• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Hackers Exploit Coronavirus Fears in Phishing and Malware Campaigns

April 10, 2020 By Stephen Helm

It seems hackers will take advantage of any major news story or world event to launch their attacks. At a time of heightened fear, your employees’ email and social media accounts are flooded with news reports, comments, videos, and links about the virus. Unfortunately, cyber criminals are exploiting fears to phish your users, hack their systems, or deliver malware. Here are just a few examples of how threat actors are taking advantage of coronavirus:

  • Impersonating healthcare organizations. The FBI Internet Crime Complaint Center (IC3) is warning people about phishing campaigns that impersonate the CDC, WHO and other healthcare organizations. The malicious emails trick users with the suggestion of urgent information about the virus as a means to introduce malware or steal passwords.
  • Relief payment exploitation. Cyber criminals are taking advantage of people desperate for the funds they need to weather the storm by pretending to the IRS. Victims are asked to confirm an account number via an attached document to receive their payments. Doing so introduces a remote access trojan onto the user machine.
  • Spamming the Emotet trojan. Hackers using seemingly helpful notices about how to prevent the spread of coronavirus targeted users in Japan as part of a spam campaign designed to introduce the Emotet trojan. Emotet is capable of hijacking email accounts and spoofing messages to further infiltrate an environment.
  • Fake virus tracking app delivers ransomware. An app masking itself as a coronavirus outbreak map tracker is actually ransomware that locks down your phone. The app,”COVID19 Tracker,” infects your device and demands $250 in Bitcoin.

During this time of crisis, employees, especially those working remotely, are prime targets for cyber criminals. Phishing attacks specifically have skyrocketed, with dozens of malicious domains exploiting coronavirus deployed each day. Many of these campaigns use well-known phishing kits, simply repurposed for the times.[1]

COVID-19 MALICIOUS DOMAIN FEEDS

A variety of people track malicious domains and other intelligence and share it openly with the security community for use in DNS-filtering solutions. Many of these intelligence sources have ramped up their efforts to detect and classify malicious domains exploiting the coronavirus outbreak and provide regular updates to their feeds against these specific attacks.

WatchGuard continually curates and adds updates our intelligence sources to address the latest threats, protecting your network and users from opportunistic criminals. To that end, WatchGuard DNSWatch and DNSWatchGO now include three independent feeds of malicious domains related to COVID-19, including those from Centro Criptológico Nacional CERT. Additional intelligence feeds will be added as the threat picture evolves.

Secure Your Users with a FREE trial of DNSWatchGO from WatchGuard

For a limited time, WatchGuard is offering DNSWatchGO free for 120 days for up to 250 users. To get started, visit the WatchGuard website or request a trial through your preferred WatchGuard Security Partner.

[1] https://threatpost.com/covid-19-scam-scramble-cybercrooks-recycle/154383/

Share This:

Related

Filed Under: Featured, WatchGuard Articles Tagged With: dns, DNS Hijack, DNS Server, Phishing, spear phishing

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Malvertising, Ransomware, and Alleged IRS Breach
  • Law Enforcement Infiltrate and Seize Hive Ransomware Operation
  • The RCE Vulnerability That Wasn’t
  • When Trying to Catch ‘Em All, Leave This RAT Alone

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Cybersecurity News: ACLU Unveils Mass Surveillance Program, (More) Malvertising, and Breaches
  • Law Enforcement Infiltrate and Seize Hive Ransomware Operation
  • Cybersecurity News: Malvertising, Ransomware, and Alleged IRS Breach
  • The RCE Vulnerability That Wasn’t
  • When Trying to Catch ‘Em All, Leave This RAT Alone
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use