Spread awareness on cyber threats surrounding covid-19

COVID-19 Cyber Attacks

As a web security company, over the past weeks, we have been witnessing an increased amount of website exploitation attempts. Unfortunately, many threat actors have started to abuse the panic and discomfort of the COVID-19 pandemic to conduct special crafted malware and phishing attacks worldwide.

This page is a hand-curated list of the cyber attacks and threats related to the global pandemic.

As an increased amount of work now happens online, this page serves the purpose of making it easier to spread awareness. We welcome everyone to contribute with additional information and suggestions via the contact form below.

DateThreat descriptionTypeWarn your peers!
12.05Businesses Underestimate COVID-19 Cybersecurity RisksMisc
Show less
Show more

Type: Misc

According to the study, half of business leaders don’t think there is an increase in attacks due to COVID-19. Also, this attitude is spilling over into security training for remote employees. According to the report, although 56% said WFH increased due to the virus, and 60% are using their own devices for work, about half of the respondents said they aren’t offering security education that focuses on remote work and there is no guarantee that those personal devices have adequate security to meet corporate guidelines.

Useful links:

Warn your peers!:

11.05InfoStealers Weaponizing COVID-19Malware

Type: Malware

Infostealers are not new, some have been around since 2013, like Hawkeye, while the relatively new one is the 404 Keylogger, which first surfaced on a Russian dark web forum in August 2019.

Infostealers are designed to collect a wide range of information such as usernames, passwords, and bank details via the use of typical keyloggers. Some of them evolved into more sophisticated versions capable of stealing WiFi passwords (like Agent Tesla), system and network information (Trickbot), or the contents of cryptocurrency wallets (for example, Trickbot and Hawkeye). Like many attacks, these infostealers were typically distributed via spam email campaigns (or malspam). To increase the infection rate, the actors behind the attacks normally use emails with themes based on current news or events. COVID-19 is on literally everyone’s mind these days, so the chances of convincing a victim to open a message may be substantially increased, or at least that is the attacker’s hope.

Useful links:

Warn your peers!:

08.05DocuSign users targeted with COVID-19 themed phishingPhishing

Type: Phishing

Email Attack: The attacker sent an email impersonating an automated email from Docusign, copying the content used by real emails from this company. The email claims that there is a document sent to the user for review from CU #COVID19 Electronic Documents, with no further details of what the document is.

Payload: The payload link is hosted via three main redirects: the first is a sendgrid redirect, then via two compromised websites. The attack contains these link redirects in order to confuse their victims, and to bypass simple URL detection in emails that aren’t able to crawl numerous redirects. The final website hosts a fake DocuSign login page to steal user credentials.

Result: Should recipients fall victim to this attack, their login credentials to their DocuSign account as well as the business email account associated with that account would be compromised. Sensitive information stored on these accounts are at risk as well.

Useful links:

Warn your peers!:

07.055 cybersecurity lessons during COVID-19 pandemicMisc

Type: Misc

1. We Know It Is Coming
- For decades, public health planners have been warning that there would be a novel (no-immunity) disease that would spread across the globe and cause damage and destruction.

2. We Planned for This
- we have in both cases not heeded the lessons we have war-gamed. The contingency plans we have developed all too often simply sit in a binder on a shelf, and even when they are needed, they are not referenced.

3. We Stopped Dedicating Resources
- We knew we would need the ability to expand hospital and ICU capabilities rapidly, at a time when supply chains would be stretched and tested. We simply stopped dedicating resources to this effort and focused (understandably) on more immediate needs. The same is true for cybersecurity.

4. We Lack Coordination
- In the event of a massively impactful cyberattack, it will be important to be able to coordinate responses. If the attack is a computer virus, worm or other malware, it will need to be isolated, analyzed and remediated, hopefully in a coordinated manner. In the early days of such viruses and worms (e.g., the 1988 Morris worm) we had no effective way of communicating about such malware.

5. We Are Irrational When it Comes To ‘Risk’
- Our natural response is to think that the efforts were wasted and the resources improperly allocated. The same is true with cybersecurity: Conventional wisdom is that we should spend about 10% of our IT budget on security-related items. If we do a great job, it appears to the outside world that this money was wasted because nothing happened.

Useful links:

Warn your peers!:

07.05Nigerian cyber criminals operate COVID-19 BEC schemesBEC

Type: BEC

Nigerian cybercriminal actors are shamelessly exploiting the COVID-19 pandemic to infect government health care agencies, academic medical programs, medical publishing firms and more with malware, largely for the purpose of conducting Business Email Compromise operations.

