COVID-19: New Cyber Threats

While we all adjust to the new world of social distancing and working remotely as a result of the coronavirus disease (COVID-19), it is important to not let our guard down when it comes to cyber risks. FTI Cybersecurity is here to help navigate this new normal and assist with our collective security.

Several new scams have emerged, including mass phishing and malware attacks involving emails designed to appear as legitimate messages from medical or health organizations. These emails contain malware-laden attachments designed to either harvest credentials or infect systems. The World Health Organization has released warnings about this threat.

Advanced Cyber Attacks

Concerningly, cyber criminals have upped their efforts beyond using a “spray and pray” approach typically seen with phishing emails. A recent threat involves distributing legitimate information regarding worldwide COVID-19 infection rates that secretly spreads malware to unknowing computers.

“In one scheme, an interactive dashboard of coronavirus infections and deaths produced by Johns Hopkins University is being used in malicious Web sites (and possibly spam emails) to spread password-stealing malware.”¹

Furthering the issue, Russian cyber criminals are selling a “coronavirus infection kit” that uses the Hopkins interactive map as part of a Java-based malware deployment scheme.² The use of real-time data and an interactive map makes the scam believable, especially when individuals are less guarded due to the uneasiness of dealing with a pandemic.

Footnotes:

1, 2: https://krebsonsecurity.com/2020/03/live-coronavirus-map-used-to-spread-malware/