Hackers sponsored by Chinese, Russian and North Korean governments have been using COVID-19 themed phishing emails to infect millions of vulnerable devices with malware.
Government-backed hacker groups in China, Russia, and North Korea are taking advantage of the global epidemic and are sending out coronavirus-themed phishing emails to infect targeted devices with malware to either exfiltrate data or infiltrate spyware or ransomware.
Nation state hackers are not only targeting individials but also industries such as transport, aerospace, manufacturing, healthcare, hospitality and insurance and many of these activities have been spotted by cyber security researchers over the past week.
Earlier today, the National Cyber Security Centre also took cognizance of cyber criminals taking advantage of the coronavirus pandemic to target unsuspecting members of the public. In its latest Weekly Threat Report released earlier today, the cyber security watchdog alerted citizens about a rise in “the number of phishing emails using the coronavirus as a lure”.
“Cyber criminals have been exploiting the pandemic to steal money or sensitive information through phishing campaigns in several countries. By creating fake websites and emails masquerading as legitimate, attackers have been able to infect victims with malware,” it said.
NCSC has also issued a list of tell-tale signs of phishing emails, and these include poor grammar, punctuation, and spelling in many such emails, emails trying to instill a sense of urgency to take action among recipients, emails asking for personal information, emails offering unbelievable gifts and rewards, and emails that address recipients as ‘valued customer’, or ‘friend’, or ‘colleague’.
Coronavirus-themed phishing campaigns are based on official news and advisories to appear legitimate
Research from security firm F-Secure has also revealed how Coronavirus email attacks have spread west along with the virus. In the past few days, the firm observed that many Coronavirus-themed malspam campaigns have been following news and advisories and gathering correlations between those. Initially targeting Internet users in Japan, these campaigns have slowly shifted to the West in tandem with the virus.
“While using current themes is nothing new for opportunistic threat actors, what’s interesting to note here is that one malware spam after another has started to use the coronavirus topic in their distribution emails. Even more interesting is the usage of news information or public advisories as the basis for the email topics. This helps give validity to the email itself,” says Maria Patricia Revilla Dacuno, a researcher at F-Secure.
Hackers behind such malspam campaigns have so far deployed a range of malware such as Emoted, Trickbot, Agent Tesla, Formbook and Lokibot that steal email addresses and passwords from browsers, and Remcos RAT that allows attackers to control a victim’s system remotely and execute commands.
In order to lure victims to click on emails and download files that contain malware, spammers are using subject lines such as “Feeling Helpless Against Corona?”, “Military Source Exposes Shocking TRUTH About Coronavirus”, and “Highly Effective Anti-Pollution Clean Air Breathing Mask.”
“Coronavirus is a formidable and fairly unprecedented opportunity to trick panicking people amid the global havoc and mayhem. In light of the spiraling uncertainty and fake news, even experienced cybersecurity professionals may get scammed by a well-crafted phishing email allegedly coming from a national health authority and involving his or her family or workplace,” says Ilia Kolochenko, Founder & CEO of web security company ImmuniWeb.
“The more emotions and personal matters the attackers leverage, the more successful their campaigns will likely be. The human factor remains the most burdensome to mitigate by technical means among the wide spectrum of organizational cyber risks, and the COVID-19 connection makes victims particularly susceptible to thoughtless actions.
“Organisations should urgently consider implement and promulgate a clear, centralized and consistent internal process to communicate all the events and precautions related to the coronavirus pandemic. Corporate cybersecurity and security awareness should constitute an invaluable part of such communications, as cybercriminals are profiteering from obscurity and uncertainty,” he adds.