As threat hunters, we have become increasingly aware of the greater need for diligence and awareness regarding the latest cyber security threat - hackers taking advantage of new vulnerabilities during this difficult time. To protect your organization, make sure employees are keeping their guard up and follow best practices for cyber security.
In this post, we share vital information about when and where to be particularly wary of malicious content, and explore recently discovered cyber attacks related to the coronavirus pandemic.
High risk cyber security threat areas
Remind your organization’s team how careful they need to be in the current cyber security threat climate. Here are some of the areas to be particularly high cyber security risk:
- Hackers taking advantage of Coronavirus fears: Hackers have been creating new attacks connected to the Coronavirus theme. They use a wide range of techniques for this: phishing, domain registration with malicious content inside, Coronavirus-related mobile applications that infect cell phones, etc. Make sure to read instructions very carefully before you download or click. Check that email addresses and website domains look legitimate and beware of anything that is littered with spelling mistakes.
- Software vulnerabilities for remote workers: Due to Coronavirus regulations, many workers quickly need to adjust to a new reality of remote work. If your organization is using Zoom, WebEx, VPN, etc. – make sure your systems are using up to date versions and include the latest patches.
Bottom line: In crisis situations, the underground community springs into action - and we need to do the same. Hackers, including cyber criminals and state-sponsored threat actors around the globe, are taking advantage of the COVID-19 outbreak to accelerate their activities and spread their own infections.
Coronavirus phishing attacks
Our investigations into cyber crime hacking communities exposed a threat actor offering a phishing method that infects victims with malware by sharing an online map of coronavirus-infected areas as a disguise. According to the threat actor, the given Pre-loader has a file extension that can be sent as an attachment directly by/to any mail service, and it works on all Windows versions.
The threat actor claims that the Pre-loader’s size is less than 1 KB, and that it does not trigger UAC and Bypass Windows Defender. The Pre-loader is offered for sale at a price ranging between $200 and $700, and it looks like people are showing interest in buying it:
Scammers state that they are trying to raise money for a vaccine. But we all know where that money will end.
Increased activity on the dark web
The cause of these new cyber security scams is likely the fact that many hackers are shut inside their homes due to the coronavirus regulations in many locations – and they are bored.
Hackers have underground networks for communicating among themselves and sharing resources for cyber attack – and we see in these forums complaints about being stuck at home because of the coronavirus, leading to a greater amount of frustration and malicious activity.
For information about best practices during this difficult time, see Cyber Security Risk Assessment: Threats to Remote Workers or read more on our Cyber Hub.