Phishing Software Costs $200 Per Set, Black Hat Hackers Make a Fortune From the Epidemic
On one hand, the new coronavirus is raging around the world, while on the other hand, computer viruses are taking advantage of the chaos to do evil. For ordinary people, the new coronavirus epidemic is a disaster, but for hackers, it is a once-in-a-lifetime opportunity to spread viruses.
The global spread of the new coronavirus is worrying, but hackers are secretly delighted and have started a "carnival."
They are taking advantage of people's fear of the coronavirus to commit crimes. For example,Emails and apps spread malware to defraud money and information.
Countries with severe epidemics, such as Italy and the United States, have become the number one targets for hackers to take advantage of the situation.
WHO and CDC suffer twice as many cyber attacks as usual
Over the past few days, multiple COVID-19-themed cyberattacks and malware have swept the world.
During this period, authoritative health organizations such as the World Health Organization (WHO) and the U.S. Centers for Disease Control and Prevention (CDC), which have attracted much attention, have been the first targets of hackers' attacks.
Earlier this month, hackers attempted to break into the WHO, Reuters reported. Although the intrusion was unsuccessful, the WHO said,The number of cyber attacks they have encountered has doubled compared to before.This included an attempt to impersonate the WHO's internal email system in order to obtain staff passwords.
Tencent Security Threat Intelligence Center also recently detected that hackers forged CDC as the sender and delivered documents with Office Formula Editor vulnerabilities to the target user's mailbox. The recipient opened the document on a computer with the Office Formula Editor vulnerability (CVE-2017-11882).This may trigger the vulnerability and download the commercial remote control Trojan Warzone RAT.
Key points: Beware of three types of cyber attack routines
At present, the use of COVID-19 to carry out cyber attacks can be mainly divided into the following three categories:
1. Phishing Emails
Phishing is one of the most common attack techniques. Almost immediately after the number of confirmed cases of COVID-19 began to increase in January this year, email phishing campaigns using deceptive titles related to COVID-19 appeared.
Health organizations such as the WHO and CDC have become prime targets, having observedAttackers use important security files or infected maps as bait to trick users into clicking URLs or downloading files.
In February of this year, a user started a thread on the well-known Russian-language cybercrime forum XSS,Promoting a new COVID-19-themed phishing scheme.
The subject lines of these emails included industry-specific analysis reports and details of official government health advice, as well as sellers offering masks or other information about operations and logistics during this time.
Claims to deliver malware disguised as virus heatmap
The phishing scheme is throughDisguised as virus outbreak maps, email attachments are used to spread malware.The attached file contains real-time data from the WHO. The map itself is a parody of a legitimate map created by the Center for Systems Science and Engineering (CSSE) at Johns Hopkins University.
The ProgramThe price is $200.If the buyer also requires a Java CodeSign certificate, the price is $700.
Another phishing scam isImpersonating an official email from WHO.
The email contained a link to a document purportedly about preventing the spread of viruses, but when clicked, the victim was directed to a malicious domain that attempted to obtain certificates.
Such emails often contain several grammatical and formatting errors that attackers can exploit to narrow their victim pool and bypass spam filters.
2. Malicious apps
Although Apple has restricted COVID-19-related apps in its App Store and Google has removed some related apps from the Play Store, malicious apps are still hard to guard against.
DomainTools, a US domain hosting site, discovered a website that urged users to download an Android app that provides tracking and statistics about COVID-19, including infection heat maps.The app actually contained Android-targeting ransomware, now called COVIDLock.
Lock the screen and demand ransom in exchange for unlocking. Pictured is the ransom note of the software
The ransom note of the software demands,Pay $100 in Bitcoin within 48 hours.and threatened to delete the victim's contacts, pictures and videos, as well as the phone's memory.
DomainTools reports that domains associated with COVIDLock have previously been used to distribute porn-related malware.
3. Unsafe Terminals
With so many employees now working remotely, there is an increased risk surrounding endpoints and the people who use them.
If employees don't update their systems regularly,Devices that employees use at home may become more vulnerable to attack.
Prolonged working from home may also encourage users to download shadow apps onto their devices or ignore the security policies they would normally follow in the office.
And some who choose to work from cafes may still be vulnerable to theft, device loss or man-in-the-middle attacks.
WHO Tips: How to prevent phishing?
For various means of cyber attacks, WHO has promptly released relevant prevention methods to the general public.
The only appeal currently being made by WHO is for COVID-19 Solidarity Response Fund, the link is as follows:
https://www.who.int/emergencies/diseases/novel-coronavirus-2019/donate
therefore,Any other funding or donation from WHO is a Scam!
In addition, the WHO also gave detailed prevention advice for online phishing emails sent by users taking advantage of the COVID-19 emergency:
- Be wary of providing sensitive information such as usernames or passwords
- Before clicking on a link, carefully review the domain name;
- Before opening an email attachment, carefully check the sender's email address.
-- over--