Pig With Lipstick

While we come to you with the best of intentions, cybercriminals only see opportunity. Unfortunately they are using this shift in mindset to prey on our concerns, fears, curiosity and new way of life. Cybercriminals are playing an age old game with new lipstick…

Email and SMS Phishing, using the subject of coronavirus or COVID-19 as a lure

Examples of phishing email subject lines include:

  • 2020 Coronavirus Updates
  • Coronavirus Updates
  • 2019-nCov: New confirmed cases in your City
  • 2019-nCov: Coronavirus outbreak in your city (Emergency).

These emails contain a call to action, encouraging the victim to visit a website that malicious cyber actors use for stealing valuable data, such as usernames and passwords, credit card information, and other personal information.

Malware distribution, using coronavirus- or COVID-19- themed lures

A number of threat actors have used COVID-19-related lures to deploy malware. In most cases, actors craft an email that persuades the victim to open an attachment or download a malicious file from a linked website. When the victim opens the attachment, the malware is executed, compromising the victim’s device.  We have seen this type of malware attacks that masquerade as Zoom meeting invites, Zoom meeting transcripts, SharePoint Faxes, MS Teams notifications, GoToMeeting invites, and many other commonly used tools in small and medium-sized businesses.

Registration of domains containing wording related to coronavirus or COVID-19

In a previous email we had shared information about a website registered with the word coronavirus that was masquerading as the Johns Hopkins infection map to exploit web visitors with malware. The number of these sites has continued to rise and there has been a dramatic increase in websites selling fraudulent products related to coronavirus protection.

Attacks against newly—and often rapidly—deployed remote access and teleworking infrastructure

Zoom meetings have been to go-to for many organizations and as a result have been targeted by threat actors.  We encourage those using Zoom to install updates when available, create meetings with passwords, and use the waiting room feature to manually admit participants to enter.  Other known vulnerabilities in Citrix, Micorosoft Remote Desktop Services (RDS), WIndows operating system, and VPN connections have also been exploited.  This is why we regularly monitor all managed workstations, laptops, servers, and network devices so that we can apply security patches when they become available.

SolutionWorx is committed to your success more than ever and feel that is our duty to remind you of the threats that continue to increase. We have built many layers of defense into your managed networks, desktops, laptops, applications, and email.  If you think something has slipped through the cracks and you may have fallen victim to these threat actors, please let us know so that we can take measures to help mitigate potential issues.

Source: https://www.us-cert.gov/ncas/alerts/aa20-099a