← Back to Blog
Delitos informaticosInvestigacion

All the 'malware' surrounding the coronavirus

All the 'malware' surrounding the coronavirus

The entire planet has been working to curb the spread of COVID-19 or find a vaccine. But, in parallel, the world of cybercrime and malware has also mobilized to take advantage of the health crisis. It's unfortunate, but that's the reality. And it's worth taking precautions. In this post we cover the main threats circulating across networks.

Since early March, a surge in malware attacks has been detected, exploiting the fear the pandemic generates, or simply our need for information. Also targeted are the vulnerabilities in the connections of the millions of professionals working remotely due to the coronavirus.

This health crisis is not only claiming victims in hospitals and health centers, but also in cyberspace. There are many entry points and opportunities, and cybercriminals know it. During these weeks of lockdown, attacks of every kind have been observed. We're talking about phishing****, ransomware (even targeting hospitals and healthcare workers), hoaxes via WhatsApp and social media, intrusions into video conference meetings

PHISHING AND IDENTITY THEFT

For example, antivirus maker Eset recently detected a wave of email campaigns impersonating the World Health Organization (WHO) itself. They attached malicious files or links designed to download all kinds of malware — from Trickbot variants (specialized in information theft) to various types of ransomware and banking trojans.

Attackers have also impersonated national official bodies such as the Ministry of Health. Their emails, containing supposed health recommendations, ended up offering links to sell face masks. They have also sent supposed fines issued by the General Directorate of Traffic (DGT) aimed at stealing banking data.

Even in March, threats that seemed long gone resurfaced. Taking advantage of the health crisis, fraudulent online pharmacies have returned, using medications and tests for the detection and cure of coronavirus as bait.

Also from Eset, threat propagation campaigns have been identified targeting Spain and Latin America. These were emails containing information about a supposed coronavirus vaccine.

CAREFUL — NETFLIX IS NOT FREE

Our country, due to the severity of the pandemic and the interest it has generated among the population, has been one of the attackers' preferred targets. This is covered in the periodic bulletins from the National Cybersecurity Institute (Incibe).

In one of its latest communications, Incibe reported a phishing attack targeting the Netflix video platform. It spread via a WhatsApp link announcing a free subscription to the platform as a measure to ease the COVID-19 lockdown.

The agency recommends keeping a sharp eye in the coming weeks. This type of attack could spread from Netflix to other entertainment platforms and to other channels, such as email. The goal is almost always to redirect the victim to a page that simulates legitimacy in order to capture their personal and/or banking data.

(adsbygoogle = window.adsbygoogle || []).push({});

IMPORTING COMPANIES ARE ALSO A TARGET

The pandemic is affecting international trade, which faces supply problems. Phishing creators are also exploiting this factor with fake emails. According to antivirus maker Kaspersky, fraudulent emails are proliferating that detail delivery problems stemming from the health crisis. These communications state that a supplier in China cannot manufacture products on time and ask the victim (in this case a company) to provide the necessary information to fulfill the order.

In other cases, scammers reference urgent orders, adding extra pressure on victims. The main goal of these emails is to get the victim to open a malicious attachment that infects the device, giving cybercriminals remote control or access to the organization's systems. To prompt this action, cybercriminals ask victims to check delivery, payment, or order details that are supposedly contained in the attachment.

FRAUDULENT CORONAVIRUS MAPS

Mobile devices have also suffered the wave of malware related to the coronavirus. On top of the enormous amount of hoaxes and fraudulent information spreading these days across social networks and instant messaging services like WhatsApp, campaigns designed to cause harm have also emerged.

Among the most searched apps by users are those showing coronavirus maps, which in principle let you know if there are infected people nearby. However, criminals have published several fraudulent applications claiming to do exactly this — while in reality they end up infecting their victims' devices.

These fraudulent apps are used to obtain confidential information stored on the device or steal credit card data, and even encrypt stored information in order to demand a ransom. There has been no shortage of messages promising gifts or assistance from supermarkets via coupons, the free Netflix subscriptions mentioned earlier, or mobile data for use on a smartphone.

THE OUTRAGEOUS ATTACKS ON HOSPITALS

But the threats that have provoked the most public outrage are those targeting the hospitals where healthcare workers are toiling around the clock to treat the infected and save lives. On Sunday, March 22, for example, the NetWalker ransomware was detected — it could have crippled major hospitals in this country at a very critical moment.

The attack was designed to lock down computer systems and demand a ransom in exchange for the key to free them. NetWalker was transmitted via email, though the situation did not escalate further. From that point on, however, healthcare professionals were asked to exercise extreme caution when handling this tool.

ZOOM AND VIDEO CONFERENCING ARE ALSO TARGETS

In many countries, people's movements have been severely restricted. Among other measures, millions and millions of professionals have been sent home to continue their work from there. As a result, there has been a boom in remote work across Europe and the rest of the world. Also at home are more than 1 billion students worldwide following their classes as best they can.

As a result, the use of video conferencing platforms has grown exponentially — and, unsurprisingly, so has criminals' interest in attacking them. Israeli cybersecurity technology maker Check Point recently discovered a technique that allows cybercriminals to identify and join active Zoom meetings.

It is one of the most widely used collaboration services in the world, currently being downloaded several million times a day from major app stores such as Google Play Store and the Apple Store.

Check Point experts had previously reported a vulnerability through which hackers could easily generate and verify meeting IDs in this application to target victims.

In this way, an intruder could eavesdrop on conversations held through this service and, in doing so, gain access to all files (audio, video, or any other type of document) shared during the meeting.

GOOGLE CLASSROOM AND TEAMS

Likewise, in recent weeks, Check Point has detected a significant increase in new domain registrations that include the name Zoom — many of which are suspicious. Experts therefore recommend that, now more than ever, employees carefully review any link or document they receive to make sure it is not a malicious file.

But Zoom is not the only video conferencing solution under threat. The official website classroom.google.com has been impersonated by googloclassroom\.com and googieclassroom\.com. Additionally, Check Point warns that it has also discovered malicious files with names such as «zoom-us-zoom_#########.exe» and «microsoft-teams_V#mu#D_##########.exe» (where # represents various digits).

Source: Nobbot

#ciberseguridad#coronavirus#covid#50#109#110#111

Comments

No comments yet. Be the first to share your thoughts.

Leave a Comment

Comments are reviewed before publishing.