Corsica Technologies: How Hackers are Using Coronavirus to Compromise Your Computer

Lisa Pham

Friday, April 24th, 2020

Given the rapidly evolving story around the COVID-19 pandemic, countless Americans are actively searching for information. Hackers have taken notice and are wasting no time trying to take advantage in a number of ways.

Website Registrations

Research shows that more than half of the Coronavirus registered domains are malicious. From a recent study by Check Point Software Technologies, Coronavirus-themed domain registrations are 50% more likely to be from malicious actors.

A popular interactive COVID-19 tracking map maintained by Johns Hopkins University was a recent target for malware. Hackers claimed to have compromised the John Hopkins map and that it was distributing malware. Noted security blogger, Brian Krebs, reported Thursday that the map has been targeted by hackers who are selling malware claiming to compromise the map and infect users. Johns Hopkins spokeswoman, Jill Rosen, said the university is aware of the malware that impersonates its COVID-19 site. The malware requires users to download software to generate the fake map, Rosen told MarketWatch. She warned users to only trust the maps at the John Hopkins site and the one maintained by ArcGIS.

Phishing

As of March 11, 2020, we believe that COVID-19 has been primarily used by cybercriminals as a theme for phishing attempts. We have observed at least three cases where reference to COVID-19 has been leveraged by possible nation-state actors. Nation-state actors aggressively target and gain persistent access to public and private sector networks to compromise, steal, change, or destroy information. They may be part of a state apparatus or receive direction, funding, or technical assistance from a nation-state. We assess that as the number of COVID-19 cases rise globally, as well as publicity around the virus, both cybercriminals and nation-state actors will increasingly exploit the crisis as a cyberattack vector.

Cybercriminals will often use the branding of “trusted” organizations in these phishing attacks, especially the World Health Organization and U.S. Centers for Disease Control and Prevention, in order to build credibility and get users to open attachments or click on the link. The number of references to COVID-19 in relation to cyberattacks has increased over the last two months, including country-specific phishing lures as the virus becomes more prevalent in that country. Recorded Future assesses that, for the duration of the outbreak, COVID-19 will continue to be used as a lure, and that new versions of these lures targeting new countries will emerge.

Cybercriminals will often use the branding of “trusted” organizations in these phishing attacks, especially the World Health Organization and U.S. Centers for Disease Control and Prevention, in order to build credibility and get users to open attachments or click on the link. The number of references to COVID-19 in relation to cyberattacks has increased over the last two months, including country-specific phishing lures as the virus becomes more prevalent in that country. Recorded Future assesses that, for the duration of the outbreak, COVID-19 will continue to be used as a lure, and that new versions of these lures targeting new countries will emerge.

COVID-19 has prompted many organizations to adopt dispersed workforces and the continuous flow of new information has provided threat actors a treasure trove of new avenues to attack. Threat actors have been observed creating phishing messages posing as herbal remedies for COVID-19, updates from reputable news sites and government organizations, and corporate updates on the organization’s COVID-19 response.

Tips on How Your Remote Employees Can Stay Safe Online

  • If you are using a COVID-19 tracking map, make sure you are only using maps from trusted domains of organizations such as John Hopkins University and ArcGIS.

  • Be suspicious of links in emails that claim to have new information.

  • Ensure your employees know how to report suspicious emails.

  • Be wary of shadow IT. Report problems of remote connectivity to your company’s IT team, and do not search for a work-around online.

  • Do not enter your username or password into websites that are not used frequently.

  • Make sure your employees know how your company will be broadcasting pertinent information to the organization.

These simple steps will have a drastic impact on protecting your organization during this turbulent time. Cybersecurity is our shared responsibility.

If you have any questions or concerns about your organization’s cybersecurity posture, please contact one of our experts here or calling us at (877) 659-2261. If you’d like to gauge the awareness of your staff around phishing, contact us today for a Free Organizational Phishing Test. We’ll send sample phishing emails to see how vulnerable your team may be as well as tips and recommendations on how to improve with Security Awareness Training. Contact us today to learn more.