Useful links:

Warn your peers!:

23.04Why Consumers, SMBs Are Likely to Fall for Coronavirus ScamsMisc

Type: Misc

Consumers' and small-business owners' expectations and attitudes toward government communications could make them more susceptible to coronavirus-related cybercrime, new data shows.

Since WHO declared a pandemic on March 11, IBM X-Force has seen an increase of more than 6,000% in COVID-19-related spam. Phishing lures.

IBM Security and Morning Consult polled 2,333 small-business owners and members of the general population in early April.

The one big takeaway from this survey for me is the lack of skepticism and willingness of consumers and small-business owners to engage with emails and the misunderstanding of how they would receive communications - says IBM X-Force threat researcher Ashkan Vila.

Read more from the link below.

Useful links:

Warn your peers!:

23.04White-Hat Hackers Help ‘Fold’ COVID-19 ProteinsMisc

Type: Misc

Some 200 security experts including former members of the famed 1990s-era hacking collective L0pht, Metasploit creator HD Moore, and Black Hat and DEF CON founder Jeff Moss are donating their computing power - including some password-cracking processors and gaming systems - to help run simulations of the dynamics of COVID-19 virus proteins.

The effort is part of the so-called Folding@home project that for 20 years has been employing crowdsourced computer-processing power to help run molecular calculations for diseases including cancer and Alzheimer's disease - and most recently for COVID-19.

Folding@home is a voluntary botnet of sorts - a distributed network of computers that each pitch in to run parts of the process and send the data to the labs. To date there are some 100,000 participants.

It's people stuck at home and [wanting] to feel like they are doing something to help in the COVID-19 crisis, he says.

Useful links:

Warn your peers!:

22.04Google Sees State-Sponsored Hackers Ramping Up Coronavirus AttacksMisc

Type: Misc

Google's Threat Analysis Group published findings of two of the state-sponsored campaigns it's been tracking.

One targeted US government employees through their personal email accounts with phishing messages posing as coronavirus-related updates from fast-food chains.

If victims clicked the links, they were taken to phishing pages aimed at collecting their Google login credentials. TAG says that Gmail automatically marked the vast majority of these emails as spam and blocked the malicious links. It is identifying more than 240 million COVID-related spam messages per day, and that the previous week it had detected 18 million phishing and malware emails related to the pandemic each day. Overall, Gmail blocks more than 100 million phishing emails daily.

The second one has been new campaigns targeted at international health organizations, public health agencies, and the individuals who work for them.

Google hasn't seen an increase in phishing attacks overall as a result of the pandemic.

Useful links:

Warn your peers!:

17.04Google blocks 18 million malware and phishing emails related to COVID-19 each dayPhishing

Type: Phishing

Every day, Gmail blocks more than 100 million phishing emails. During the last week, we saw 18 million daily malware and phishing emails related to COVID-19. This is in addition to more than 240 million COVID-related daily spam messages.

The phishing attacks and scams that Google is seeing use both fear and financial incentives to create urgency to try to prompt users to respond.

See the examples on the link below:

Useful links:

Warn your peers!:

16.04Coronavirus-Related Spear Phishing Attacks See 667% Increase in March 2020Phishing

Type: Phishing

Barracuda researchers have seen a steady increase in the number of coronavirus or COVID-19-related spear-phishing attacks since January 2020, but they have observed a recent spike in this type of attack, up to 667-percent since the end of February 2020.

Between March 1 and March 23, 2020, Barracuda Sentinel has detected 467,825 spear-phishing email attacks, and 9,116 of those detections were related to COVID-19.

Of the coronavirus-related attacks detected through March 23, 54% were scams, 34% were brand impersonation attacks, 11% were blackmail, and 1% are business email compromise.

Useful links:

Warn your peers!:

09.04FBI public service announcement about the increased cyber threats surrounding COVID19 pandemicMisc

Type: Misc

As of March 30 2020, the FBI's Internet Crime Complaint Center (IC3) has received and reviewed more than 1,200 complaints related to COVID-19 scams. In recent weeks, cyber actors have engaged in phishing campaigns against first responders, launched DDoS attacks against government agencies, deployed ransomware at medical facilities, and created fake COVID-19 websites that quietly download malware to victim devices.

FBI shares DOs and DONTs about the following topics:
- Teleworking (Remote work online)
- Education Technology Tips
- BEC (business email compromise) Tips
- Cyber Crime Vulnerability Tips

Useful links:

Warn your peers!:

08.04The exposure to compromised e-commerce websites is greater than ever. 26% increase in web skimming in March.Malware

Type: Malware

Crisis events such as the current COVID-19 pandemic often lead to a change in habits that captures the attention of cybercriminals. With the confinement measures imposed in many countries, for example, online shopping has soared and along with it, credit card skimming.

