Sadly, it’s predictable that crooks, swindlers and others with malicious intent would take advantage of the fear surrounding the international outbreak of an unexpected and little-known disease. As it turns out, the Coronavirus epidemic is no exception.
According to researchers at Proofpoint, in recent times attackers have sent out hundreds of thousands of malicious messages related to the highly-publicized viral outbreak.
The latest wave of Coronavirus attacks seems to be taking advantage of conspiracy theories related to anger over supposedly unreleased cures and campaigns of using what seem like legitimate sources of health information take advantage of uses, Proofpoint researchers reported in a recent blog entry.
For example, one group of threat actors have launched a campaign centered on an email message claiming that someone is withholding a known cure for the Coronavirus. Other emails suggest that the government is holding back a cure because it plans to use Coronavirus as a biological weapon.
At that point, the email message encourages the recipient to get real answers by clicking on the link it provides. If the recipient goes along with this, they are taken to a faked DocuSign website and asked to enter their credentials to receive the information.
Other efforts involve emails formatted to look like they come from other parts of the business where they work. Proofpoint shares one example of a well-crafted Coronavirus-themed email designed to look like an internal email from the company president to all employees.
The email, which uses the CEO’s correct name, contains a Microsoft Word attachment with an embedded URL that leads users to a fake Microsoft Office website that requests their credentials. In a particularly clever touch, the user is then redirected to the actual site of the World Health Organization, a step which makes it less apparent that they’ve been swindled.
Meanwhile, the company says that the number and type of malware used in Coronavirus attacks are broadening. Of late the list of known threats has expanded to include not only Emotet malware but also the AZORuit information stealer, the AgentTesla KeyLogger and the NanoCore RAT. This malware allows outsiders to steal users’ important data such as financial information, in addition to attacks involving credential theft. What’s more, Proofpoint researchers have been discovering fake Office 365, Adobe, and DocuSign sites intended to steal credentials via Coronavirus-themed emails.
While there is little that health IT leaders can do to stop such attacks from happening outside their organization, it does point up the ways in which users react to perceived threats to their safety. It would be wise to provide as much genuine information on real emerging health threats as possible.