Serviceteam IT Security News

Threat actors exploiting public interest in the ongoing coronavirus outbreak have baited their phishing traps with a new lure—conspiracy theories about unreleased cures.

The new tactic was noted by researchers at Proofpoint, who have been monitoring global malicious activity related to the life-threatening virus in the form of hundreds of thousands of messages. 

Alongside a flurry of phishing scams that hook victims with tall tales of secret remedies, researchers observed the emergence of campaigns that abuse perceived legitimate sources of health information to manipulate users. 

One malicious message, titled “Confidential Cure Solution on Corona virus,” presented the sickness as a “deadly virus developed and sprayed by wicked scientists to reduce the population of the world so the government will have control over you.”

The message then invited victims to download a document allegedly containing information about a cure for the virus.  

It’s not just the subject matter of coronavirus phishing scams that is changing; researchers also detected differences in the malware being used to net victims.

In a report published today, Proofpoint researchers wrote: “In this latest round of campaigns, attackers have expanded the malware used in their Coronavirus attacks to include not just Emotet and the AZORult information stealer, but also the AgentTesla Keylogger and the NanoCore RAT—all of which can steal personal information, including financial information.

Researchers also reported seeing fake Office 365, Adobe, and DocuSign sites, linked to coronavirus-themed emails, that had been specifically set up to steal credentials.

Initial coronavirus-themed attacks focused on the United States and Japan, which recorded its first fatality from COVID-19 today. More recently, researchers have observed threat actors targeting Australia and Italy, using lures written in Italian against the latter.

Other noticeable differences observed by the researchers include an increase in the number and variety of industries that these threat actors are hitting. 

“We have previously written about Coronavirus-themed attacks centered on concerns around economic disruptions in light of the outbreak, specifically around shipping. This trend is continuing and has expanded to include manufacturing as well,” wrote researchers.

“Consistent with this level of tailoring and focus on economic concerns, we are also seeing dedicated attacks against construction, education, energy, healthcare, industry, manufacturing, retail, and transportation companies.”

The prolonged focus on coronavirus as a theme suggests that the topic is proving to be a successful earner for the morally bankrupt cyber-criminals who have no qualms exploiting human suffering for financial gain.

Source: Infosecurity Magazine

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!