According to the latest Malwarebytes statistics, web skimming increased by 26 percent in March over the previous month. The second observation is how the number of web skimming blocks increased moderately from January to February (2.5%) but then started to go up from February to March (26%). While this is still a moderate increase, Malwarebytes believes it marks a trend that will be more apparent in the coming months.

Useful links:

Warn your peers!:

08.04‘Latest vaccine release for Corona-virus(COVID-19)’ malspam spreads NanocoreRAT malwareMalware

Type: Malware

Another email impersonating WHO that claims to have document attached that includes latest news on COVID19 vaccine release. The attachment is a rar archive that includes .exe file which is a Nanocore RAT malware.

Useful links:

Warn your peers!:

08.04NCSC Advisory: COVID-19 exploited by malicious cyber actorsMisc

Type: Misc

A joint advisory from the United Kingdom’s National Cyber Security Centre (NCSC) and the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) released a practical advice for individuals and organisations on how to deal with COVID-19 related malicious cyber activity.

The advisory provides information on exploitation by cyber criminal and advanced persistent threat (APT) groups of the current coronavirus disease 2019 (COVID-19) global pandemic. It includes a non-exhaustive list of indicators of compromise (IOCs) for detection as well as mitigation advice.

Useful links:

Warn your peers!:

07.04Fake COVID19 website is spreading FirebirdRAT via fake DHL emailsMalware

Type: Malware

Abuse.ch alerted people about a website that sends fake DHL emails to infect victims with FirebirdRAT malware.

URL of the site:
- unfoundation[.]website

Useful links:

Warn your peers!:

06.04Rush to adopt online learning under COVID-19 exposes schools to cyberattacksMisc

Type: Misc

As the COVID-19 pandemic rages, education is at risk, too. Recently homebound students attend school in record numbers via online edtech platforms, e-learning environments and video conferencing.

Since malicious actors nationwide have been hijacking video teleconference calls (aka Zoom-bombing) in order to deliver offensive or threatening content, there have been issues like one where an unauthorized party interrupted a school lesson to shout profanity and yell out a teacher’s home address, and another where an unidentified person showed off swastika tattoos.

It is recommended that educational institutions minimize private information contained within e-learning platforms, opt for a software-as-a-service solution over a local client, block third-party providers from direct access, and audit vendors and their security documentation.

Useful links:

Warn your peers!:

04.04Sophisticated COVID-19–Based Phishing Attacks Leverage PDF Attachments and SaaS to Bypass DefensesPhishing, Malware

Type: Phishing, Malware

Attackers have adopted multi-stage attacks leveraging email, PDF attachments, and trusted SaaS services.

Menlo Security’s research team has identified a sophisticated attack that combines multiple techniques to bypass existing defenses. The attack was very well thought out and required upfront research and planning by the attacker. The goal of the attack was to steal the credentials of the targeted users.

The attack targeted about 100 companies, mostly in Asia and a few in the U.S. The targets were large companies that operated over multiple geographies.

The attacks included the following elements:
- Personal email from the CEO communicating critical COVID-19 employee information.
- Hosted form on a Microsoft service to steal logins and passwords.
- PDF attachment with an obfuscated URL to bypass traditional security products.

This attack was successful in bypassing existing security defenses and was very effective in getting people to click on the URL to go to the hosted form on the Microsoft service.

Menlo Security believes that more sophisticated attacks such as the one described will increase in frequency. With the initial surge in COVID-19–related attacks, the low-hanging fruit for attackers has already been picked.

Useful links:

Warn your peers!:

04.04CDC Warns of COVID-19-Related Phone Scams, Phishing AttacksPhishing

Type: Phishing

Members of the general public are receiving calls appearing to originate from CDC (Centers for Disease Control and Prevention) through caller ID. They are also receiving scammer voice mail messages saying the caller is from the CDC. Some calls are requesting donations.

Downloadable apps and some free websites now make it simple for anyone to “spoof” a phone call and make it appear to come from any phone number.

Unfortunately, current technology doesn’t make it easy to block these spoofed calls, either on business or personal phones. A spoofed call does not mean that anyone’s telephone has been hacked, so you can simply hang up.

These calls are a scam and are referred to as “government impersonation fraud,” meaning criminals are impersonating government officials for nefarious purposes.

