Cybercriminals are taking advantage of the feeling of widespread panic to carry out new waves of cyberattacks. The latest headlines are reporting everything phishing to malware campaigns (named COVID-19) involving the pandemic situation involving the novel coronavirus.
These attackers have been trying to exfiltrate Personal Identifiable Information (PII) and steal money from groups supported by governments and healthcare organizations, including hospitals, thus taking advantage of this unique and critically vulnerable moment.
Malicious campaigns impersonating health organizations have been recorded. These organizations play a significant role in the fight to prevent the pandemic; this means that various malicious groups are abusing these legitimate services to bait victims seeking vaccines and medicines into clicking and executing malicious software.
COVID-19 fraud doesn’t just cover a small piece of malware, but a large group of malicious activities that aim to deceive victims at this moment.
Below is an Android application equipped with malware that mimics a COVID-19 real-time dashboard.
Figure 1: COVID-19 Android malware tracker
These kinds of malicious applications have been disseminated around the world with the goal of infecting the largest number of users.
In other scenarios, criminals advertised a fake product to carry out rapid COVID-19 diagnostic testing at home.
Figure 2: Phishing campaign advertising a COVID-19 rapid test
The plan of attack
Criminals are now using an array of different attacks to cause damage to organizations and victims. These range from phishing attacks to mobile and traditional malware (Windows-based) and even taking advantage of video-conferencing applications to obtain details or to use recent known vulnerabilities against target users or organizations.
The methods criminals are using are not novel. For example, phishing campaigns are initiated via newly registered domains with the names of organizations, hospitals, medicines, vaccines, banks and so on, always with (Read more...)
*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Pedro Tavares. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/R8c0NlBbe88/