SecurityBrief Asia logo
Story image

80% of cyber threat landscape uses COVID-19 as leverage - report

COVID-19 has captured the world’s attention on an unprecedented scale, and there’s hardly an industry or sector that hasn’t been affected in some way by the rapid global spread of the pandemic.

Proofpoint, specialises in email fraud security, last week released a report outlining the extent to which the coronavirus can drastically change an industry: 80% of the overall threat landscape is using the virus as a theme in their attacks.

This includes attacks that don’t outright mention coronavirus in the subject or body of a message but instead reference it within attachments, links or lures.

Since January 29, when the cybersecurity company first started tracking malicious activity associated with COVID-19, Proofpoint has recorded 500,000 messages, 300,000 malicious URLs, and 200,000 malicious attachments with coronavirus themes across more than 140 campaigns.

Instances of the attacks are rising as the crisis worsens – as fear and panic grow within the general public, attackers become emboldened and take advantage of a once-in-a-century crisis to wreak havoc on security systems. 

Nearly every type of established cyber attack has been used with coronavirus themes, including business email compromise (BEC), credential phishing, malware, and spam email campaigns. 

The most popular and effective attack is credential phishing. The threat actors behind these attacks run from small unknown actors to prominent threat actors like TA542 (the group behind Emotet).

Here are some examples of each attack using COVID-19 as leverage to breach security:
 

Credential phishing -  ‘COVID-19 Infected Our Staff’

A relatively small campaign in the US, one credential phishing attack uses a company-wide email to target retail companies and uses concerns about infected staff members to try and lure victims to click, leading to Microsoft Office credential phishing.

The lure – ‘COVID-19 Infected Our Staff’ as the subject line – hooks the reader and leads to the body, which claims ‘a staff member of our company has contracted this deadly disease (COVID-19)’.

The email then encourages the recipient to open/download a malicious attachment titled ‘follow the company’s new protocol.’ The malicious attachment links to a webpage that spoofs the Microsoft Office login and asks the user for their credentials.
 

Malware – ‘Your Neighbors Tested Positive’

Another smaller campaign in the US, this one targets energy, construction and telcos with an email using the subject line ‘coronavirus update disease (COVID-19) your neighbors tested positive’.

Using the heightened paranoia that comes with such a highly infectious disease, the campaign encourages readers to open a malicious attachment named ‘receipt.xlsm’ which uses macros to download the Remcos remote control tool. 
 

Malware - GuLoader/Agent Tesla with WHO “Solution” for COVID-19

This malware campaign targets manufacturing, construction, transport, healthcare, automotive, energy and aerospace using the GuLoader and Agent Tesla tools.

The email spoofs the real address of the head of the World Health Organisation (WHO), claims there is a ‘solution’ for ‘total control’ and asks the recipient to ‘share with all contacts.’

As is common with many email cyber attacks impersonating a reputable source or organisation, grammatical mistakes are the most glaring clues hinting at malicious intent.

The subject – ‘Breaking!!! COVID-19 Solution Announced by WHO At Last As a total control method is discovered’ – features an overuse of exclamation marks and an abrupt shift from capitalising every word to not. Official emails from a United Nations agency would not look like this.

The malware contained in the attachment contains GuLoader compressed in .iso format. 

If the recipient opens and runs the attachment, GuLoader installs Agent Tesla, a Trojan written in Visual Basic that can steal usernames, passwords, and credit card information from the user’s system.

Story image
ThreatQuotient hits $22.5m in new financing, continues growth streak
“Since we first invested in ThreatQuotient in 2017, their team has continued to prove to the market that there is a critical need for cybersecurity solutions aimed at security operations."More
Story image
Need for greater understanding of data security responsibility as cloud adoption grows - report
Despite the accelerated adoption of cloud services, there was a lack of clarity and confidence regarding the protection and recovery of data stored in public clouds.More
Story image
AvePoint brings Salesforce Cloud Backup to channel partners
The product adds to the AvePoint suite of trusted Cloud Backup for Microsoft 365 and Dynamics 365 to provide managed service providers with backup and restore capabilities across multiple, popular SaaS providers.More
Story image
5G network security a US$9 billion dollar opportunity - report
The cloud-native nature of 5G networks will have a disruptive and positive impact on the cybersecurity industry in the next few years, with 5G network security presenting a US$9 billion enterprise market opportunity by 2025.More
Story image
FortiGuard appoints former cyber warfare officer
Former RAAF cyber warfare officer Mark Robson has been appointed as senior tactical threat analyst in FortiGuard’s managed detection and response team, FortiResponder.More
Story image
iland and Cohesity form alliance, target data protection market
"Together with Cohesity, we will deliver elegant and cutting-edge solutions that will take our joint customers’ digital transformation projects to the next level."More