Protect your data: Cybercriminals pose threats leveraging Covid-19


Invest in an assessment solution that can check the security posture of all devices. - File photo
Invest in an assessment solution that can check the security posture of all devices. - File photo

Dubai - Trickbot campaigns that have been active for at least six months.


Sandhya D'Mello

  • Follow us on
  • google-news
  • whatsapp
  • telegram

Published: Thu 19 Mar 2020, 8:01 PM

Last updated: Thu 19 Mar 2020, 10:26 PM

Work From Home (WFH) is no more just a option but a new normal, and businesses have turned prudent - ever since the outbreak of covid-19 - to protect their precious data.
The World Health Organisation (WHO), the US Federal Trade Commission (FTC), the US Cybersecurity and Infrastructure Security Agency (CISA) and the UK's NCSC have all published various advisories warning about the threats posed by cybercriminals seeking to capitalise on the fear and uncertainty surrounding covid-19.
There have been reports of scammers who created a fake version of the Johns Hopkins Coronavirus Map that should show the spread of infections, but is instead laden with the malicious AZURult malware, an information-stealing Trojan that exploits a four-year-old vulnerability to exfiltrate sensitive data from compromised systems. By patching the vulnerability [CVE-2017-11882, a memory corruption vulnerability in Microsoft Office's Equation Editor component] the system would be protected, even if an employee were to inadvertently visit the spoofed version of the website.

Maher Jadallah, regional director, Middle East, Tenable, said: "The best advice for everyone to protect themselves against digital threats leveraging the interest in covid-19 is to stay informed. If you receive an unsolicited e-mail with a covid-19 theme/message, question its authenticity, and, if there's any uncertainty then don't click on any links or open any attachments. Use trusted sources for up to date information, such as the local health organisation or World Health Organisation's website for the latest information."
A few measures may be helpful like limiting privileged accounts and protect those that are used; educate users on phishing attacks; importance of utilising strong unique passwords that aren't shared; controlling USB devices; and identifying software that isn't being used or is obsolete and remove it. Also, performing regular back-ups to roll-back to a previous stable version. Monitor network traffic for anything that deviates from the norm with policies in place that will either flag, ring-fence or even halt risky behaviour.
When introducing new working practices, do so securely. If providing access to data, make sure you have a mechanism to control that access and secure data in transit.
"Given that the workforce may not be using company-owned devices, it's worth investing in an assessment solution that can check the security posture of all devices, regardless of ownership, connecting to the corporate network. Identify any with exploited vulnerabilities and either patch or remediate the risk - this could mean stopping the device connecting until its been updated," added Jadallah.
Many covid-19 campaigns play on the fear and lack of information relating to the virus which encourages users to click on malicious links that will redirect them to malicious sites or download malicious content onto their systems. Types of attacks can range from Business Email Compromise (BEC) attacks, through to ransomware, credential acquisition, lateral movement and network reconnaissance.
So how do businesses minimise the chances of being attacked? "There are a number of simple steps you can take to minimise your risk, such as using a reliable anti-virus (AV) solution and following safe cyber hygiene practices such as strong password usage and never enabling macros in any attachments if you do open them. Users should be encouraged to search for and visit credible sites, such as offered by .gov departments, rather than following links in unsolicited e-mail correspondence. Everyone is urged to be vigilant at this time in relation to any emails or electronic communications purporting to be in relation to the support of those affected by the coronavirus," said Jonathan Miles, head of Strategic Intelligence and Security Research at Mimecast.
Typical activities right now relate to sites carrying "urgent" news regarding the covid-19 pandemic. These sites attempt to scam the victims into buying items such as facemasks and other preventative measures, says Chris Dale, SANS certified instructor and head of Cyber Security at Netsecurity.
"There have also been viruses being spread through similar campaigns, where the goal is to get users to install some piece of software, giving attackers control of the victims' computers. These computers can be used for monetisation purposes for cyber crime, or for cyber espionage. We are also seeing reports that the Iranian government published an application called AC19 to the Google appstore. This application was designed to pull users' phone numbers and to track their movements, all in the guise of a covid-19 prevention application. Such applications are likely to be used for espionage purposes," said Dale.
SophosLabs uncovered a new email spam attack targeting Italians with a document containing a macro loaded with Trickbot malware. The e-mail takes advantage of covid-19 fears by offering up a clickable document that allegedly includes a list of precautions to take to prevent infection. The operators of a Trickbot spam found a new way to spread their digital infection: by using fears of a biological one. The covid-19 twist to the e-mail spam message may be new, but the mechanisms used to deliver it (including the spam "bots" that send the message, the enclosed scripted Word document and the JavaScript dropper) are similar or identical to those used in Trickbot campaigns that have been active for at least six months. 
Harish Chib, vice president, Middle East & Africa, Sophos, said: "Whenever there is a topic of public interest like covid-19, we see cybercriminals try to manipulate our concern into an opportunity. Cybercriminals love a crisis, because it gives them a believable reason to contact you with a phishing scam. The main driving force behind phishing is financial gain. Cybercriminals often target employees who have access to company finances, trick them into making financial transfers to bank accounts controlled by the criminals. However, they also target those who manage business processes and IT controls, open organisations up to a range of attacks including ransomware and extortion."
Tips to protect data 
. Look out for spelling and grammatical errors. Not all crooks make mistakes, but many do
. Check the URL before you type it in or click a link.
. Never enter data that a website shouldn't be asking for
. Never use the same password on more than one site
. Turn on two-factor authentication (2FA) if you can
. Educate your users
. Never let yourself feel pressured into clicking a link in an email
. Don't be taken in by the sender's name

More news from