As the COVID-19 virus spreads around the world and we invest in hand sanitiser to protect our physical hygiene, many are falling victim to coronavirus phishing scams and failing to protect their cybersecurity hygiene.
In the face of this pandemic and the growing climate of fear and misinformation, leading information security professionals have given their advice on what steps to take to ensure online security is preserved despite emerging cyber threats…
Eric Howes, KnowBe4 Principal Lab Researcher:
“In reviewing the rising tide of spam and phishing emails following in the wake of the coronavirus as it spreads around the world, we are struck by a bit of succinctly-put advice from John Oliver about the proper way for handling yourself in the midst of this health crisis: “Don’t be complacent, and don’t be an idiot.”
What does that mean?
It means, first and foremost, paying attention, staying informed, and taking the precautions recommended by recognized medical authorities. It also means, though, that one should avoid trading in FUD — fear, uncertainty, and doubt — which only makes the crisis worse and could put the health and lives of real people at risk.
And, finally, if you’re working in IT, it means educating your employees about the kinds of malicious emails that are undoubtedly already landing in their inboxes and teaching them to spot and handle these emails correctly, lest your users end up opening the door for malicious actors to their own endpoint machines as well as your organization’s wider network.”
Lamar Bailey, senior director of security at Tripwire:
“With a large part of the workforce moving to working from home and many schools resorting to online learning during the pandemic, expect to see a rise in phishing and malware attacks. It is a great time for schools and employers to remind their employees and students of basic internet hygiene to go along with the increased focus on personal hygiene. Wash your hands and don’t clink on suspicious links!”
David Jemmett, CEO and Founder Cerberus Sentinel:
“Take caution with the fake Coronavirus message spreading. The attackers social-engineering attack is spreading more and more. The email looks legitimate but once opened, the attachment reveals a Microsoft Word document containing an Office 365 message that instructs users to enable content.
Victims who comply unknowingly cause the campaign to run an obfuscated VBA macro script. This script opens PowerShell, which installs a downloader for the Emotet trojan in the background. Emotet will send copies of itself to the victim’s contacts. Those messages may also be coronavirus related. Businesses can protect against Emotet by implementing a spam filtering solution that incorporates a sandbox where malicious documents can be nalysed in safety to check for malicious actions. This strain of Emotet is commonly carrying the newest version of Trickbot. This version of Trickbot uses a brand new UACbypass for Windows 10 machines called wsreset.exe To check if you are infected with Emotet, you can download the Emocheck utility (https://github.com/JPCERTCC/EmoCheck/releases) from the Japan CERT GitHub repository.
Once downloaded, extract the zip file and double-click on the emocheck_x64.exe (64-bit version) or emocheck_x86.exe (32-bit version) depending on your system architecture. Once running, EmoCheck will scan for the Emotet Trojan and alert you if it is found, what process ID it is running under, and the location of the malicious file.”
Speaking on AT&T’s ThreatTraq YouTube Channel, Jaime Blasco, Head of AT&T Alien Labs gave the following advice:
“For users, follow your training and follow common sense. If you get an email that has a call to action always double check things like: who is sending the email, the subject, the header, does it have any links, does it have any attachments and if you have any doubts about the origin or whether or not you should click, report this to you security teams or just ignore the email, if it’s something urgent, it’s very likely that it will come through another source as well.”
Stuart Sharp, VP of Solution Engineering at OneLogin had the following comments on a new threat in the form of Coronavirus maps:
“These ‘Coronavirus Maps’ are the latest in a long line of examples of cybercriminals exploiting current events in order to target users with malicious malware.
In this case, AZORult malware is stealing personal user information such as usernames and card details. Attackers are trying to get an emotional response from individuals by forcing them to click on the link without thinking.
Just as medical professionals are advising people to take basic health precautions and remain calm, people should do the same online by using the S-T-O-P principle: (1) Stop- (2) Take a Deep Breath- (3) Opportunity to Think- (4) Put the email into Perspective and report the phish.”