Security experts are tracking a range of new threats incidentally linked to the coronavirus that’s killed no fewer than 44,216 people worldwide. Where most see despair, some cyber criminals see opportunity.
Online, criminals are working to take advantage of the shocking changes to daily life thrust onto entire populations now forced to work from home—or sitting there idly nursing an insatiable craving for new information about the illness and its impact.
Dallas-area security firm Securonix said Tuesday its researchers were following malicious hackers working a number of coronavirus-related angles, including the use of weaponized covid-19 related documents in attacks on critical healthcare operations. It’s also seen a rise in attempts to capture security credentials from the world’s now-remotely employed workforce.
Researchers have seen crypto-ransomware disguised as a covid-19 “situation report” being widely circulated by email. After the coronavirus-themed document is opened, the user is presented with a demand for 0.35 Bitcoin ($2,270, at the time of writing) to unlock their files.
A variety of emails are pushing infected documents harboring malware used to steal user credentials, web browser cookies, cryptocurrency wallets, and other sensitive data. According to Securonix, the body of one such email claims the recipient may have been in contact with an infected person.
“You recently came into contact with a colleague/friend/family member who has COVID-19 at Taber AB, please print attached form that has your information prefilled and proceed to the nearest emergency clinic.”
In another example, attackers shared a link to a malicious covid-19 live map that mimics an actual interactive dashboard displaying global coronavirus infections produced by the Center for Systems Science and Engineering at Johns Hopkins University, as was also reported last month by security reporter Brian Krebs.
The map is part of a “digital Coronavirus infection kit” that was selling for $200 on a Russian language cybercrime forum, according to Krebs.
The rise in coronavirus-related attacks began in earnest around the beginning of last month. Forbes reported on March 12 a range of malicious domains had been quickly established and that phishing attempts referencing “COVID-19” were growing.
Security firm Recorded Future warned that cyber criminals frequently adopt trusted branding when trying to lure victims to open malicious links in files, including the World Health Organization and the U.S. Centers for Disease Control and Prevention.
Users are advised to take increased precautions when handling any links or emails related to the virus. You can find a list of best sources for information about covid-19 information here.