How could it be otherwise, the pandemic caused by COVID-19 is being used by cybercriminals of all stripes as a hook for their activities. For the most part, attackers resort to social engineering techniques to trick employees of companies and organizations.
This is reflected in the Cytomic Cyber Attacks report using the COVID-19, based on the analysis of hundreds of malware detections carried out by the Cytomic laboratory between March 12 and 25. The study has broken down two types of campaigns: SPAM related to the coronavirus and malicious domains.
To this end, Cytomic, a business unit of Panda Security, has examined email messages from all over the world whose sender is official organizations and apparently contains updates and recommendations related to the disease. Among the cases analyzed, the following have stood out:
- Phishing that impersonates a bank: Cytomic's laboratory detected that a campaign to send fraudulent emails that impersonate the identity of a major Spanish bank is spreading. The objective of this phishing is to direct its victims to a fake website to steal their access details to the bank.
- "Latest Coronavirus Updates": This campaign was detected in the UK. The email comes with an attachment in .dat format that supposedly contains the latest COVID-19 updates, but that file contains malware.
- “Coronavirus: Important Precautionary Information”: In the body of the email, the sender states that the attachment is a document prepared by the World Health Organization (WHO) and strongly recommends that readers download the attached compromise file from Microsoft Word. The malicious file contains a Trojan.
- "Exclusive: Coronavirus Vaccine Detected": This campaign links to more information about the alleged vaccine that actually contains the malware.
Malicious domains related to Coronavirus
On the other hand, the Cytomic laboratory has also detected a notable increase in domain names that use the word "crown" and that are combined with words that users also often use in their organic searches, such as "vaccine" or " emergency". Among the domains highlighted in the report are:
acccorona [.] comalphacoronavirusvaccine [.] com
anticoronaproducts [.] com
beatingcorona [.] com
cdc-coronavirus [.] com
contra-coronavirus [.] com
corona-crisis [.] com
corona-emergencia [.] com
María Campos, VP of Cytomic points out: “Cyber attackers are taking advantage of a situation of enormous gravity for our society and our economy through the interest aroused by COVID-19 for organizations and for all of us. Clearly, the first line of defense against your malware is always employee awareness and good cybersecurity practices, but large organizations can also count on the support of advanced technologies, which are capable of classifying all binaries before its execution, blocking those that are malicious and that also detect and cancel unusual behavior ”.
Source: Cytomic
0 Comments