sb-as logo
Story image

Reports suggest spike in vaccine-related phishing campaigns

12 Aug 2020

When the COVID-19 pandemic picked up steam in its initial spread across the world in March, instances of pandemic-related phishing campaigns were rife across the internet. 

Thousands of email attacks and scams cropped up, and many more fell victim to them. Much of their success can be attributed to their exploitation of people’s fears around COVID-19 – many campaigns spoke of virus hotspots, or posed as government health departments to seem credible.

Now, with several months between the first reports of the virus, many phishing campaigns have changed course – instead of stoking fear, and with dozens of efforts to develop vaccines entering their final stages around the world, they are exploiting hopes for such a vaccine.

According to new research from Check Point, the primary attack delivery method is email, constituting 82% of all attack vectors for malicious files in the last month.

In these campaigns, attackers send emails with subject lines that include deceptive vaccine-related content, which inevitably conceal malicious links in the body. These links lead to a malicious file usually in the form of .exe, .xls or .doc. 

“Lately, we’re seeing a clear trend adopted by hackers:  deceive the masses by using their interest in coronavirus vaccines. Most of the campaigns involve a person’s inbox, which is concerning,” says Check Point data manager Omer Dembinsky.

“Over 80% of attacks against organisations start from a malicious email. Email is the first link in a chain of attacks. 

“Since email attacks usually involve the human factor, employees’ email inboxes are an organisation’s weakest link.”

Here are some examples included in Check Point’s research.

Subject: Urgent Information Letter: Covid-19 New Approved Vaccines

This campaign is an example of malspam, and contained malicious .EXE files with the name ‘Download_Covid 19 New approved vaccines.23.07.2020.exe’.

When a victim clicked, an InfoStealer was installed which made light work of extensive data theft, including login information, usernames and passwords from the user’s computer.

Subject: UK coronavirus vaccine effort is progressing

In this example, the phishing campaign contained a malicious link within an email - the subject line of which read 'UK coronavirus vaccine effort is progressing badly appropriate, recruiting consequence and elder adults'.

Further investigation revealed that it was used to redirect traffic to a known medical phishing website, which was trying to imitate a legitimate Canadian pharmacy.

Pandemic-related attacks are dropping

Despite overall numbers of cyber-attacks remained high in July, since its zenith in March and April, the number of COVID-19-related attacks has dropped significantly, according to Check Point researchers.

In July, there were 61,000 coronavirus-related attacks, a decrease of over 50% when compared to the weekly average of 130,000 attacks in June.

“Closing this security gap requires protections against various threat vectors: phishing, malware, data theft and account-takeover,” continues Dembinsky.

“I strongly urge everyone to closely read the subject lines of emails coming in. If it has the word “vaccine” in it, think twice. 

“Chances are that you are the threshold of being tricked into giving up your most sensitive, most private information.”

Link image
How to leverage backup best practices to repel ransomware
Here's how a ransomware kit with a whitepaper, webinar and 30 day free trial can help your business effectively prevent, detect and restore from a ransomware attack.More
Story image
Emotet malware is on a rampage after months of silence
CERT agencies around the world are reporting a surge in cyber attacks related to the Emotet malware, which is being distributed by email.More
Story image
Security training and tech: Empowering staff in a hybrid work environment
As employees travel back and forth between home and the workplace, are they walking through the door with cyber threats sitting on their devices?More
Story image
CrowdStrike integrates with ServiceNow program to bolster incident response
As part of the move, users can now integrate device data from the CrowdStrike Falcon platform into their incident response process, allowing for the improvement of both the security and IT operation outcomes.More
Story image
Video: 10 Minute IT Jams - The benefits of converged cloud security
Today, Techday speaks to Forcepoint senior sales engineer and solutions architect Matthew Bant, who discusses the benefits of a converged cloud security model, and the pandemic's role in complicating the security stack in organisations around the world.More
Story image
Exabeam and Code42 partner up to launch insider threat solution
The solution will give customers a fuller picture of their environment, and will leverage automated incident response to obstruct insider threat before data loss occurs.More