Coronavirus has sent a chill through the world economy and has spread fear beyond its origin in the Wuhan province of China. As the virus threatens to become a global pandemic, hackers and cybercriminals are using public apprehension over the outbreak to advance their agendas.
Hackers use coronavirus anxiety to target the healthcare industry
Fears over the coronavirus have hit healthcare industries where convincing-looking emails from the World Health Organization (WHO) or local hospitals contain payloads of key-stroke logging malware. Meanwhile, other attacks are focusing on the disruption to the supply chain that the coronavirus is beginning to inflict.
The supply chain attacks are unleashed with a coronavirus-themed email that contains malicious Microsoft Word documents and installs AZORult, an information-stealing malware.
Meanwhile, IBM recently warned consumers that ransomware has also entered the mix of coronavirus-themed payloads hackers are unleashing. Emails purporting to contain information about the spread of the coronavirus will secretly download the Emotet malware that allows hackers to steal information and deliver malware.
“This new approach to delivering Emotet may be significantly more successful, due to the wide impact of the coronavirus and the fear of infection surrounding it,” said IBM. With no sign that the coronavirus’s spread is slowing, this is ominous news for MSPs and cybersecurity professionals who have devoted considerable resources to fighting ransomware.
Coronavirus-themed attacks use common tactics
While these attacks are preying upon the anxiety over the coronavirus, the tactics they are using are nothing new, according to Vance Saunders, director of the cybersecurity program at Wright State University in Dayton, Ohio. Such predatory behavior by bad guys pre-dates the cyber-era. After natural disasters or national tragedies, scammers have always tried to prey upon human generosity and vulnerability to pad their pockets.
“Anytime that bad guys can take advantage of legitimate concern on the part of a large group of people, they will exploit it,” Saunders tells Smarter MSP, adding that phishing schemes are the “easiest” way to do this for cyber scammers.
The WHO-themed emails scrape information from legitimate WHO pages to create a convincing-looking fake. For MSPs and security professionals seeking to keep their networks safe, the defense against being duped by a coronavirus-themed email is decidedly low tech.
“It just requires one to take a deep breath before getting caught up in the moment,” describes Saunders.
If a client’s business could be disrupted by the coronavirus, then perhaps a company-wide memo should be distributed to warn employees that phishing scams utilizing coronavirus information are circulating. Education is key. MSPs need to get out in front of the coronavirus malware by warning clients and their employees to not fall for scams that tie into the topic.
When something like coronavirus is all over the news, it can be easier to be drawn into fears of life or death, which the growing pandemic plays upon.
“It’s a perfect storm for the bad guys to exploit,” notes Saunders.
From a security standpoint, professionals need to use significant news events to heighten awareness, especially in industry verticals that tie into it.
“Every time a world event occurs, we know the attacks will be generated,” details Saunders. The events should be used as a reminder to monitor networks extra closely.
Take basic steps
Assuming you have already taken payloads like ransomware or keylogging into your risk management, beyond that it is merely about education and awareness.
“Technology can’t solve this problem,” admits Saunders, pointing to the tendency of people to fall for emails that tie into international news events.
In addition to education, a robust cybersecurity regimen should be in place around the themes of “detect, react, and adapt,” lists Saunders, explaining that one should monitor networks, anticipate what can be anticipated, and put measures in place to mitigate the impact.
If an employee opens an infected email, you may not necessarily know it right away.
“Some types of malware are virtually impossible to find, even for professionals,” observes Saunders. The standard practices of periodically reimaging machines and backing up data regularly are both vital.
Practicing good cyber-hygiene, education, and deliberation will keep your clients from getting computer viruses. Meanwhile, the medical industry will hopefully find a way to stop the spread of the coronavirus.
Photo: myboys.me / Shutterstock
I love the line practice good Cyber Hygiene
“Bad” people will always find ways to exploit things like the coronavirus, it’s a never ending story!
We’ve found end user security awareness training in combination with security products are the best defense against these continuing threats.
think, Think, THINK!
Very timely and informative article
The VPN ticket influx is staggering!
Once people address personal concerns they are going to be more focused on what this means to their businesses.
Preying on peoples humanity in this trying time is disturbing. No matter what is going on, we always need to try and see things with a level-head and be as suspecting as ever.
There are two major lessons that I take from this situation. The first is the importance of being prepared for the realities of life. This is not the first time businesses have experience inconvenience due to illness. Ever had a sick child? Identify issues that cause disruption and create (and test) plans to handle. The second lesson is just how socially debilitating a denial of service situation can be. We tend to think that denial of service from an electronic perspective but not from a toilet paper perspective. When we cannot get to a website many people get upset, when we cannot get our paper the nation wigs. Interesting is that to not be affected by lesson two you need to do lesson one.
It is such a shame that people take advantage of others in such a vulnerable time.
Good info, thanks!
It is important to educate users regularly on opening suspect emails.
You must give them explicit instructions, update, educate and reinforce
vigilance, I tell my users to contact IT even with the slightest doubt or suspicion.
Big RED report button on every email that seems suspicious, although none of our users have had to use them because our security policy doesn’t allow for this kind of thing to make it past the front gate.