Coronavirus Sparks Rise in Cybercrime From Foreign Agents—How to Protect Yourself From These Internet Scams

The Department of Health and Human Services (HHS) has been hit by a cyberattack that will have unfold disinformation to Americans.

According to Bloomberg, the division’s pc system was hacked on Sunday evening in an try and “slow the agency’s computer system down”. The hack prompted the National Security Council (NSC) to advise Americans {that a} nationwide lockdown was not going down.

On it is Twitter, the NSC says: “Text message rumors of a national #quarantine are FAKE. There is no national lockdown. @CDCgov has and will continue to post the latest guidance on #COVID19.” Bloomberg studies that this tweet was “related to the hacking” and was issued as soon as the federal government realized a cyberattack had taken place. It additionally says that Secretary of State Michael Pompeo and different Trump administration officers are “aware of the incident,” based on nameless sources.

The report says that the hack, which was performed over a number of hours, overloaded the HHS servers with thousands and thousands. In a press release, Caitlin Oakley, spokesperson for HHS, confirms: “HHS has an IT infrastructure with risk-based security controls continuously monitored in order to detect and address cybersecurity threats and vulnerabilities. On Sunday, we became aware of a significant increase in activity on HHS cyberinfrastructure and are fully operational as we actively investigate the matter. Early on while preparing and responding to COVID-19, HHS put extra protections in place. We are coordinating with federal law enforcement and remain vigilant and focused on ensuring the integrity of our IT infrastructure.”

Newsweek has contacted NSA and the Department of State for remark.

iStock Cyber security
Stock picture: COVID-19 is getting used as a “lure” to unfold malware based on FireEye.

Coronavirus-related Cybercrime on the Rise

The HHS assault is one among many COVID-19-related cybercrimes going down the world over. According to cybersecurity firm FireEye, espionage actors from China, North Korea and Russia have been utilizing the pandemic to masks spear-phishing campaigns.

According to senior supervisor of intelligence evaluation, Ben Read, a Chinese group referred to as TEMP.Hex “likely leveraged” the Coronavirus theme to focus on entities in Vietnam, the Philippines and Taiwan in late February and early March. “The lures were legitimate statements by political leaders or authentic advice for those worried about the disease, likely taken from public sources,” Read informed Newsweek. The analyst defined the cybercriminals likely used SOGU and COBALTSTRIKE payloads to ship convincing paperwork to folks in these international locations. Once opened, a virus could be let free on the system.

Examples of malicious paperwork used as a part of a spear-phishing marketing campaign by espionage teams from China

Further, one other Chinese cluster focused Mongolia with a coronavirus lure utilizing POISONIVY malware—a backdoor broadly accessible within the underground market. According to Read, the doc shared contained “official statistics on infections in Mongolia” and was targeted on the Mongolian authorities.

Espionage teams from Russia—TEMP.Armageddon— and North Korea have additionally targetted organizations in close by international locations utilizing a COVID-19 theme. TEMP.Armageddon—which FireEye says is in help of Russian pursuits—despatched a spear phish with a malicious doc to Ukrainian entities. “This appeared to be a copied legitimate document,” says Read.

A South Korea NGO was despatched a spear phish with a Korean Language lure title “Coronavirus Correspondence”, explains Read. “We’re still analyzing this sample, but it has some similarities to previously observed North Korean activity,” he informed Newsweek.

North Korean document FireEye
An instance of a malicious doc used as a part of a spear-phishing marketing campaign from an espionage group from North Korea

How to Protect Against Coronavirus-Themed Spam

FireEye has additionally confirmed that’s it monitoring quite a few financially motivated actions that additionally use “Coronavirus-themed lures” to compromise victims.

“We’ve seen financially motivated actors using coronavirus-themed phishing in many campaigns, with dramatic month-over-month volume increases from January through to today,” the corporate informed Newsweek. “We expect continued use by both opportunistic and targeted financially motivated attackers due to the global relevance of the theme.”

Matt Shelton, director of expertise threat and risk intelligence on the cybersecurity firm, says organizations must do higher to guard their company environments from threats, particularly as many adapt to a distant and distributed workforce in instances of self-isolation and lockdowns. “Accessing corporate resources remotely creates an opportunity for attackers to blend in with the workforce,” he explains. “Many organizations lose visibility into malicious activity targeting remote workers and should deploy a multi-layer endpoint agent on all employee endpoints.

Jens Monrad, the company’s head of Mandiant threat intelligence in EMEA, adds that some lures claim to be from widely known healthcare sources such as the World Health Organization and use ransomware such as Emotet, Trickbot, Nanocore, AZORult, FormBook, Remcos RAT and AgentTesla.

“By benefiting from present occasions, risk actors are higher in a position to enhance their possibilities of getting access to targets of curiosity,” he explains. “[FireEye] anticipates that malicious actors will proceed to take advantage of populations’ senses of urgency, worry, goodwill and distrust to reinforce their operations, notably concerning occasions inside the medical area, authorities bulletins, financial implications, deaths of high-profile people, and civil disturbances.”

Consumers should also be aware of cybercriminal activity linked to advertisements selling items and kits for combating COVID-19. “[FireEye] has additionally noticed cybercriminal exercise on boards the place “sellers” have put out commercials for promoting gadgets and kits designed to take advantage of the present state of affairs,” he told Newsweek. “This may both be malicious virus monitoring maps or different malicious code utilized in COVID-19 campaigns.

“People should use government trusted sources for any information related to the current situation and, in the cases where they receive coronavirus related emails and were not expecting them, they should carefully examine why they are receiving them and consider not engaging with the emails.”

According to the Federal Trade Commission (FTC), Americans ought to take the next steps with regards to e-mail phishing:

  • Use good pc safety practices and disconnect from the web when away out of your pc—hackers cannot get to a pc when it is not linked to the web
  • Be cautious about opening any attachments or downloading information from emails you obtain
  • Download free software program solely from websites and belief
  • Report spam to the related e-mail suppliers—on the high of the message, state that it’s a criticism about being spammed
  • Mark spam messages as spam to maintain them out of the inbox
FireEye Criminal Phishing Example
An instance of prison phishing marketing campaign e-mail.

Leave a Comment