Keeping a level head against cybercrime in times of crisis

by Jose Hernandez

08 April 2020

Two people working from home

Misinformation is spreading across the globe as a result of the COVID-19 pandemic. Scammers are taking advantage of this unique moment and targeting people who are vulnerable.

Scammers understand that people all over the world are afraid and they know that fear is a great tool. Fear reduces our ability to analyse situations, so a phishing email that you could easily identify before the pandemic becomes a little more believable during an emergency.

The interesting aspect of these scam campaigns is how the scammers are creatively using the COVID-19 pandemic to emotionally manipulate victims. Social engineering relies on believable scenarios to reinforce the credibility of the attacker.

A view of the Earth from space

Scam campaigns are being reported across the globe as COVID-19 panic takes hold

Types of attacks in the wild

In a pandemic scenario, the best and most effective type of attack is phishing. Phishing is ideal in pandemics because it’s easy to action. In most instances, phishing can be executed anonymously, and believable scenarios are readily available in a time where misinformation is rampant. Scammers understand people are looking for answers and they’re more than happy to provide them.

A woman working on a laptop

Scammers are spreading misinformation to the vulnerable 

As early as February, a phishing campaign targeted Japanese citizens by sending malware as email attachments; the attached documents promised information on how to prevent the coronavirus infection. Scammers hiding behind documents with valuable information build a sense of trust with the victim, which they can later leverage. Most of the attacks are focused on providing helpful information or impersonating organizations like the Center for Disease Control (CDC), while some of the scams were a typical phishing scam, but with a focus on COVID-19. For instance, a campaign tricks users into installing a fake antivirus solution that would protect against the COVID-19 virus, causing the victim to unknowingly install the BlackNet RAT trojan. Scammers will prey on nearly every aspect of people dealing with the pandemic. In a campaign discovered by security vendor Malwarebytes, it discovered a phishing campaign attempting to trick people into donating to help the government. The scam tricked victims into donating money to help fund medical research for the coronavirus. No money was donated for research but instead the scammers would steal the victim’s credit card information.

A man working on a laptop

Phishing campaigns trick users into downloading viruses or handing over their credit card details to scammers

Healthcare industry is a prime target for coronavirus cyberattacks

At this moment, scammers are focused not only on individuals but the medical and healthcare industry. Hospitals are especially vulnerable because the coronavirus is consuming many of their resources. Scammers understand the situation that hospitals are in and are targeting hospitals with ransomware. A large hospital in the Czech Republic, for example, was hit with ransomware and as a result, the hospital had to postpone surgical operations and reroute patients to a nearby hospital. The intensity of COVID-19 on the infrastructure of many hospitals could result in administrators caving in to ransomware demands. Chaotic times such as these can prove difficult and painful for many people, but they are also viewed as a perfect opportunity for others.

Doctors walking in a hall with glass walls

The COVID-19 pandemic could result in hospital administrators caving in to ransomware demands to protect their infrastructure

Advance Persistent Threat (APT) groups are active during this pandemic. The Mongolian government was targeted with a COVID-19 themed attack that used new malware. The attack and the methodology were very similar to attacks performed by specialized Chinese APT groups. Attacking during the current COVID-19 environment is the ideal way to cover one’s tracks, and even if you’re caught, there are so many scams currently active that it’s easy to deflect blame.

While the whole world seems to be off balance, it’s always important to remember to keep calm and refocus. A lot’s going on in the world, but as security professionals we must keep our composure. It is a great time for your company to review your social engineering and phishing user education trainings and policies. Remember that many of these attacks are relying on the fact that many people are scared and, if you remain calm and help keep your workforce and clients calm, many of the scams will fail. Since many phishing campaigns related to COVID-19 rely on people’s fear of inadequate knowledge of the virus, provide your users with trustworthy resources with information related to coronavirus. Stay safe and indoors.

A woman sitting on the couch with a tablet and mug

If you focus and help keep your workforce and clients calm, many of the COVID-19 pandemic scams will fail

Malware used by coronavirus scammers since January 2020

  • Emotet
  • AzorUt
  • Remcos RAT
  • APT customized RATs
  • Android APKs used for surveillance – pretend to be Corona information apps
  • Ransomware
  • Hawkeye
  • Java Trojan - Hopkins Map
  • Blacknet Bot
  • Ginp - Banking Trojan
  • Ryuk Ransomware
  • Ostap / Tricot
  • Oski Malware
  • Maze Ransomware
  • Zeus sphinx banking trojan

Common attacks in coronavirus campaigns since January 2020 

  • phishing to steal passwords
  • installing Keyloggers
  • Android Ransomware
  • spam
  • PHP Malicious Third-Party Plugins
  • Trojan Banking apps hiding behind live corona monitoring apps
  • donating to fake charities or towards creating a cure
  • targeting of the stimulus checks
  • extortion scams
Jose Hernandez

Jose Hernandez

Vulnerability Research Analyst, NTT Ltd.