- Coronavirus Outbreak is presenting a new way for Cyber criminals.
- Many global organizations are getting huge phishing emails daily.
- Many people without any consent became the latest cyber attack victim.
yber-criminals always watch-out for an opportunity to perpetrate their cyber espionage activities; and this time, they are attempting to exploit the current coronavirus outbreak situation that is declared as a global healthcare and wellness emergency by the World Health Organization (WHO).
In recent time many corporate organizations who are working globally getting voluminous phishing attack, where the phishing email pretended to come from different chienese Supplier, manufacturers, Relations Group and used different common known domain to spread the infected email. The emails are mostly related to exploit the current coronavirus outbreak situation, and persuading recipient to fill an online form (malicious) to provide coronavirus’s impact information in their respective organizations.
According to the recent reports, security researchers have observed a steep increase in the use of phishing emails to perform multi-stage phishing attacks around the world, and below are the observed scenarios for your kind consideration:-
Cloud Infrastructure Attack
The first-stage infection vector begins with threat actors sending a phishing email with a link to a legitimate office productivity and file-sharing cloud services such as Microsoft OneDrive, SharePoint, and OneNote, hosting a document such as a PDF file. The phishing emails are made to resemble legitimate business, using real logos, addresses, and names. And upon clicking the link within the document, it redirects the victim to the second-stage phishing page, which is a standard Office 365 credential phishing page created by the threat actors, to gather the corporate account credentials of employees; using which they can get into the network, have access to sensitive data and can perform criminal activities.
Govt Domain Attack
This attack begins with threat actors sending malicious emails with a spoofed legitimate URL, for example a URL showing cdc[.]gov for information about the recent coronavirus. However, the URL is spoofed and if the user were to hover over the URL, it will reveal the concealed malicious link. Clicking the link redirects the users to a malicious website, which prompts them to enter their user name and password to their cloud account such as Office365, Google Drive, etc; or may even drop a malware or ransomware of to the user’s system to encrypt all the data on the computer.
Security researchers reported on another phishing attack using the Coronavirus theme. Threat actors send specially crafted emails with the subject line “Corona Virus,” along with malicious PDF attachment. Upon clicking the PDF, it prompts the victims to click on an image within the PDF file to be able to access the document. If the user proceeds, they are re-directed to the phishing page in the cloud that spoofs Office 365 or other cloud platforms such as Azure or Google Drive login pages, and prompts the victim to enter their user name and password for those accounts.
STOP Ransomware Attack
Additionally, the latest in series is “STOP” Ransomware, which is most widely distributed ransomware (with as many as 148 variants) by spear phishing emails or adware bundles that masquerade as software cracks, pirated games (warez), and free software downloads. When a user installs one of these said infected downloads, their computer will become infested with malicious browser extensions, click fraud trojans, adware, and the STOP Ransomware leading to encryption of all files of the computer, followed by deleting the Shadow Volume Copies so that recovery is not possible.
How to Protect Yourself
- Use extreme caution when opening e-mails and specifically with hyperlinks and/or attachments received from unknown senders, as it may contain viruses, worms or malicious software.
- Do not visit or download from less than reputable websites that can bring viruses or other malware into our network.
- Disable Macro in Microsoft Office applications by going into “Macro Settings”, in case they are enabled as default.
- Always ensure that your antivirus is updated with latest definition.
- Do regular Backup of your critical data files on network servers.