Microsoft has warned the public to be vigilant of the increasingly sophisticated scams cybercriminals are leveraging to exploit coronavirus fears and infect their machines with malicious software and means of identity theft.
Google has added to the warnings, saying that it is blocking more than 240 million spam messages containing false COVID-19 information laced with malware and phishing attempts every day, highlighting the scope of the problem the public faces. 18 million additional emails containing malware and phishing-specific tactics were weeded out by Google’s servers.
Earlier this week, Microsoft issued a statement via its Security Intelligence Twitter account saying the company has been “tracking a massive campaign that delivers the legitimate remote access tool NetSupport Manager using emails with attachments containing malicious Excel 4.0 macros. The COVID-19 themed campaign started on May 12 and has so far used several hundreds of unique attachments.”
It comes at a time where hackers are looking to exploit businesses and individuals alike that are fearful of the uncertainty surrounding the coronavirus, and their desperation for any news or updates from legitimate sources regarding the pandemic.
Hackers and scammers are always looking for topical news or fears to exploit for their campaigns, and the recent pandemic has provided them with ample opportunities for exploitation.
Microsoft explained that “the emails purport to come from Johns Hopkins Center bearing ‘WHO COVID-19 SITUATION REPORT.’ The Excel files open with a security warning and show a graph of supposed coronavirus cases in the US. If allowed to run, the malicious Excel 4.0 macro downloads and runs NetSupport Manager RAT.”
“The hundreds of unique Excel files in this campaign use highly obfuscated formulas, but all of them connect to the same URL to download the payload. NetSupport Manager is known for being abused by attackers to gain access to and run commands on compromised machines,” Microsoft explained.
In an interview with InfoSecurity Magazine, Erich Kron, a security advocate with KnowBe4 said that “the best thing organisations can do right now is to ensure that their employees have up-to-date training on how to spot and report phishing emails.”
“By reporting these, organisations can have them removed from their mailboxes, limiting the exposure of these attacks within the organisation.”
Tarik Saleh, a malware researcher also said that “the advice for organisations and employees is to remain vigilant to this new kind of threat and to deploy training as regularly as possible to make sure individuals remain aware.”
“Phishing is at its core an attack on people, and people remain the best defense against it, in addition to ensuring proper processes remain in place,” Saleh concluded.
Technology companies and authorities alike are urging anyone that has come in contact with a suspicious or blatantly false email from an unknown sender should report it to the relevant authorities.
If you require any additional information or guidance regarding an information security management system, get in contact with us at Best Practice to discover how your organisation could benefit from a system like ISO 27001, which is specifically designed to protect your organisation from cyber threats in your operations.