if it was important/a real call, you will get a hold of the correct person when calling your bank.
  4. Damage Control – Not sure if you have fallen victim to a phishing attack? Immediately call your trusted technology support provider. They will be able to help you get back on track if your computer or server got locked up and should also be able to provide you with some ideas of how to safeguard yourself if you gave away a password in the attack.

Stay vigilant as malicious actors continue trying to exploit business in today’s changing environment. With so much uncertainty during these times, if something seems off or unfamiliar, reach out and we would be happy to help navigate today’s cyber landscape. If we can be of any assistance to you or your firm, please call us directly at (925) 277-0690 or email us at [email protected].