COVID-19 Malware Threats Escalate During Global Pandemic
As COVID-19 continues to wreak havoc across the globe, cybercriminals and ransomware operators are ramping up efforts to sow confusion and exploit systems using COVID-19 as a powerful lure. Cybercriminals are using COVID-19 as bait for a variety of attacks including phishing campaigns, mobile phone threats, spam, online scams, cryptomining, credential theft, and ransomware. In 2021, adversaries continue to exploit a global crisis to propagate a digital crime wave, and we must remain vigilant about securing networks and remote workers as new COVID-19 attack vectors emerge. In this article, we will explore a few COVID-19 themed attacks and provide tips on how to stay safe and keep your devices secure.
Social engineering attacks are one of the greatest threats individuals face in this time of dramatic change and environmental uncertainty. Be wary of emails pertaining to COVID-19, particularly from unknown sources. The number and variety of phishing campaigns dropping trojans with COVID-19 related messaging since the pandemic began is outrageous. These trojans are designed to steal usernames, passwords, and user behavior information. This flavor of phishing emails will typically refer to COVID-19 or coronavirus in some way and contain a Microsoft Office document attached with “COVID-19” in its filename to bait users into opening an attachment and releasing malware onto their computers. These emails will often appear to originate from legitimate, trusted sources such as the World Health Organization, John Hopkins University, Small Business Administration, COVID-19 testing companies, and antibody research facilities. If you open an attachment, however, you will likely be unleashing evil on your system. COVID-19 themed scams and exploits reported also include vishing, smishing, social media attacks, fake websites, and mobile threats primarily targeting Android phones.
There are several malware strains that have been identified capitalizing on the COVID-19 pandemic. Ursnif, Hancitor, and Fareit are banking trojans that have been utilizing COVID-19 references in phishing emails, spam, fake newsletters, invoices, and internal business communications to entice users into downloading malicious files since early in the pandemic. NanoCore, a highly customizable remote access trojan has also been using COVID-19 to distribute itself with email subject lines such as “Covid-19 Urgent Precaution Measures.” Azorult malware authors created a fake coronavirus infection map website to lure victims into downloading Azorult, which in turn steals data including usernames, passwords, cryptocurrencies, browsing history, and cookies. A new ransomware family known as Ransomware-GVZ has also emerged since the pandemic began.
COVID-19 themed attacks are used as inspiration to infect systems with the usual suspects as well, including Emotet, Trickbot, and Netwalker ransomware. Netwalker ransomware began incorporating the filename “CORONAVIRUS_COVID-19.vbs” to trick users into executing it. This VBS file, however, contains an embedded Netwalker ransomware payload. Again, these scams are all designed to get users to click on malicious links or malicious email attachments.
So what can we do to protect ourselves from COVID-19 inspired attacks?
1. Security Awareness
Be suspicious of emails from unknown or unsolicited sources inviting you to click links or download attachments. Take the time to confirm an email or text is legitimate before clicking anything and be aware of social engineering tactics such as authority, urgency, scarcity, and emotion.
2. Strong Passwords
Weak passwords continue to be one of the primary drivers for data breaches and initial access to an endpoint or network. The best methods for effective password management include using passphrases, separate and unique passwords for all accounts, password managers to keep track of unique passwords, and multifactor authentication.
3. Keep Systems Updated
Make sure every technology your business and employees use are running the latest version of the operating system, applications, and mobile apps with automatic updating enabled. Cybercriminals are taking advantage of the mass shift to remote work by exploiting publicly known vulnerabilities in VPNs and other software. Always keep your equipment updated with the latest approved updates and patches.
The use of COVID-19 as a lure is not showing any signs of slowing down, in fact, it is trending upwards. Growing numbers of employees working remotely, often using their personal computers, creates new opportunities for cybercriminals and thus requires a more vigilant and security-conscious remote workforce. Businesses large and small need to empower remote employees to defend against cyberthreats at home with simple solutions such as Windows SOHO Security. Windows SOHO Security can help employees detect a wide range of threats on a Windows endpoint that may otherwise lead to a malware outbreak or ransomware attack on the corporate network. In the digital age, cybersecurity awareness by employees may not be enough to combat ruthless adversaries willing to exploit a global pandemic for personal gain. We need individuals participating on the front lines of cyber defense alongside security analysts.