While governments, businesses, inter-governmental agencies, and not-for-profit agencies are busy dealing with the fall out of the Coronavirus disease (COVID-19), certain groups with malicious intent are using the outbreak as an opportunity to launch cyberattacks and cripple critical infrastructure and other connected assets through social engineering.
In the last 26 days, Subex’s global honeypot has registered a slight dip in direct attacks while the volume of phishing emails and other targeted social engineering activity has grown significantly. Our researchers are reporting a 49 percent rise in social engineering attacks through a variety of channels across continents.
Coronavirus is the latest theme
These are what we call themed attacks that ride on a global scare or anxiety created by an event that influences citizens at a personal level.
About 23 common file extensions (including zip, mp3, mp4, xlsx, docx, EPS) have been released by hackers in the last 26 days. These files have a malicious payload that could encrypt files, steal/exfiltrate data, drop backdoors and even corrupt data.
File types include:
Corona_health_update.pdf (attributed to centers for disease control)
Covid19_Mandatory_work_from_measures.pdf (spread using instant messaging platforms)
Emails containing subject lines such as “coronavirus emergency declared” “1000 coronavirus deaths in last 16 hours” This drug could save your life from corona”. Emails seeking donations in the name of WHO have also been found.
The in-bound volumes of these infected files vary with healthcare announcements by governments and we have seen 3 clear windows for detection of such infected files.
7 am to 9:30 am GMT
3 pm to 3:30 PM GMT
8 pm to 9 pm GMT
Malware traffic from a major botnet in North West Asia has reduced significantly while three other possible botnets in the region are reporting a reduction in the volume of outbound traffic.
Where has all the malware gone?
In the last half of 2019, there was a significant uptake in the purchase of potent malware from across malware shops and forums. Such malware was then released in incremental batches with minimal reengineering to avoid detection. This activity picked pace towards the end of January (2020) but by mid-February (2020), the number of new malware reported registered a global decline as hackers shifted tactics towards creating opportunities using social engineering.
Our researchers have also found a slight reduction in malware prices in the last month. Which means that the demand for new malware has come down.
Hacker groups are using the panic and anxiety generated by the outbreak to prevent their victims from scrutinizing emails or other suspicious links forwarded via social media or instant messaging applications. Times of distress and anxiety often take a toll on rational thinking and this is what hackers are counting on to create a much larger problem.
Similar to the measures recommended by healthcare professionals to prevent the spread of infection, in cyberspace also we need to take a few precautions to prevent disruptive groups from utilizing the situation to their advantage. Here are a few recommended steps:
- Rely on known sources for healthcare updates (these include the World Health Organization, federal or regional governments, publications of repute and your local healthcare professionals.
- Avoid the temptation to click on links shared via social media, instant messaging applications or any other source. News updates will anyway reach you it is just a matter of a few minutes. But if you click on a suspicious link, you could end up doing far more damage in the short and long term to your business\personal interests
- Check the URL of websites carefully every time. If possible use search engines to reach sites rather than entering the URL text directly
- Keep all your software, OS, firmware and mobile applications updated. Do not skip updates.
Report any suspicious emails or URLs to your cybersecurity teams
Emotet On The Rise: CoronaVirus Phishing Campaign