Hackers around the world are taking advantage of the rapid, widespread changes in the workforce and people’s personal online activity due to the pandemic. Widespread, mandatory work-from-home policies have led to an unprecedented volume of remote workers, which has created significant cybersecurity challenges for security teams to protect their organizations. Numerous large-scale phishing campaigns, phone and email scams, and more have emerged over the last several months targeting individuals and organizations during these uncertain times.
With that in mind, here are some of the attacks, phishing campaigns, and other cybersecurity issues that have emerged.
Coronavirus Phishing Emails
One example, reported in late March, delivers the Netwalker ransomware. The phishing emails include an attachment called “CORONAVIRUS_COVID19.vbs” containing the ransomware executable and obfuscated code to extract and launch it. Another phishing campaign, identified in Italy in early March, also pretends to be an update from the World Health Organization (WHO) doctors. It includes a malicious Word document that will install and launch the Trickbot malware, which steals the victim’s data and eventually locks down their files using the Ryuk ransomware. Read more about these campaigns in SC Magazine, The Mercury News and ComputerWeekly.
Scams Impersonate the WHO, CDC and Medicare/Medicaid
Other email and phone scams that prey on people seeking critical information about the novel virus have also surfaced in recent weeks. One sends spoofed emails that appear to be from the WHO asking for donations via Bitcoin. Another phishing campaign pretends to be an informational update about coronavirus from the WHO and downloads the FormBook information-stealing Trojan. And yet another scam directs victims to a fake Center for Disease Control (CDC) website soliciting donations. Furthermore, there are email scams that steal personal information by offering victims a false way to sign up for coronavirus testing online or asking them to verify their personal information to receive a government stimulus check. Phone scammers are even pretending to be Medicare or Medicaid workers offering free testing kits. Read more about these scams in this CNBC article.
State-sponsored attackers have also used the coronavirus to make their malware and phishing campaigns more effective. ZDNet reports that researchers have found attackers linked to Russia, North Korea, and China using documents or spear-phishing emails claiming to be updates on the spread of the virus to hide malware. So far, these attacks seem to be targeting specific officials and groups within Ukraine, South Korea, and Mongolia.
Videoconferencing Security Risks
As social distancing policies have forced unprecedented numbers of employees to work from home, and as people seek ways to stay connected, the usage of videoconferencing platforms has exploded with many of the biggest companies offering limited-time free access.
Zoom had a particularly dramatic rise with its user base increasing from 10 million daily users in December 2019 to 200 million in March. This surge in unprecedented usage exposed serious privacy and security issues with Zoom. Attackers have targeted meetings with tactics like “Zoombombing,” where they enter a random Zoom call and screen share explicit images to harass users.
Researchers have also discovered that it’s possible to join random Zoom meetings by using automated programs to guess the meeting’s Meeting ID and most recently, it’s been reported that 530,000 users’ accounts information are for sale on the darkweb. This CNET article has a running tally of the Zoom security and privacy issues and latest updates, and how Zoom is working to address them. And, this Forbes article explains some more secure alternatives you may want to recommend to your organization.
The pandemic and the rapid shift to remote work has significantly changed most organizations. Here are some additional resources to stay informed: This ZDNet article updates daily with the latest coronavirus-related security news and this ComputerWeekly article summarizes the National Cyber Security Centre’s guidance for securing remote workers.