BOOK AN APPOINTMENT WITH AN IT SPECIALIST TODAY

Coronavirus Spreads Computer Viruses as Hackers Target Businesses

Hackers Target Businesses Concerned Over COVID-19

Hackers are capitalizing on fear and concern related to coronavirus to launch ransomware and malware attacks. Here’s how to protect your business and employees.

As the COVID-19 spreads worldwide, hackers are taking advantage of an already stressed and strained healthcare system to attack vulnerable companies. Phishing attacks are on the rise worldwide, capitalizing on fear and a desire for information.

In many cases, hackers are sending emails purportedly from the World Health Organization or local hospitals. However, these emails contain ransomware and keystroke-logging malware.

Here’s the latest on coronavirus-themed attacks.

Coronavirus Hackers

What Is the Emotet Trojan Virus?

IBM recently warned of a spam issue targeting Japan. The messages contain Microsoft Word files that are full of macros. When opened, the macros infect uses with the Emotet Trojan. Once launched, the trojan can insert itself into email conversations. As the trojan propagates, the malware lets hackers steal information and embed malware onto users’ machines.

Japan is particularly vulnerable, not only due to the coronavirus but also the upcoming Tokyo Olympics, which are under threat of cancelation. One message translation warns of the coronavirus’ spread to areas of Japan, urging readers to open the attached notice.

A similar campaign has targeted Italian companies with a phishing campaign. It purports to be a notice from the World Health Organization with precautions to take to prevent the virus from spreading.

It contains a malicious Word document asking users to click on an “Enable Editing” button then an “Enable Content” button to see all the information. Users doing so, however, download the Ostap Trojan-Downloader. It contains the Trickbot downloader that is a customizable, frequently updated tool popular with hackers.

How Are Hackers Exploiting the Coronavirus?

As the number of news sites covering the coronavirus has grown, so too have the number of registered domain names related to the virus. According to one analysis, since January 2020, more than 4,000 domains have been registered globally related to the coronavirus. Three percent are considered malicious and another 5 percent deemed malicious, making coronavirus-themed domains 50 percent more likely to be dangerous than others registered in the same timeframe.

The World Health Organization has issued a warning about the daily reports it’s receiving about phishing attempts. However, hackers are smartly creating emails that look as though they’re coming from official sources, leading more users to open the emails and download files. Hackers can scrape information from official websites to create email templates that seem legit.

“National emergencies and/or disasters add a fear factor that acts as one more hook for hackers to get what they need,” said Ron Culler, ADT Cybersecurity’s senior director of technology and solutions, in a recent Vox article. “When fear is added to any targeted campaign — be it a legitimate or scam campaign — the effectiveness of that campaign is increased.”

How Can We Prevent Phishing Attacks?

Businesses can take several steps to educate employees and protect against these attacks. A layered approach to cybersecurity is a prudent way to reduce the risk of attacks from various vectors. Here are some tips:

  • Educate users about the prevalence of coronavirus-related phishing schemes, advise them to be cautious and show them how to detect suspect emails (look for spelling and grammar errors, check the sender’s email address)
  • Ensure that hardware and software are patched and updated promptly, ideally with automated update tools
  • Use and update endpoint anti-virus, anti-phishing, anti-spam and anti-malware tools
  • Have an incident response plan in place to ensure teams can respond quickly in the event of a ransomware or malware attack
  • Update endpoint detection tools such as firewalls and other system monitoring and alert solutions
  • Consider segregating networks to reduce the impact of self-propagating malware
  • Use email security tools that inspect attachments and disable the running of macros on attachments
  • Update blacklists of malicious IP addresses and compromised websites
  • Use content filters to block access to inappropriate and dangerous websites
  • Review access restrictions to limit the spread of malware throughout systems

Businesses must now address coronavirus-related issues both from an employee safety standpoint and a cybersecurity perspective. For assistance in protecting your business from coronavirus cyberattacks, contact your managed services provider today.

More Like This

AA20-227A: Phishing Emails Used to Deploy KONNI Malware

Original release date: August 14, 2020 Summary This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. The Cybersecurity and Infrastructure Security Agency (CISA) has observed cyber actors using emails containing a Microsoft Word document with a malicious Visual Basic …

AA20-227A: Phishing Emails Used to Deploy KONNI Malware Read More »

Read More

AA20-225A: Malicious Cyber Actor Spoofing COVID-19 Loan Relief Webpage via Phishing Emails

Original release date: August 12, 2020 Summary The Cybersecurity and Infrastructure Security Agency (CISA) is currently tracking an unknown malicious cyber actor who is spoofing the Small Business Administration (SBA) COVID-19 loan relief webpage via phishing emails. These emails include a malicious link to the spoofed SBA website that the cyber actor is using for …

AA20-225A: Malicious Cyber Actor Spoofing COVID-19 Loan Relief Webpage via Phishing Emails Read More »

Read More

AA20-209A: Potential Legacy Risk from Malware Targeting QNAP NAS Devices

Original release date: July 27, 2020 Summary This is a joint alert from the United States Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC). CISA and NCSC are investigating a strain of malware known as QSnatch, which attackers used in late 2019 to target Network Attached Storage (NAS) …

AA20-209A: Potential Legacy Risk from Malware Targeting QNAP NAS Devices Read More »

Read More

AA20-206A: Threat Actor Exploitation of F5 BIG-IP CVE-2020-5902

Original release date: July 24, 2020 Summary The Cybersecurity and Infrastructure Security Agency (CISA) is issuing this alert in response to recently disclosed exploits that target F5 BIG-IP devices that are vulnerable to CVE-2020-5902. F5 Networks, Inc. (F5) released a patch for CVE-2020-5902 on June 30, 2020.[1] Unpatched F5 BIG-IP devices are an attractive target …

AA20-206A: Threat Actor Exploitation of F5 BIG-IP CVE-2020-5902 Read More »

Read More

AA20-205A: NSA and CISA Recommend Immediate Actions to Reduce Exposure Across Operational Technologies and Control Systems

Original release date: July 23, 2020 Summary Note: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise and ATT&CK for Industrial Control Systems frameworks for all referenced threat actor techniques and mitigations. Over recent months, cyber actors have demonstrated their continued willingness to conduct malicious cyber activity …

AA20-205A: NSA and CISA Recommend Immediate Actions to Reduce Exposure Across Operational Technologies and Control Systems Read More »

Read More

AA20-198A: Malicious Cyber Actor Use of Network Tunneling and Spoofing to Obfuscate Geolocation

Original release date: July 16, 2020 Summary This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) and Pre-ATT&CK frameworks. See the MITRE ATT&CK for Enterprise and Pre-ATT&CK frameworks for referenced threat actor techniques. Attributing malicious cyber activity that uses network tunneling and spoofing techniques to a specific threat actor is difficult. …

AA20-198A: Malicious Cyber Actor Use of Network Tunneling and Spoofing to Obfuscate Geolocation Read More »

Read More