COVID-19 Cyber Threats
Since there is a huge focus on the spreading pandemic and attackers taking advantage of this to lure victims into opening attachments on malicious emails and click on phishing links. This is a very widespread attack and not directly coming from one source, rather many sources. The following are confirmed malicious emails using subjects containing COVID-19 or related keywords carrying RATs such as Netwire, NanoCore and LokiBot. Subject examples:
- CORONAVIRUS (COVID-19) UPDATE // BUSINESS CONTINUITY PLAN ANNOUNCEMENT STARTING MARCH 2020.
- Latest corona-virus updates
- UNICEF COVID-19 TIPS APP
- POEA HEALTH ADVISORY re-2020 Novel Corona Virus.
- WARNING! CORONA VIRUS
The file attachments
- AWARENESS NOTICE ON CORONAVIRUS COVID-19 DOCUMENT_pdf.exe
- Coronavirus COVID-19 upadte.xlsx
- CORONA VIRUS1.uue
- CORONA VIRUS AFFECTED CREW AND VESSEL.xlsm
The targets of these attacks (this could be anyone) are mostly directed towards government healthcare organizations, medical research universities, industrial manufacturing firms, and research institutes. Subject examples:
- Coronavirus disease
- COVID-19 Supplier Notice/COVID-19 Supplier Notice.jpg.exe
- Corporate advisory CoronaVirus (Covid-19)/Corporate advisory Co
I feel like these attacks could be very detrimental, especially if your team has the bad habit of not paying attention to what they open. You should always be aware of the risks involved with opening emails and the repercussions that can be catastrophic. As long as these are hammered in then your team should have a good understanding of malicious emails and what to look out for.