COVID-19 Malware and Phishing Scams
By Thomas Holt Russell
It may come as no surprise that hackers and scammers are taking advantage of the increasing numbers of people suddenly working from home due to the COVID-19 pandemic. Overnight, millions of people who never worked from home before are now sitting ducks for the skilled hacker that is hunting them. The rising of the number of people working from home is a bonanza for hackers.
Working from home may not be the best experience for many people. Besides the regular distractions such as kids, balancing home life and work life in the same place, and Netflix, it is also uncomfortable being a prime target for hackers.
Let’s take a look at a couple of scams.
One of the main methods used to coax people out of their private information is a phishing scam. Phishing is fraud attempts perpetrated by random attackers against a large number of users. This cybercrime is mostly conducted through email by someone posing as a legitimate institution to lure people into providing sensitive data such as personally identifiable information (PII).
There is one particular coronavirus hoax that targets Android users. It promises to provide real-time access to virus tracking. They promise statistics as well as a visual map that tracks the hot areas for the virus. The application prompts users to download this Android App. This application is full of ransomware. It denies users access to their phones. The application accomplishes this by forcing a change in the password used to unlock the phone. The hackers will then request a $100 ransom in bitcoin. The victim has only 48 hours to comply. The hackers threaten to erase all contacts, photos, videos, and documents. This malware is called the CovidLock ransomware. A more in-depth look into CovidLock can be found here: https://www.domaintools.com/resources/blog/covidlock-update-coronavirus-ransomware
There is another phishing scam that seems to come from the World Health Organization. Emails are sent out promising information on safety measures to avoid virus infections. The user will click on an embedded link and then are directed to a site that asks for personal information. The scam looks very legitimate, so it can be difficult to tell whether it is real or not. There are also similar scams that promise face masks and other PII equipment.
People are attacked during their most vulnerable times, so this is a very critical time to practice cyber safety. Think as if the entire world is involved in taking advantage of our vulnerability because they are. Individuals perpetrate some of these scams, but there are also state-run resources directed in this effort. The usual suspects, China, Russia, Iran, and North Korea, are actively using virus-related information to conduct spying operations.
SophosLabs has a list of newly registered malicious domains that have sprouted up since the pandemic. The list can be found here: https://twitter.com/SophosLabs/status/1239598289890111488
Even an established organization, such a NASA, is not immune to attacks by hackers. This past week NASA has reported an exponential increase in malware attacks. Many of these attacks are directed at people working from home. According to a NASA memo, some of the signs of increased hacking include a doubling of phishing attempts, a massive increase in malware attacks on NASA systems, and double the number of mitigation blocking of NASA systems trying to access malicious sites. This increase in activity is due to users accessing the internet. This proves that NSA employees and contractors are clicking malicious sites that arrive in their email. In part, the NASA memo to employees stated;
“NASA employees and contractors should be aware that nation-states and cybercriminals are actively using the COVID-19 pandemic to exploit and target NASA electronic devices, networks, and personal devices.”
What can we do?
People are the weakest link in cybersecurity. If employees were trained to identify fishing emails, that could save companies a lot of misery. Besides training, VPNs are a good start. However, people working from home, away from VPN enterprise networks, are still in danger when they access any cloud-based applications. And again, VPNs do not protect companies when the employee clicks a malicious link in a phishing email.
Some of the things that need to be done for cyber protections are under our control. These measures will help. Keep operating systems, browsers, router firmware, phones, and all devices up to date. Another idea is to receive email messages on computers and phones that are not connected to work.
Be on the lookout for suspicious emails and websites that promises to give information or any help on the pandemic. This is just an easy way for hackers to build a road to your data. If you want reliable information, the best site is the Centers for Disease and Control located at https://www.cdc.gov/coronavirus/2019-nCoV/index.html
Some of the changes being made during the pandemic will be here to stay once the virus runs its course. We may experience a vast increase in people working from home. Now is a great time for additional training and awareness for cybersecurity. The threat will never leave, so we have to be serious about protecting our data now, and well into the future.
Editor’s note: Thomas Holt Russell is the Cyber Education Program Manager for the National Cybersecurity Center. He received the 2020 Cyber Education Administrator of the Year award and wrote the book Binary Society.