Cybercriminals regularly seize on popular news stories to take advantage of public fears. Case in point: the COVID-19 coronavirus outbreak. As reported cases and death tolls rise worldwide, malicious actors are using the pandemic to entice people to click on links, open attachments, and generally forget their security best practices and information awareness training.
Here are four common cyber threats to watch out for—and potential ways to keep your employees, data, and organization safe during the COVID-19 pandemic.
1. Misleading “health and safety” emails
In the most common COVID-19 cyber threat, emails promise valuable information, but instead deliver dangerous malware for cyberespionage, ransomware installation, and credential theft. Examples include:
- Ransomware through a fake statement about coronavirus in Hong Kong, which referenced “Dr. Chuang Shuk-kwan, Head of the Communicable Disease Branch” to add an appearance of legitimacy
- A remote access trojan through a PDF of coronavirus safety measures
- Information-stealing malware through a coronavirus-themed email campaign about the shipping industry
- A virus through a coronavirus-themed document
- A malware bot through an email titled “Emergency Regulations,” that looks like it’s from the Chinese Ministry of Health
- “Coronavirus” ransomware that used a fake version of the WiseCleaner site for Windows system utilities
Many examples of coronavirus social engineering so far have masqueraded as public health or official government announcements. However, as the virus spreads to the United States, some actors may adjust their tactics to pose as other prominent public officials, including politicians and local health authorities.
2. Dangerous websites and maps
Not all websites with COVID-19 in their URL are legitimate or safe. In late February 2020, Check Point reported 3% of all COVID-19-themed domains to be malicious and another 5% as suspicious, out of a sample of more than 4,000 domains.
As people search for information about the virus’ geographic spread, cybercriminals are also using online maps—and selling coronavirus-themed malware loaders online. In a well-publicized case, spoofed versions of Johns Hopkins University’s COVID-19 tracking map distributed information-stealing malware.
3. Phishing scams
Pretending to offer infection-prevention measures, information about new cases, and general COVID-19 “awareness,” phishing campaigns target Microsoft Outlook and Office365—and credit card data.
Scammers promise you can:
- Donate food, water, and medical care, sometimes with a QR code for “donating” bitcoins
- Access non-public information that “is not being told to you by your government”
- Buy hand sanitizers, vitamins, supplements, and other supplies to fight infection
- Purchase a COVID-19 vaccine, payable by bitcoin through a fake PayPal page [Note: There is currently no vaccine to prevent coronavirus disease.]
4. State-sponsored campaigns
Nation-state actors are suspected to be actively using coronavirus themes in malware campaigns. While data remains relatively limited and it’s unclear how frequent this activity is, it seems clear that government-backed actors are utilizing mentions of the coronavirus to social engineer victims.
At the moment, state-sponsored campaigns appear to be geared predominantly toward cyberespionage. However, other types of campaigns, such as those targeting intellectual property, may be possible.
