Coronavirus in Cyberspace
Check Point's Global Threat Index shows that cybercriminals exploit interest in the global epidemic to spread malicious activity through several spam campaigns about the outbreak of a virus.
Concerns about COVID-19 appear to have become as contagious as the virus itself, with headlines spreading across almost every media network. For example, CNN.com has more than 1,200 articles on this disease, and a search on The Financial Times produces more than 1,100 results.
When the virus spreads around the world, people naturally look for the latest online information and updates on how it might affect them and what they can do to protect themselves and their families. And as you might expect, cybercriminals are quick to exploit people’s uncertainty for their own benefit.
In other words, coronavirus is “a stable ground” for hackers. Our January 2020 global threat index shows that cybercriminals are using the interest in the global epidemic to spread malicious activity, with several spam campaigns targeting the outbreak of a virus.
Since January 2020, more than 4,000 coronavirus-related domains have been registered worldwide with Check Point Threat Intelligence. These websites have found that 3% are harmful and another 5% are suspicious. Coronavirus-related domains are 50% more likely to be harmful than other domains registered in the same period, and also higher than current seasonal topics, such as Valentine's Day.
Many of these domains are likely to be used for phishing attempts. From now on, Check Point has already seen harmful activities that attract victims to their virus discussion websites, as well as fraudulent websites claiming to sell face masks, vaccines, and home tests that can detect the virus.
In addition, an extended coronavirus phishing campaign targeting Italian organizations has recently emerged, reaching more than 10% of all organizations in Italy to take advantage of the growing set of infections in the country. Here's an example of the mail content:
“Given the number of cases of coronavirus infection that have been documented in your area, the World Health Organization has prepared a document containing all necessary measures against coronavirus infection.
We strongly recommend that you read the document attached to this report.
Penelope Marchetti (World Health Organization - Italy)”
The email contains a malicious document file named f ###########. Doc (# = digit) and the subject of the e-mail "Coronavirus: Informazioni importanti su precauzioni" (Coronavirus: Important precautionary information) and the e-mail was signed by a World Health Organization (WHO) physician based in Italy. However, we searched online and could not find a doctor named Penelope Marchetti with WHO or Organizzazione Mondiale della Sanità (OMS). Also, sender email addresses do not come from official WHO or OMS domains, and most of them were not Italian at all.
Clicking "Enable Editing" and "Enable Content" will download the Ostap Trojan-Downloader, known as the Trickbot Download Program. Trickbot is a dominant banking trojan that is constantly updated with new capabilities, features and distribution vectors. This allows Trickbot to be flexible and customizable malware that can be distributed as part of multipurpose campaigns.
So how can you avoid being a victim of these fraudulent attempts? Our recommendations for safe online behavior are as follows:
• Be careful when receiving emails and files from unknown senders, especially if they require an action that you would not normally do.
• Make sure you order goods from an authentic source. One way to do this is NEVER click on promotional links in emails, instead find the seller you want and click the link on the Google results page.
• Beware of special offers. An "exclusive cure for coronavirus for $ 150" is usually not a reliable or trustworthy buying opportunity, but most likely a scam. At this time, it is not possible to treat coronavirus, and even if it was there, it would certainly not be offered to you by email.
• Beware of “lookalike” domains, misspellings in emails or on websites, and unknown email senders.
To learn more about the impact of coronavirus on cybersecurity, see the Spring ITAPA 2020 conference in a lecture by Andrej Aleksiev Cyber Security and Coronavirus. Learn more and register for Spring ITAPA today.
Andrej Aleksiev, Check Point