While most people are continuing to support one another during the global COVID-19 pandemic, there is, once again, the risk of cyber criminals looking to profit.
"Preying on COVID-19 fears, criminals are banking on unsuspecting employees clicking on coronavirus-related links without thinking.”
While chief security officers are diligently protecting their networks while employees work from home, the threats don’t stop there - danger also lurks in clicking SMS and personal email message links.
There are a few of these currently doing the rounds in Australia, purportedly providing information such as where to find the nearest COVID-19 testing centre. Organisations must remind employees not to click links from unsolicited sources – even on personal devices - as company data can potentially be stolen or malware downloaded to infect corporate networks.
Verizon’s partner Recorded Future has confirmed the registration of thousands of fake coronavirus-related websites. These domains are being used to phish for information or to infect computer networks with malware.
Preying on COVID-19 fears, criminals are banking on unsuspecting employees clicking on coronavirus-related links without thinking. The threat risk is further exacerbated by the hundreds of thousands of employees now working from home worldwide.
Verizon Threat Research Advisory Centre (VTRAC) has collected a number of reports across the information security industry, including more than 57,000 new domain registrations that leverage the name “COVID” and more than 2,000 new domain registrations that leverage popular video conferencing tool Zoom.
Malicious Zoom installers have been “trojanised” with cryptocurrency miners, Remote Access Trojans (RAT) and adware bundles.
Among the multiple organisations issuing warnings, the Australian Competition and Consumer Commission (ACCC) has alerted Australians about the increase in spoof emails, text messages and scam phone calls claiming to be from the Australian Government. These messages claim to offer information such as COVID-19 symptoms to look out for or where to get tested. The Australian Cyber Security Centre (ACSC) has also urged businesses to incorporate cyber security into their plans for staff to work remotely during the COVID-19 outbreak.
According to the World Health Organisation, criminals have also attempted to pose as the UN agency in an effort to carry out a variety of scams from account takeovers to phony donation requests and the spread of malware.
KrebsonSecurity has reported an interactive dashboard of COVID-19 infections and deaths produced by Johns Hopkins University is being used on malicious websites to spread malware.
How are they doing it?
Even before COVID-19, phishing was a popular and effective technique for attackers. Phishing is usually an attempt to steal your credentials and obtain sensitive information. These attempts can include an email message containing a link to a fake website that looks like a log-in page from a cloud-based email provider.
In 2019, nearly a third of all breaches involved a phishing attack, making it the top threat action used in successful breaches, according to Verizon's 2019 Data Breach Investigations Report (DBIR).
When the criminals come looking for you, they’re very aware your company has security protocols in place, so threat actors are usually forced to take at least a few actions before they get what they want.
The DBIR goes on to note 28 per cent of the more than 2000 breaches involved malware infections – usually delivered by email - involved the use of stolen credentials, both of which are frequently accomplished through phishing attacks.