04 Dec 2019
Australians are famously renowned for looking out for one another in times of crisis, as evident during the recent bushfire season and the floods immediately following.
While most people are continuing to support one another during the global COVID-19 pandemic, there is, once again, the risk of cyber criminals looking to profit.
"Preying on COVID-19 fears, criminals are banking on unsuspecting employees clicking on coronavirus-related links without thinking.”
While chief security officers are diligently protecting their networks while employees work from home, the threats don’t stop there - danger also lurks in clicking SMS and personal email message links.
There are a few of these currently doing the rounds in Australia, purportedly providing information such as where to find the nearest COVID-19 testing centre. Organisations must remind employees not to click links from unsolicited sources – even on personal devices - as company data can potentially be stolen or malware downloaded to infect corporate networks.
Verizon’s partner Recorded Future has confirmed the registration of thousands of fake coronavirus-related websites. These domains are being used to phish for information or to infect computer networks with malware.
Preying on COVID-19 fears, criminals are banking on unsuspecting employees clicking on coronavirus-related links without thinking. The threat risk is further exacerbated by the hundreds of thousands of employees now working from home worldwide.
Verizon Threat Research Advisory Centre (VTRAC) has collected a number of reports across the information security industry, including more than 57,000 new domain registrations that leverage the name “COVID” and more than 2,000 new domain registrations that leverage popular video conferencing tool Zoom.
Malicious Zoom installers have been “trojanised” with cryptocurrency miners, Remote Access Trojans (RAT) and adware bundles.
Among the multiple organisations issuing warnings, the Australian Competition and Consumer Commission (ACCC) has alerted Australians about the increase in spoof emails, text messages and scam phone calls claiming to be from the Australian Government. These messages claim to offer information such as COVID-19 symptoms to look out for or where to get tested. The Australian Cyber Security Centre (ACSC) has also urged businesses to incorporate cyber security into their plans for staff to work remotely during the COVID-19 outbreak.
According to the World Health Organisation, criminals have also attempted to pose as the UN agency in an effort to carry out a variety of scams from account takeovers to phony donation requests and the spread of malware.
KrebsonSecurity has reported an interactive dashboard of COVID-19 infections and deaths produced by Johns Hopkins University is being used on malicious websites to spread malware.
How are they doing it?
Even before COVID-19, phishing was a popular and effective technique for attackers. Phishing is usually an attempt to steal your credentials and obtain sensitive information. These attempts can include an email message containing a link to a fake website that looks like a log-in page from a cloud-based email provider.
In 2019, nearly a third of all breaches involved a phishing attack, making it the top threat action used in successful breaches, according to Verizon's 2019 Data Breach Investigations Report (DBIR).
When the criminals come looking for you, they’re very aware your company has security protocols in place, so threat actors are usually forced to take at least a few actions before they get what they want.
The DBIR goes on to note 28 per cent of the more than 2000 breaches involved malware infections – usually delivered by email - involved the use of stolen credentials, both of which are frequently accomplished through phishing attacks.
What to do
While a good rule of thumb is to delete suspicious emails, in some workplaces (such as ANZ) the security team want them to be reported - and provide secure means for doing so - in order to properly understand the risk.
Be wary of websites soliciting for donations, offering medical advice and supplies or advice on the financial markets. In short, don’t take the bait by clicking on links from sources you don’t know.
If the email message is conveying an important or urgent matter from an organisation you know such as your bank or hospital, contact the sender through alternate and official channels to confirm whether or not it really is from them.
Of course, it goes without saying you need to keep your system security up to date and encrypt/password protect sensitive information.
If you’re working from home, please ensure your VPN contains two-factor authentication to secure your network.
Simon Ezard is Principal Consultant at Verizon’s Threat Research Advisory Centre (VTRAC) in Australia and New Zealand
Find out more about phishing, malware and the Verizon Data Breach Investigative Report here
The views and opinions expressed in this communication are those of the author and may not necessarily state or reflect those of ANZ.
04 Dec 2019
24 May 2018