Protecting your organization during a pandemic

Spotting cyber scams quickly in the midst of the COVID-19 pandemic is critical for organizations to stay ahead in this unprecedented situation.

Across the world, attackers are capitalizing on the COVID-19 pandemic to spread malware to unsuspecting victims, and we’re already seeing a real uptick in phishing and targeted spear-phishing campaigns. Hackers are essentially using COVID-19 as click-bait to gain access to our personal information. Knowing what to look for, and how to head hackers off at the pass, can help you navigate these complex times.

What are hackers after?

The short answer: anything they can use to gain access to information.

Credentials are a prized target. Attackers are using domains that closely resemble legitimate websites in high demand – and associated email addresses – to get potential victims clicking through, sharing details, or inadvertently opening themselves up to malware that will do the digging for them.

Hackers are masquerading as legitimate organizations

In the US, hackers have spoofed the email persona of the Centers for Disease Control and Prevention (CDC) to further their fraud activity. Attackers have “spoofed” sending email addresses to closely mirror the CDC’s and fool recipients into clicking through.

The same goes for websites. Reports of fraudulent domains that closely resemble the CDC’s official website (www.cdc.gov) are on the rise. Emails containing links like cdc.org or cdcgov.org are popping up and redirecting users to fake login pages for Microsoft, Facebook and Google where attackers can steal users’ credentials.

Malicious sites masquerading as the CDC are also prompting users to donate cryptocurrency to fund vaccine research – another evolving element of the scam. This type of activity is beyond the control of organizations like the CDC and does not suggest any underlying security concerns with the spoofed organizations.

What should your organization be watching out for?

First things first, the phishing emails we’re seeing typically come in two shapes: they either contain malware as an attached Microsoft Office document, or purport to be a reputable organization (like the CDC). Regardless of the type of email, the goal is the same: hackers are hoping you’ll click the link and enter your credentials.

AZORult malware, appearing to have originated in Russia or Eastern Europe, is a great example of that. This campaign has been targeting the transportation, manufacturing, industrial, pharmaceutical and finance industries through malicious documents. It exploits a known Microsoft Office vulnerability which allows for arbitrary code execution on the victim’s machine. That means once it runs, the malware steals information from the victim’s machine and sends it back to the attacker.

AZORult is also circulating as a website that purports to show a map of the virus’ spread. Corona-Virus-Map[.]com is a sleek and polished website, claiming to provide live information. But the website is a hoax. It delivers a variant of AZORult malware through a file called corona.exe, tricking users into downloading it. Once it’s run, the malware is capable of screenshotting, information gathering and credential stealing.

How can you protect yourself and your organization?

Attackers will take full advantage of these types of situations – and you need to be prepared accordingly. Understanding how malicious activity is carried out is the first step to defending your networks and data.

Consider these tips as you work to prevent attacks:

• Obtain COVID-19 information directly from trusted sources.
• Conduct mock phishing exercises and educate employees on the dangers of phishing.
• Be cautious when viewing email from unknown senders. Check the email headers for suspicious sender addresses. If it doesn’t feel right, it might not be.
• Only open attachments of verified, trusted senders and – importantly – only those which you are expecting to receive.
• Be aware of links in emails and only click those that you can verify and trust.
• Ensure all systems are patched and the latest updates are installed.

Even during a pandemic, cybersecurity threats show no signs of slowing down. Visit ey.com/ca/cyber to find out how EY can help you mitigate threats and protect your business.

Reference articles:

• Malicious coronavirus map hides AZORult info-stealing malware
  
• Fake Coronavirus Messages Spreading Emotet Infections
  
• Phishing with the coronavirus for e-mail credentials
  
• Threat Actors Capitalize on Global Concern About Coronavirus in New Phishing Campaigns
  
• Trickbot campaign targets Coronavirus fears in Italy

EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity.