sb-as logo
Story image

'Social engineering at scale': Phishing attacks milk COVID-19

08 Apr 2020

Researchers at cybersecurity firm Proofpoint have published details of some of the most prevalent phishing attacks related to the COVID-19 coronavirus – and attackers are using false cash stimulus ‘promises’ as bait.

Genuine cash stimulus packages from governments and banks are common while COVID-19 damages people and economies – and cybercriminals have seen the potential, as they have impersonated these institutions – and even the World Health Organization (WHO) itself.

In one case, a phishing campaign targeted at tech and IT firms worldwide claims to come from the WHO and the International Monetary Fund (IMF). It says the recipient has been ‘randomly selected’ for financial compensation due to COVID-19. To claim their funds, they must view and print the attached document.

The email contains a malicious Excel-branded attachment, called COVID18-COMPENSATION.html, that asks for a username and password when opened. Attackers have then collected those usernames and passwords.

In another case, attackers have impersonated a major Australian newspaper to trick recipients into clicking an attachment with an embedded URL that then spoofs a OneDrive login page.

According to Proofpoint researchers, the email claims that the “Government has released its stimulus package in response to the Coronavirus outbreak” and encourages the recipient to open the malicious attachment for more details. 

When users click the link, a spoofed OneDrive login page collects user information.

Proofpoint researchers comment that the emails are actually delivered by “Romanian top-level domain address of “.ro.” To appear authentic, the message includes supposed contact information for the paper and notes that they are “…happy to advise that we have now moved back to” the address provided. It’s notable that the address in the email does not match the newspaper being spoofed.”

In a third case, attackers targeted US healthcare and higher education institutions in a campaign claiming that the Trump administration may send US adults a check for $1000 to stimulate the economy.

That, however, is false – as people who click the link are taken to a phishing page that asks for domain/username, email address, and password.

“The messages are notable for its crude design, as the message has clear grammar and usage errors and uses a basic webpage clearly branded by a free website maker for its credential phishing,” say Proofpoint researchers.

The researchers say that the wider implications of these phishing attempts show that attackers are using ‘social engineering at scale’. Researchers believe the attackers will continue to change their attack strategies to keep up with news about COVID-19.

Story image
Entrust acquires HyTrust, with aim to improve data encryption solutions
Entrust says the acquisition will bolster its effort to deliver data protection and compliance solutions to its customers, while accelerating their digital transformations.More
Story image
22 billion records exposed from breaches in 2020 — report
The research also found that 35% of the breaches recorded by Tenable were caused by ransomware attacks, while 14% of breaches stemmed from email compromises.More
Story image
Online gaming a 'hotbed' for DDoS attacks — report
The latency and availability issues present in online gaming, in particular, presented an attractive target to attackers, in addition to the enduring popularity of gaming in the era of COVID-19.More
Story image
QNAP launches new desktop smart edge PoE switch
Includes 16 x 30-watt Gigabit PoE ports, 2 x 2.5GbE host management ports, Intel J4125 quad-core 2.0 GHz processor, and 4 x 3.5-inch SATA drive bays.More
Story image
BackupAssist partners with Wasabi for greater cyber-resilience
This partnership provides customers with an up to 80% less expensive solution that is faster than the competition for achieving enterprise-grade cyber-resilience, the company states. More
Story image
Palo Alto Networks advances attack surface management with Expanse
"By integrating Expanse's attack surface management capabilities into Cortex after closing, we will be able to offer the first solution that combines the outside view of an organisation's attack surface with an inside view to proactively address all security threats."More