Coronavirus Raises Cybersecurity Risks, Malware & Phishing Scams on the Rise
In this column, we look at:
1. Coronavirus Is Everywhere, So Are New Cybersecurity Threats
2. Top Threat Actors on a Rise
3. What Can Coronavirus Pandemic Teach Businesses: 5 Key Lessons
Coronavirus Is Everywhere, So Are New Cybersecurity Threats
Global recession, disrupted supply chains, and remote workforces aren’t the only immediate effects of the coronavirus pandemic. It has become an enabler for next-gen cybersecurity threats, unfolding in the form of phishing and spear-phishing campaigns, malware, and COVID-19 themed domains. Data from Check Point’s January Global Threat Index report indicates over 4,000 coronavirus-related domains were registered across the globe since January.
“Coronavirus- related domains are 50% more likely to be malicious than other domains registered at the same period, and also higher than recent seasonal themes such as Valentine’s day,” Check Point research notes.
The Malware Hunter Team, anti-malware researchers, and creators of ID Ransomware have been actively uncovering a string of malicious attacks disguised in PDFs and email attachments, masked under names and logos of trusted organizations such as WHO and U.S. CDC alerts targeted at users. WHO issued an advisory about malicious emails and phishing campaigns to bait users to give sensitive information. Earlier this month, Sophos, a leader in next-gen cybersecurity uncovered the ‘safety measures’ phishing scam against Covid-19. The phishers created a fake website, emulating WHO and was running with a pop-up, asking for email details.
The threats landscape has never looked more complex, and the health crisis has given rise to corona phishing, as outlined by security firm Kaspersky, to gain email credentials. Phishing is the act of tricking users into sharing sensitive information such as passwords, login credentials, and even credit card keys. Riding on the fear of pandemic, bad actors are leveraging malicious emails from convincing domains for users’ credentials and financial information.
Learn More: How to Prepare a Ransomware Response Plan
Top Threat Actors on a Rise
While the primary threat is related to phishing, security researchers have found malware such as Trojans and worms disguised as educational documents that can steal data. As per a detailed study by Massachusetts-headquartered cybersecurity firm Recorded Future, the global disruption has birthed technical challenges in the security domain. The study highlights COVID-19 has become the new ‘attack vector’ for cyber criminals over the past two months.
Here’s a look at top threat actors in the wake of COVID-19:
“Interim Guidance for CoViD19.pdf” (b54ede3a59cb878f3720983827c31a7a3e92e580361da5e38adffc879e603340) -> https://bit[.]ly/2PZaHn8 -> https://www.artistdizayn[.]com/wp-content/onedrive.live.com/indexf485.html ->redir-> “Interim Guidance for CoViD19.zip”@JayTHL @JAMESWT_MHT
(1/3) pic.x.com/k6VnjHrzin— MalwareHunterTeam (@malwrhunterteam) March 18, 2020
1. Emotet: Emotet malware alert, perpetrated by TA542, a prominent threat actor group was sounded off in January with security researchers discovering emotet coronavirus email attacks targeted at users across the U.S. Japan, Singapore, Germany, and Australia among other countries. Using the coronavirus lure, Emotet campaigns can spread across networks, infecting devices. One of the most popular perpetrators of social engineering, Proofpoint research indicates Emotet’s infrastructure is ‘test and metric-driven, and is built to scale depending on what’s working.’
Threat type: Malware
2. COVID-19 Tracker app: The Covid-19 tracker app is an Android ransomware application that locks the user’s phone and demands ransom. The application can lock access to the users and uses screen-lock tactics, forcing the user to change password. Domain Tools researchers have posted the decryption key to help users protect their data.
Threat type: Ransomware
3. CoronaVirus & Kpot infostealer: BleepingComputer identified a CoronaVirus ransomware and Kpot infostealer, running under the guise of Windows WiseCleaner utilities site. Once the user downloads the installer, it can steal cookie and login information and drops a ransomware note demanding crypto payment for the decryption key. Security researchers emphasize the attack vector is similar to other malware families.
Threat type: Ransomware and information stealer
4. GuLoader: And the GuLoader, the notorious malware downloader is back. Once initiated, the malware downloads information stealers such as Lokibot, Agent Tesla, Netwire, RATs, and load encrypted payloads on Google Drives. You can check a large number of files here.
Threat type: Malware
5. Nanocore: This coronavirus-themed malware, dubbed as Nanocore, is a remote access trojan (RAT) that infects the user’s device through a code embedded in an attached document. Nanocore has been on the rise since the outbreak and is part of the malspam campaigns. The malware gives threat actors remote access to files, keylogging information, downloads, and video feeds. Another RAT, called Parallax is also on the rise and uses a similar vector to steal information.
Threat type: Malware and Malspam
6. Blackwater: This is a new-generation malware family uncovered by MalwareHunter team which is masked under an informational document on COVID-19. Blackwater leveraged cloud infrastructure and infiltrated Cloudflare Workers, thereby making it difficult to detect or block. Upon downloading the decoy document, it leads to a malicious payload.
