The current coronavirus COVID-19 pandemic is changing the business landscape. The most immediate change that has been seen in many countries is the sudden increase in the amount of people working from home. Because of this change, the attack surface has increased significantly, forcing companies to strengthen their cybersecurity measures to ensure they don’t suffer at the hands of cybercriminals.
However, the increase in the attack surface is not the only cyberthreat related to the current global situation.
Malicious campaigns exploiting Covid-19
PandaLabs researchers constantly search for samples in malicious coronavirus-related campaigns. They have analyzed hundreds of malware detections from between March 12 and 25. They’ve broken down several of these campaigns in a study.
Spam using coronavirus as bait
A common tactic amongh cyberattackers is to imitate an official organization related to public health. In doing so, they hope to increase the likelihood of their victims downloading malicious content or clicking on links. Among the examples of coronavirus-related spam are the following:
- “Latest Coronavirus Updates”: This campaign was detected in the UK. The email comes with an attachment in .dat format, supposedly containing the latest news about COVID-19. This file contains a piece of malware.
- “Coronavirus: important information about precautions”: In this case, the campaign targeted users in Italy, a country severely affected by the pandemic. In both the subject and the body of the email is the text “Coronavirus: important information about precautions”. In the body of the email, the sender claims that the attachment is a document prepared by the World Health Organization (WHO) and strongly recommends that the reader download the compromised Microsoft Word attachment. The malicious file contains a Trojan.
- “Exclusive: Coronavirus Vaccine Detected”: this campaign was spotted in Portugal. It contains a link, supposedly to a page containing more information about the alleged vaccine, but actually contains malware.
Malicious domains related to Coronavirus
Right now, many people are turning to the Internet to try to find answers to the questions they have about the pandemic. Cybercriminals have taken advantage of this situation; PandaLabs has detected a notable increase in domain names using the word “corona” combined with words commonly used in Internet searches for the disease, such as “vaccine” or “emergency”. There is a more extensive list in the report, but the following are some noteworthy examples of domain names:
- acccorona [.] com
- alphacoronavirusvaccine [.] com
- anticoronaproducts [.] com
- beatingcorona [.] com
- beatingcoronavirus [.] com
- byebyecoronavirus [.] com
- cdc-coronavirus [.] com
- contra-coronavirus [.] com
- corona-crisis [.] com
- corona-emergencia [.] com
- coronadetection [.] com
One of the most recent examples of malicious domains using Covid-10 to trick its victims was seen in the UK. A group of bad actors created a website that looks like the official British Government portal for those who have been affected by the pandemic to claim economic help. The link arrives by SMS. However, if the victim introduces their bank details, the cyberattackers use this information to steal their money.
Advanced protection to halt these campaigns
In the report you can find more information about the cyberattacks mentioned here, along with more technical details about these campaigns. But, as is the case with any cyberthreat, the first line of defense is prevention.
To begin with, the most important thing is to educate employees about the risks involved in downloading attachments from unknown senders. It is also important to stress the harm that clicking on links in emails from strangers can do. Another vital measure is good password hygiene: Use complex passwords and change them frequently.
Another essential step in any cybersecurity plan are advanced solutions. Panda Adaptive Defense provides continuous monitoring of all system activity, stopping any unknown process and blocking it until it is analyzed and it is determined whether it is legitimate or malicious.
Unfortunately, the cyberattacks and spam campaigns that exploit the current pandemic will most likely continue to try to harm the computer systems of companies and users around the world. Make sure you have the necessary protection with Panda Security.