The Ongoing Global COVID-19 Pandemic and Cybercrime

With the ongoing COVID-19 pandemic, security teams of the organizations must be prepared to tackle down the increased number of cyberattacks. With everyone in isolation, the Internet has become the primary means of work, shopping, and communication. Looking at all this, cybercriminals would most probably take advantage of such a situation to execute major cyberattacks. The Cyble Research Unit (CRU) is frequently tracking down the ongoing malicious activity during this global pandemic time. Below is the overview of the cyberattacks that have taken place till date during this global pandemic period.

– On 16 March 2020, attacks against two healthcare institutions were disclosed which took place over that weekend. Among those attacks, one was in the form of DDoS against the US Health and Human Services Department and the other attack struck against the Czech Republic University Hospital. The second attack led to the hospital to force shut down their computer systems.

• On 17 March 2020, it was being identified that the cybercriminals gangs have started to target the healthcare workers with phishing emails titled as coronavirus awareness as a means of enticing targets to open these emails.
• As of 18 March 2020, targeted attacks still are on a rise in the Health care industry and its employees. Therefore, both the organizations and the WFH employees should be precautious and attentive.
• On 19 March 2020, it was being observed that APT27 had launched a 5-stage campaign which takes advantage of the COVID-19 pandemic. The stages are described as-: 1) .lnk file is disguised as a PDF 2) contains a CAB file that places 6 more files onto the compromised system 3) ultimately, Stage 3 runs from Stage 2 that contains an XSL file that wraps a VBScript object. 4) the MSOSTYLE.exe is copied from Stage 2. 5) in Stage 5, some of the Stage 2 files are being renamed and then placed in a crafted folder called OFFICE12.
• On 20 March 2020, as per the report from Cofense, a new way is being used by the cybercriminals to take down the Organizations. It includes using phishing and the inclusion of OpenOffice documents.
• On 23 March 2020, a scam had been identified in which the text messages are being sent from the St. Alphege Police department in the UK to inform citizens of a 458 GBP subsidy, and ultimately claim the funds.
• As of 25 March 2020, once again it is being observed that the malware being distributed in various campaigns using baits related to COVID-19. Along with that, many phishing campaigns have also been identified that are attempting to infect the organizations with ransomware.
• On 26 March 2020, it is being observed that the attempts to exploit the COVID-19 is still on the rise with the malware being distributed in various campaigns using malicious documents and .iso files attempting to impersonate themselves as .xlxs files.
• As of 27 March 2020, it was being observed that a phishing campaign is targeting the healthcare supply and manufacturing sectors.
• As of 29 March 2020, there have seen a continuous increase in spam and the number of cyberattacks that tend to take advantage of the ongoing COVID-19 pandemic. For instance, recently, a Starbucks coupon scam struck many people and even big groups of individuals. Along with that, the malware distribution campaign includes malware such as Agent Tesla, Autolt, Hawkeye, JS Cryxos, Lokibot, Kryptik, Nanocore and many more being distributed in big organizations.
• On 30 March 2020, the FBI investigated more than 1200 incidents in relation to the COVID-19 pandemic. Along with that, it was also being noticed cybercriminals attempting at phishing, DDoS attacks, ransomware, and malware implants. In these cases, government agencies, medical facilities, and Work From Home (WFH) employees were the main targets of the cybercriminals.
• On 31 March 2020 multiple phishing campaigns targeted the pharmaceutical industry in North American and Israeli agriculture industry, the professional services industry in Australia and Ireland, the manufacturing industry in Europe, and higher education organizations in Canada.

Along with the above timeline, till date CRU have also identified multiple cyberattacks which have affected a large number of organizations such as-:

• Recently CRU disclosed 200 unreported data breaches due to which over 5,000,000 accounts are at risk.
• The Maze ransomware operators targeted Sonatrach and exposed their sensitive files online.
• The Netfilim ransomware operators targeted Aban Offshore Limited and exposed their sensitive data.

The above-identified cyberattacks are just a few examples from a large lot of malicious attacks that are being tracked down by the CRU. The Cyble Research Unit stated that the threat types which are leading to the increased number of cyberattacks could be categorized into 3 categories- Spam, Malware and Phishing. Over the years, the practice of using email to spread malware has become common. Cybercriminals always tend to take advantage of ongoing global panicking or stressful situations to execute multiple spam and phishing attacks. In this case, the threat of COVID-19 is no different. Whenever there is a topic of high importance or interest, there will soon be spam impersonate behind that topic end route to your inbox. This is a common tactic used by spammers since it is effective at tricking people into taking the bait.

Along with it, cybercriminals also tend to inject malware in the organization’s system to get full control of it and then play around the system as they wish. For instance, recently the hacking groups aligned with the Chinese and Russian governments have been sending malicious email attachments about the coronavirus to various companies, individuals, hospitals and many more institutions for executing cyber espionage or spying attack. As per one of the recent reports, the Chinese hackers have been using fake documents about the coronavirus to deliver malicious software into the company’s systems and ultimately steal sensitive user information from them. Cybercriminals have gone as far as to use data from prominent medical websites in their messaging to add to the believably of their spam. If we are to make an educated guess on the future of Coronavirus campaigns, we have to assume they are going to continue long after the threat of COVID-19 has passed. Looking at the current situation, the security teams of the organizations should start implementing effective measures to protect the organizations from the ongoing cyberattacks during this global pandemic period. On the same side, employees working from home should also opt for some security measures and be attentive all the time to prevent their systems from being hacked down.

Beenu Arora, CEO of Cyble and Member of Forbes Technology Council, commented- “COVID-19 is not only a physical disease but also becoming a cyber disease for the entire world. Therefore, always be suspicious of unsolicited emails. If you are looking for up to date news on the COVID-19 situation, go straight to the definitive sources and do not rely on email”

About Cyble:

Cyble Inc.’s mission is to provide organizations with a real-time view of their supply chain cyber threats and risks. Their SaaS-based solution powered by machine learning and human analysis provides organizations’ insights to cyber threats introduced by suppliers and enables them to respond to them faster and more efficiently.

Cyble strives to be a reliable partner/facilitator to its clients allowing them with unprecedented security scoring of suppliers through cyber intelligence sourced from open and closed channels such as OSINT, the dark web and deep web monitoring and passive scanning of internet presence. Furthermore, the intelligence clubbed with machine learning capabilities fused with human analysis also allows clients to gain real-time cyber threat intel and help build better and stronger resilience to cyber breaches and hacks. Due to the nature of the collected data, the company also offer threat intelligence capabilities out-of-box to their subscribers.