Various risk actors, from script kiddies to state-sponsored hackers, are taking full credit for Covid-19 through a host of notable scams, adding ransomware and phishing campaigns. Unsurprisingly, the mix of other people spending more time online and their uncertainty around this pandemic has played into the hands of cybercriminals. As long as Covid-19 precautions remain in place and permeate almost every facet of our lives, we will have to continue our cybersecurity protections and remain on high alert for suspicious activity.
My company, 4iQ, recently released its Covid-19 Threat Report, which explores the rise in cyber risks during the coronavirus and its effect on consumers and businesses around the world. Throughout our research, we’ve observed trends in terms of non-unusual maximum risks, the top active risk players behind those attacks, and how this is all reflected in the deep, dark web.
Sextortion email scams, in which cybercriminals attempt to extort money from victims through the threat of revealing lewd information, are on the rise. resulted from a knowledge breach, and demanded payment through a Bitcoin movement in exchange for not revealing “dirty little secrets. “of family members with the coronavirus. “
Fake news (fake news or propaganda published under the guise of valid news) has also proliferated in the wake of the pandemic. We discovered messages promoting fraudulent products that “cure, treat or save Covid-19”. Similarly, conspiracy theories are widespread. : we discovered crusades on social media claiming that Covid-19 is a hoax and spreading rumours about the origin of the pandemic. A fake news crusade claimed that the Covid-19 virus had been stolen from a Canadian laboratory.
Although several leading teams of hackers have pledged to prevent attacks on healthcare organizations during the pandemic, not all risk actors have prevented their attacks on the healthcare sector, especially ransomware campaigns. Ransomware is a type of malware that prevents or restricts users’ access to their systems by blocking users. ‘ screens or files until a ransom is paid. During this lockdown period, we detected a multitude of attacks, including: REvil/Sodinokibi, which actively exploits gateway and VPN vulnerabilities to gain a foothold in target organizations; Clop Ransomware, which only infects Microsoft Windows and encrypts the entire computer network rather than individual workstations; and Locky Ransomware, which used a coronavirus lure to provide a downloader to a target’s computer.
Another non-unusual attack approach seen in our studies was phishing campaigns. Cybercriminals have tricked credible organizations, such as the World Health Organization (WHO) or the Centers for Disease Control and Prevention (CDC) into tricking recipients into clicking on malicious links or attachments. Phishing emails are easy to spot (i. e. bad grammar, threatening call to action, suspicious sender), but it’s easy to act out of hysteria and move on to sites you wouldn’t have visited otherwise in those dubious times. At 4iQ, we’ve noticed a significant accumulation in coronavirus-themed domains. These malicious sites don’t typically use terms similar to protective gear, control kits, and vaccines.
To move forward, in addition to perceiving the nature of the attack, it is also vital to perceive who is behind the attack and their motivations. We have divided most of the non-unusual risk actors into 3 categories: script kiddies, pro-hackers, and state-sponsored hackers. Script Kiddies are other unqualified people who use existing malware. The creators of the MBRLocker malware, which supposedly resurfaced in this crisis, are believed to be Script Kiddies.
Sophisticated cybercriminals rely on phishing as an initial attack vector. For example, some of those cybercriminals used WHO details, such as logos and images, to create phishing emails that looked authentic. However, they directed victims to a fake landing page in an attempt. to request usernames and passwords related to the individual’s email. Ransomware gangs are also a significant risk to businesses. Maze and Doppelpaymer, two of the largest ransomware groups, have said they will avoid targeting healthcare organizations, however, other professional hackers are still active and hunting to wreak havoc.
Finally, state-sponsored hackers in China, Vietnam, North Korea, and other countries are in this crisis to create phishing emails targeting government officials and workers with the goal of spreading malware. With the EE. UU. de 2020 presidential election fast approaching, we may see more activity from those risk actors from the geographic region.
In the deep and dark forums of the internet, we have noticed a significant increase in the number of chats, articles submitted for sale, and hacking of information related to Covid-19. Masks, tests and even coronavirus “vaccines” are items sold, with costs varying across the market.
As more and more people started staying at home, there was an increase in downloading social media apps, which generated a lot of activity on underground forums. In March 2020, TikTok was the most downloaded out-of-game app in the world, followed via WhatsApp and Zoom. With millions of other people running from home and depending on teleconferencing software, we analyzed forum activities and discovered a number of exposed Zoom app credentials, adding email addresses, passwords, and usernames.
Ultimately, cybercriminals will continue to capitalize on the Covid-19 pandemonium. Global entities have a lot to do, juggling worker protection with business continuity efforts and, in most cases, declining revenue. However, we forget about cybersecurity.
Encouragingly, a May 2020 report from LearnBonds found that nearly 70% of giant organizations plan to increase their cybersecurity spending due to Covid-19. Most importantly, at this time, Americans will need to remain vigilant for suspicious activity similar to Covid-19. -19. Si you receive a suspicious email, immediately notify your company’s security team and report it to the Anti-Phishing Task Force or the Federal Trade Commission. There are many resources that organizations and Americans can leverage to combat those threats. Cybercriminals don’t stop, and neither do we.
Claire Umeda, Vice President, 4iQ (Opens in new window)
Claire Umeda is vice president of 4iQ, an adverse intelligence firm in Silicon Valley.
Why confidentiality and acceptance as true deserve to be at the center of how you monitor your employees’ intellectual health
Why Businesses Shouldn’t Trust VPNs as a Quick Win for Solving Security Issues in Remote Work
What is DNS hijacking and how to avoid becoming a victim?
Subscribe to the TechRadar Pro newsletter to get all the news, opinions, features, and tips your business wants to succeed!
Thank you for signing up for TechRadar. You will get verification shortly.
There’s a problem. Refresh the page and check again.
TechRadar is part of Future US Inc. , a leading foreign media organization and virtual publisher. Visit our company (opens in a new tab).