There is a new fear that is taking the world by storm, in a very fast and furious way. It is not just impacting human beings, but it is impacting societies, businesses, our everyday lives, and even our financial markets, and the entire macro economies of nations as a whole.
Yep, you got it, it is the Coronavirus that is going around. Probably one of the best pieces of evidence on its impacts are on the DOW and NASDAQ in the last couple of weeks.
Just the in the last two weeks, the DOW has suffered its worst weekly plunge since the great recession of 2008, and just in the last few days, we have seen wild gyrations that have never been witnessed before. For instance, it has literally gone up 1,000 points in one day only to be erased completely in the next day of trading.
All of the countries are being impacted, trade flows have been greatly curtailed, and travel has been even banned to certain parts of the world. Nobody knows when this horrible episode will ever end, but scientists are working hard to find some sort of vaccine in order to help stop its spread.
But given this new mass mayhem and confusion that the world is facing, this is now a perfect time for the Cyberattacker to come out, and prey upon the emotions of the people that are suffering through this.
Most of these Cyberattacks have been in the form of Phishing Emails, where phony websites have been set up so that people can donate money to fictitious charities that claim the money will be sent to people that are suffering. But of course, it is pretty much guaranteed that it will be sent to some offshore bank account in China or Russia.
But it is not just through Phishing Emails, the Cyberattacker is also resorting to other threat variants, making use of Social Engineering tactics in order to launch Voice Phishing (aka “VPhishing”) attacks, and even using Deepfakes.
This is where the tools of Artificial (AI) are used to in order to replicate the voice and even video of a genuine leader. A good example of this would be the current presidential campaign. A Cyberattacker can easily replicate images and voice recordings, say of Bernie Sanders, in order to ask for donations to be made once again, to a phony cause.
But here are some of the specifically cited examples of where Coronavirus Cyberattacks have been made at:
*The use of the Remcos RAT malware in order to spread malicious payloads onto the desktops and wireless devices of unsuspecting victims;
*Attaching a fake .DOC file to a Phishing Email that contains macros with the actual malware inside it. Once the victim opens up this document, the malware is then unpackaged, and the damage starts to proliferate at a very fast rate;
*There is another Phishing Email which carries an infected PDF file. This file is called the “CoronaVirusSafetyMeasures_pdf“, and it actually consists of sophisticated VBS scripts which can carry the Remcos RAT dropper, in order to deliver the malicious payload. This is actually a more covert piece of malware as so far; it has avoided detection by most of the Antimalware and Antispyware software packages. It should be noted that the Phishing Email claims that the attached PDF contains instructions on how to avoid the Coronavirus, and once it is downloaded, the VBS scripts are then installed onto this directory structure:
*Another Phishing Email campaign is a three-page Microsoft Word document that claims to be from the Center for Public Health of the Ministry of Health of Ukraine. Rather than offering timely advice on what to do about the Coronavirus and how to avoid it, it once again contains malicious based macros that can leave backdoors open for the Cyberattacker to easily penetrate into victim’s computer or wireless device. For example, it can leave behind covert key logging software, clipboard stealing .EXE files, and even take pictures of and import to the Cyberattacker many screenshots of the victim’s desktop;
*There is also a Phishing Email campaign that has been launched, which purports to be from the Center for Disease Control (CDC). In this form of Cyberattack, fake Email messages are sent which depict how the Coronavirus has now become an airborne disease, and that there are confirmed cases of it in the city of where the victim resides in. From here, the victim is then tricked into clicking on a legitimate looking web address (URL) that contains the domain of the CDC website (with very slight variations to it of course). After clicking upon this, the victim is then taken to a spoofed website where they will be asked to submit their login credentials, this falling into the hands of the Cyberattacker. What makes this even worse is that this spoofed website makes use of SSL certificates to in order to make it look like a safe and secure website to visit to learn more about the Coronavirus. It should be noted here also that there are three malicious URL redirects that are being used, that make use of top-level country domains. A prime example of this .com.au.
So far at the present time, according to the Cybersecurity firm known as Check Point, since January of 2020, there has been astonishing 4,000+ domains that have been registered that are related to the Coronavirus. Of course, most of these appear to be legitimate, but the company has detected that at the present time, 3% of these registered domains were used for malicious purposes, and an additional 5% were deemed to be suspicious in nature.
My Thoughts On This
Countries all over the world are being targeted by Phishing Email scams, and one in particular is that of Italy. The Email reads as follows:
“Due to the fact that cases of coronavirus infection are documented in your area, the World Health Organization has prepared a document that includes all necessary precautions against coronavirus infection. We strongly recommend that you read the document attached to this message!”
After doing more research into this, I discovered a rather interesting trend. In these Phishing based Emails, nobody is really asking for donations or any forms of monetary gifts. Rather, all of them are about how to download or where to access to get more information about the Coronavirus, and tips on how to protect yourself and your family. But the impact is still the same in that the victim is still heisting over their usernames and passwords for nefarious purposes.
And once the Cyberattacker gets their hands on this, they can still go out and hijack the victim’s credit card and other financial accounts that he or she may have online. A catalyst for this new tactic in Social Engineering is that the Human Resources (HR) departments of many businesses worldwide are sending internal Emails to their employees about the ramifications and realities about the Coronavirus.
Of course, this sparks fear, and the Cyberattacker is simply amplifying more on this basic human emotion in order to get to the Personal Identifiable Information (PII) of the victim. In other words, the Cyberattacker is trying to mix in the phony Email with the legitimate one in order to add more to the confusion as to what is real and what is not.
Some Phishing Emails have even claimed that a vaccination for the Coronavirus has been found, and to click on a malicious link in order to find out where your closest hospital or convenient care is that has this vaccination.
In this regard, all organizations are being hit by this barrage of Phishing Email campaigns, all the way from the healthcare professional to the supply chain industries, to even the smallest of the mom and pop stores.
Heck, even my own inbox has been bombarded by fake Emails about the Coronavirus. What do I do? I simply just delete them. For me, it is so hard to tell these days what is for real and what is not anymore. I highly recommend that you do the same as well.
If you ever want to know more about the Coronavirus, simply do a basic Google search, or better yet, go straight to an authentic and legitimate resource: Your primary care physician.