It seems hackers will take advantage of any major news story or world event to launch their attacks. At a time of heightened fear, your employees’ email and social media accounts are flooded with news reports, comments, videos, and links about the virus. Unfortunately, cyber criminals are exploiting fears to phish your users, hack their systems, or deliver malware. Here are just a few examples of how threat actors are taking advantage of coronavirus:
- Impersonating healthcare organizations. The FBI Internet Crime Complaint Center (IC3) is warning people about phishing campaigns that impersonate the CDC, WHO and other healthcare organizations. The malicious emails trick users with the suggestion of urgent information about the virus as a means to introduce malware or steal passwords.
- Relief payment exploitation. Cyber criminals are taking advantage of people desperate for the funds they need to weather the storm by pretending to the IRS. Victims are asked to confirm an account number via an attached document to receive their payments. Doing so introduces a remote access trojan onto the user machine.
- Spamming the Emotet trojan. Hackers using seemingly helpful notices about how to prevent the spread of coronavirus targeted users in Japan as part of a spam campaign designed to introduce the Emotet trojan. Emotet is capable of hijacking email accounts and spoofing messages to further infiltrate an environment.
- Fake virus tracking app delivers ransomware. An app masking itself as a coronavirus outbreak map tracker is actually ransomware that locks down your phone. The app,”COVID19 Tracker,” infects your device and demands $250 in Bitcoin.
During this time of crisis, employees, especially those working remotely, are prime targets for cyber criminals. Phishing attacks specifically have skyrocketed, with dozens of malicious domains exploiting coronavirus deployed each day. Many of these campaigns use well-known phishing kits, simply repurposed for the times.[1]
COVID-19 MALICIOUS DOMAIN FEEDS
A variety of people track malicious domains and other intelligence and share it openly with the security community for use in DNS-filtering solutions. Many of these intelligence sources have ramped up their efforts to detect and classify malicious domains exploiting the coronavirus outbreak and provide regular updates to their feeds against these specific attacks.
WatchGuard continually curates and adds updates our intelligence sources to address the latest threats, protecting your network and users from opportunistic criminals. To that end, WatchGuard DNSWatch and DNSWatchGO now include three independent feeds of malicious domains related to COVID-19, including those from Centro Criptológico Nacional CERT. Additional intelligence feeds will be added as the threat picture evolves.
Secure Your Users with a FREE trial of DNSWatchGO from WatchGuard
For a limited time, WatchGuard is offering DNSWatchGO free for 120 days for up to 250 users. To get started, visit the WatchGuard website or request a trial through your preferred WatchGuard Security Partner.
[1] https://threatpost.com/covid-19-scam-scramble-cybercrooks-recycle/154383/