Coronavirus infects computer...
Well….maybe not with actual COVID-19 but that has not stopped social engineers from using the highly publicized concerns to their advantage. The coronavirus has sparked massive global media coverage, and with that, people want to know more. The problem is that most people are willing to trust just about any source, and there is so much media coverage, it allows attackers to blend in. There have already been reports of massive amounts of misinformation, such as the article that claimed: "the CDC announced that COVID-19, a disease caused by the coronavirus, had been found in toilet paper and that people should use wet cloths instead."
There have also been reports of campaigns specifically targeting geographic areas. According to CNN, "In Los Angeles County, public health officials warned residents Thursday that a letter claiming a potential coronavirus outbreak in Carson City is fake. In a suburb north of Los Angeles, a high school in Santa Clarita also issued a statement warning against false social media reports on the coronavirus outbreak. School districts in San Diego and Arizona are also warning residents about fake images of news stories claiming the coronavirus is spreading locally."
What is scarier than bad actors deliberately creating fake news to panic people is that there are more reports from government and health officials that attackers are impersonating their institutions to steal information or infect users with malware. The World Health Organization (WHO) has released a cybersecurity warning stating that "Criminals are disguising themselves as WHO to steal money or sensitive information. If you are contacted by a person or organization that appears to be from WHO, verify their authenticity before responding."
Unfortunately, email scams often try to elicit fear as a tactic to provoke a response from users, and the coronavirus has opened the phishing market on a global scale. This is not only coming as attacks designed to get personal information but also as a new avenue to spread malware. Mimecast, an email and data security company, shows attackers disseminating malicious links and PDFs that claim to contain information on how to protect yourself from the spread of the disease. "Go through the attached document on safety measures regarding the spreading of coronavirus," reads the message, which purports to come from a virologist. "This little measure can save you." So far, researchers have found 10 unique files related to Coronavirus (PDF, MP4, and Docx) were found to be circulating on the web which was filled with malevolent infections such as file-encrypting malware, crypto-mining malware and browser details siphoning digital adjectives and those which exfiltrate sensitive data. Kaspersky's researchers found that in each case, the filenames implied that they contained useful information on how to protect yourself from the coronavirus, information on how to detect it, and news updates.
Another identified attack method is the fake map. Johns Hopkins has created a popular COVID-19 dashboard that tracks confirmed cases and locations and attackers have mimicked that same map with a few added surprises. Malwarebytes discovered the malicious program, Corona-Virus-Map.com, that claims to provide an up-to-date coronavirus map just like the one at Johns Hopkins. It produces a map that looks exactly like the university's graphic. But the software has embedded malware called corona.exe that's a variant of AzorUlt, a type of spyware that steals usernames, passwords, credit card numbers, and other data stored in the user's browser.
So, it turns out not only can you catch mass hysteria from the news, but also malware. Please remind your staff, customers, friends, and family to be mindful of phishing email attacks and treat news updates like any other unsolicited email and delete them. Everyone should also be mindful of the sources they get their information from and make sure they are reputable.