The Coronavirus Already Generates The Most Extensive Collection Of Cyber Attacks Recorded In Years
Proofpoint cybersecurity researchers have reported that the volume of email attacks related to the Coronavirus already represents the largest collection of types of cyber attacks registered under the same theme in years, or even in history.
Investigators have announced the registration of new attacks by the prolific TA505 and TA564 hacker groups, which have launched sophisticated campaigns targeting the US pharmaceutical, healthcare, and manufacturing industries, as well as public services. In total, the research team has verified the use of coronavirus as a hook in phishing credentials, attachments and malicious links, compromise of business email accounts (BEC), forgery of landing pages, downloaders, spam, and sending of malware, among other threats.
Examples of attacks include:
- An unknown malware called RedLine Stealer that takes advantage of people’s predisposition to help find a cure for Covid-19 through a distributed computing project for disease research. RedLine Stealer is being marketed on Russian underground forums with different pricing options, starting at $ 100, and has recently been updated for the theft of cryptocurrency wallets.
- Emails addressed to “parents and caregivers,” which include a malware called Ursnif that can steal information such as from bank accounts. Attackers have used the recipient’s real name to increase the perception of email legitimacy.
- Mail addressed to health organizations, offering remedies for the coronavirus in exchange for Bitcoins.
- False guides on how to protect family and friends from the coronavirus, which invite users to click on malicious links.
For the senior director of the Proofpoint Investigation and Detection Team, Sherrod DeGrippo, “ For over five weeks, our investigation team has observed numerous malicious email campaigns linked to COVID-19, many of them using fear to convince potential victims of clicking. Criminals have sent out waves of emails ranging from several dozen to over 200,000 at the same time, and the number of campaigns continues to rise. Initially, we detected around one campaign a day worldwide, whereas now we see 3-4 every day. The increase once again underscores the appeal of global news to cybercriminals. ”
” Using COVID-19 as bait is a campaign of large – scale social engineering. Attackers know that people are looking for security information and are more likely to click any link or download attachments, ” says DeGrippo. “Approximately 70% of emails discovered by the Proofpoint threat team contain malware, and almost 30% aim to steal credential data from victims. Most of these emails aim to steal credentials using fake Gmail or Office 365 access websites, asking people to enter their username and password, “concludes the senior director of the Proofpoint Investigation and Detection Team.