Threat type: Malware
7. Google Squatting Campaign: COVID-19 has brought back the threat of domain squatters. IBM X-Force identified 31 squatting domains such as googlecoeonavirus.com, googlecoeonavirus.com, and googlecoonavirus.com used by threat actors to target the media sector. IBM X-force researchers indicate the campaign has a global scope and is used for credential theft.
Threat Type: Domain Squatting, Credential Theft
8. Redline stealer: Hackers are feeding off COVID-19 fears with Redline malware discovered by ProofPoint researchers. The Coronavirus-themed email campaign is masked as a request from a charity organization, but in reality is a BitBucket download link for a malicious payload. The information stealer siphons off passwords, autocomplete, cryptocurrency wallets, application data and more. Additionally, security researchers indicate the malware is peddled on ‘Russian underground forums with several pricing options, ranging from $150 to $200 pro version’.
Threat Type: Information Stealer
Kaspersky security researchers found around 10 malware files and believe the spread of malware will increase. Anton Ivanov, Vice President of Threat Research, Kaspersky said: “The coronavirus, which is currently hotly debated in the media, has been used as a bait by cybercriminals. So far, we’ve only identified ten unique files, but since this type of activity is common to popular media topics, we expect this number to increase. As people continue to worry about their health, fake documents that are said to educate them about the coronavirus may be spreading more and more malware.”
Learn More: Arctic Wolf Boosts SoC-as-a-Service Creds With $60M Funding
What Can Coronavirus Pandemic Teach Businesses: 5 Key Lessons
The COVID-19 crisis has brought a paradigm shift in the way enterprises work, pushing the use of collaboration tools and digital technologies. Well, the downside is that the contagion has led to new cybersecurity threats on the horizon. It is a time when organizations, now in remote mode, need to reevaluate their cybersecurity approach and ensure data and corporate assets are not exposed to vulnerabilities outside the firewall.
According to the International Association of IT Asset Managers (IAITAM), security could potentially be the biggest casualty for companies that lack a ‘strong IT asset management.’ “The impulse to send employees home to work is understandable, but companies and agencies without business continuity (BC) plans with a strong IT Asset Management (ITAM) component are going to be sitting ducks for breaches, hacking and data that is out there in the wild beyond the control of the company,” said Dr. Barbara Rembiesa, president and CEO of IAITAM.
Learn More: Security Experts Reveal Biggest Threats to Cybersecurity
Here are top 5 cybersecurity lessons organizations can take from COVID-19:
1. Agile cybersecurity solutions: A 2019 IBM Cost of a Data Breach study shows data breaches can cost organizations 3.9 million on average. Given the nature of the evolving threat landscape, COVID-19 pandemic has brought into focus three critical security challenges enterprises face today:
- Lack the ability to scale up security as per business needs
- Lack of technologies and preparedness to stave off Gen-V cyberattacks
- Disjointed security management process
Against this backdrop, businesses need to on-ramp agile cybersecurity solutions that can provide on-demand scalability and meet the changing needs of businesses.
2. Sharp focus on enterprise-wide security: Often, CISOs work with limited budgets and lack senior management buy-in for additional resources and investments to mitigate information security risks. In most organizations, cyber defense is viewed simply as a compliance exercise rather than an important part of the business process. Now, more than ever, organizations need to prioritize enterprise-wide security strategies and think differently about protecting company assets.
3. Building digital resilience: The ‘digital resilience’ approach is a cross-functional strategy that identifies and assesses security risks, vulnerabilities with senior executives setting goals on an enterprise-wide basis to develop processes to protect organizational assets. One of the key aspects of building digital resilience is identifying new risks and assets, such as data, applications, and information assets across the business chain.
4. CISOs to lead from the front: Now, more than ever, CISOs should actively engage with cross-functional stakeholders and business partners and act as change agents to highlight security risks and threats on the horizon. In times such as these, CISOs should analyze priority assets and gaps and take initiative to put in place long-term controls.
5. Need for more cyber risk transparency: Perhaps the biggest off-shoot of the health crisis is promoting the need for cyber-risk transparency, understanding vulnerabilities across the enterprise, and what risks are C-level executives and business leaders willing to accept. COVID-19 crisis will spark a conversation among executives and boardrooms on cyber-risks trade-offs and put in place the right controls
Learn More: Building Cyber Resilience in a VUCA World
Summary
Here’s an upside of the outbreak — remote work will become the new normal. The pandemic will significantly reshape how global enterprises work and accelerate long-term acceptance of remote work policies. Now onto the serious risks — cybersecurity threats in 2020 are completely new and have emerged as a side-effect of the pandemic. Additionally, cybercrime has become a threat to governments, with reports highlighting a spike in financially-motivated cyber crimes across the globe. As attackers become more sophisticated, causing massive damage in a short period of time, organizations need to proactively implement agile security solutions to prevent breaches. A valuable lesson for C-suite executives will be assessing high-priority risks and putting in place effective controls to tackle new threats.
About Deep Dive
Deep Dive presents an in-depth overview of an industry vertical, the growth of technology in that segment, its potential impact and how the player landscape is evolving. Join us to share your insights and research on where the technology and data are heading in the future.
Would you like to share your thoughts on the coronavirus outbreak and how the pandemic is posing new cybersecurity risks? Share your thoughts on Twitter, Facebook, and LinkedIn. We’d love to hear from you!
