Four Cyber Attack Vectors to Watch for with COVID-19

COVID-19 Continues — and So Do the Cyber Attack Vectors

As the country continues to manage the ongoing coronavirus pandemic, cybercriminals continue their efforts to exploit the population via the recent shifts companies have undertaken to maintain productivity. Hackers have dramatically increased their attempts on work-from-home employees, with phishing attempts, ransomware, and other forms of information security attacks having increased by more than 500%. Now more than ever, it’s important for companies and employees to understand the cyber attack vectors criminals are using to exploit the COVID-19 situation.

Recently, we shared several recommendations for companies transitioning to remote work. These included technology recommendations such as using virtual private networks (VPNs) and activating multi-factor authentication (MFA). We also touched on security recommendations such as strengthening firewalls, increasing account-based user restrictions, expanding and promoting security-related education for employees on phishing attempts, and what to watch for with social engineering. 

Here, we’d like to explore more specific security recommendations and cyber attack vectors — some new, and some that continue to threaten companies’ ability to move forward. 

Remember, Inversion6 and our expert chief information security officers (CISOs) and managed security teams are here to help. If you’re experiencing an increase in unusual activity or have encountered new threats to your environment, reach out to our team today.

Four Cyber Attack Vectors Hackers Are Using Now

Phishing Campaigns

Personal and professional fear of COVID-19 is at an all-time high, and hackers are using that fear as an opportunity to take advantage of people. That, and the in-process stimulus payments have opened the door for even more opportunities for hackers to exploit people’s needs and fear. Most recently, Google saw 18 million phishing and malware spam emails per day. And that’s in addition to the 240 million spam messages pertaining to COVID-19 in general. 

Examples of messages include professional emails pretending to be sent from HR, Finance, or other internal departments related to payroll processing, benefits, account management, and so on that contain links to malware. These emails are designed to create a sense of urgency and exploit confusion, change, and concern. They may also include fear-inducing strategies or mention newfound cures. 

Continue to educate your employees not to open or click emails they weren’t expecting. Any phishing emails should be reported, and employees should be educated to look for legitimate email addresses and URLs, as many attackers go to great lengths to try and make their email information and links appear as credible as possible.

Themed Software

Hackers know that people are looking to protect themselves not only personally but also in their work environments. To that end, many have created false cybersecurity solutions. These tools, programs, and services claim to help prevent COVID-19-related attacks, typically posing as an anti-virus tool. In reality, these forms of malware actually install a BlackNet remote admin tool that can deploy a distributed denial of service (DDoS) attack.

In addition, these tools can take screenshots of information on a user’s screen, which might include sensitive company or customer data. They can also steal cookies for visited web pages, steal passwords, and execute program scripts for even more damage potential.

Train employees on what actual cybersecurity tooling your organization is using, what it looks like, and how it should be used. Communicate clearly that no other solutions are to be used on their devices and that any attempts or offers for COVID-19-related tools should be reported to information security.

MalSpam Campaigns

A malspam campaign is a long-term phishing campaign typically designed to appear as if it were coming from an organization or institution. It appears formal in nature or seeks to capitalize on newsworthy events. Most recently, a malspam campaign from Emotet — a Trojan horse malware — targeted people in Japan in an effort to trick people into downloading a Word document (i.e. malware) containing precautionary health measures for people in affected areas.

Other malspam campaigns are utilizing AZORult — a password-stealing virus — to get malware onto victims’ devices. Other malspam campaigns have focused on posing as a John Hopkins coronavirus map (a real location-based case checker), which instead is a form of malware.

COVID-19 Tracker

A final cyber attack vector comes as a malicious Android app that disguises itself as a COVID-19 tracker and installs ransomware called CovidLock. When the first cases of COVID-19 were confirmed, DomainTools researchers noticed a number of related domain registrations. One of these domains encourages people to download an Android app to track the latest cases. Once installed, the application changes the password of the device and prevents users from accessing everything except for the lock screen.

From there, users learn that their device has been locked and unless they pay the ransomware amount, everything on their device will be erased. Fortunately, a number of protective measures are in place to prevent this kind of ransomware, but it’s still important that any Android users within your organization with access to network tools and information only download approved apps and only from the Google Play store. 

This is also an opportunity to educate users on the importance of not clicking suspicious links, especially those that are health-related, in an email, text, or any other communication channel where such a message was unexpected.

Secure Your Organization Against These Cyber Attack Vectors

Inversion6 is here to support your organization during this challenging time. Hackers are actively taking steps to manipulate fear, panic, and confusion in people’s personal and professional lives, making it harder than ever to stay focused on security.

Our security operations center (SOC) provides 24/7/365 security monitoring of your environment for suspicious and/or malicious activity. Coupled with our knowledge of the latest threat intelligence, our managed security services team and chief information security officers (CISOs) are here to protect your organization against new and existing cyber attack vectors.

Contact our team below if you’d like to learn how we can provide an extra measure of reliable security for your organization now and for the future.