Hackers Sending Fake Coronavirus and HIV Results to Infect Organisations
“Coronavirus has been exhausting for us” - Cybersecurity Researcher Sherrod DeGrippo.
HIV and the recent pandemic of coronavirus have been the tools of preference for opportunistic cybercriminals in recent weeks, with security researchers saying that the rate of malicious emails being sent with false Coronavirus and HIV results has skyrocketed.
Cybersecurity firm Pointproof has published a post stating that hackers have relished the latest pandemic as an opportunity to spread a virus of their own making, launching a sensational and wide-sprawling deception campaign designed to get unwitting and vulnerable individuals to click malicious links.
The emails are often sent from email domains impersonating well-known, recognised and respected organisations like the World Health Organisation, government departments, hospitals, airlines, travel booking sites, national medical associations, universities and large organisations.
Interestingly, researchers have noted that more than 10% of Italian organisations - a country that has been hit extremely hard by the virus’ spread - received a malicious email purporting to contain vital information. These emails often contain a link or attachment, which redirects the user into downloading a package filled with software designed to infect your machine. More sophisticated forms of this malware can send data back to the hacker, and lift out anything from your browsing history, your emails, private messages, photos and even stored passwords.
According to a report from Buzzfeed News, “the fake emails are designed to look like they come from Valderbilt University, possibly to exploit the credibility of the Valderbilt University Medical Center. The emails, which include an attached spreadsheet labeled ‘test results’ have been sent to insurance, health care, and pharmaceutical companies. When downloaded, a user is prompted to install macros, which leads to them becoming infected with malware known as the Koadic Remoate Access Trojan.”
“Hackers are evolving their coronavirus messaging in line with the global response,” she report adds. “Knowing that many companies asked employees to work from home, the hackers send emails that claim to be from company HR departments or executives. The victim would be asked to sign into DocuSign or Microsoft word, which is when their credentials would be stolen.”
“We don’t typically see events like that,” said Sherrod DeGrippo, Proofpoint’s senior director of threat research and detection Natural disasters are very localized; events like the Olympics come and go and I think something like the Olympics doesn’t get the clicks that a health scare would.”
“It’s really the lure with the HIV test results and the use of a health university, that’s really the thing that’s interesting about this,” DeGrippo stated. “Using these really highly emotionally charged lures is becoming the standard… we’re just starting to see a move away from the shipping receipts and the invoices and the resumes into a trend of big emotional scare tactics and curiosity starters,” she concluded.
Limor Kessem, an executive security adviser at IBM Security said that the campaigns have been “very focussed on enterprise users, and came in a message what would look like it’s a reply to something or a warning that people are getting from the government. It could have been pretty effective at infecting company users,” he said.
Damage from these phishing emails is expected to rise this year, and the latest FBI report has uncovered $1.7 billion in losses each year. Otavio Freire, chief technical officer and co-founder of SafeGuard Cyber, said that “without the right security measures in place, a bad actor can easily impersonate a remote employee,” and then introduce malware into an organisation’s network.
“Knowing that more critical enterprise work will be conducted via these channels, hackers will focus more time, energy and effort to exploit them- they go where the action is.”