To protect yourself from falling victim to these scams, be wary of answering phone calls from numbers you do not recognize. Federal agencies do not request donations from the general public. Do not give out your personal information, including banking information, Social Security number or other personally identifiable information over the phone or to individuals you do not know.

Useful links:

Warn your peers!:

03.04Malware spread via pirated COVID-19 themed WordPress pluginsMalware

Type: Malware

The WP-VCD malware for WordPress has existed for many years. It mainly spreads by injecting itself into legitimate plugins and themes after which it will spread itself on sites that offer downloads to (nulled) WordPress plugins and themes.

During the corona-virus pandemic, the WP-VCD malware has also started injecting itself into plugins that can show statistics related to the corona-virus.

Sites that spread malware infected nulled (pirated) WordPress plugins/themes:
- www[dot]downloadfreethemes[dot]co
- themesubmit[dot]com
- www[dot]downloadfreethemes[dot]space
- freesoft[dot]royalbeats[dot]in
- freedownloadthemes[dot]co
- raybans[dot]com[dot]co
- coursefree[dot]co

Useful links:

Warn your peers!:

02.04Cyber Attack Disrupts COVID-19 Payouts: Hackers Take Down Italian Social Security SiteTargeted attack

Type: Targeted attack

Hackers have forced the Italian social security website to shut down for a period, as the most vulnerable in society started their claims for a €600 ($655) crisis payout.

The general director of Italian welfare agency INPS, Pasquale Tridico, told the state broadcaster RAI on April 1 that there had been several hacker attacks across the previous few days.

"They continued today, and we had to close the website," Tridico said. This at the same time as the site was receiving 100 application requests per second, according to Tridico.

Useful links:

Warn your peers!:

02.04Vulnerability Researchers Focus on Zoom App’s SecurityMisc

Type: Misc

As more and more people work from home, Zoom has become an essential tool for video conferences and meetings.

Over the past month, researchers have begun turning up security and privacy flaws in the application, which has had success as a brand during the pandemic.

The sudden popularity of Zoom has added to the scrutiny. Zoom's business has expanded from about 10 million meeting participants per day in December 2019 to more than 200 million meeting participants per day in March.

At least three issues have been publicized in the last month.

1. Zoom chat could be used to post links in the universal naming convention (UNC) format, which could be used to capture a username and password hash if a user clicked on a link that connected to a server message block (SMB) server.
2. Another researcher publicized two other issues with Zoom on the macOS operating system — a privilege escalation attack and a code injection attack.
3. There also was an example of exploiting the Zoom Windows client using UNC path injection to expose credentials for use in SMBRelay attacks.

Useful links:

Warn your peers!:

02.04As unemployment claims soar, cyber workforce remains strongMisc

Type: Misc

Of the nearly 10 million Americans who recently have filed for unemployment insurance – 6.6 million this week and 3.3 million the week before – as the coronavirus pandemics shut down businesses and the economy, the cybersecurity workforce seemingly has been spared.

For companies that remain operational the need to have someone standing guard is even more important as criminals go after hospitals with ransomware attacks, targeting those expecting federal financial aid or offering phony retail advertisements via texting to coerce people into clicking.

Chris Morales, head of security analytics at Vectra, noted that much like those manning other frontline positions in the war on COVID-19 he is seeing security staffers working even harder right now.

Useful links:

Warn your peers!:

02.04Hackers linked to Iran target WHO staff emails during coronavirusTargeted attack

Type: Targeted attack

Hackers working in the interests of the Iranian government have attempted to break into the personal email accounts of staff at the World Health Organization during the coronavirus outbreak, four people with knowledge of the matter told Reuters. Attacks show how the WHO and other organizations at the center of a global effort to contain the coronavirus have come under a sustained digital bombardment by hackers seeking information about the outbreak.

WHO spokesman Tarik Jasarevic confirmed that personal email accounts of WHO staff were being targeted by phishing attacks, but said the WHO did not know who was responsible. To the best of our knowledge, none of these hacking attempts were successful - he said.

Useful links:

Warn your peers!:

01.04Remote Working Cybersecurity ChecklistMisc

Type: Misc

CM-Alliance has created a remote working cybersecurity checklist that will help companies with risk management.

An easy to understand, to-the-point cybersecurity checklist covering various aspects of working remotely. Topics include:

- Cybersecurity
- Privileged Users
- Online meetings
- GDPR & Privacy
- Incident Response
- Backups and more

A checklist for managers in organizations that are managing remote teams.

Useful links:

Warn your peers!:

31.03Coronavirus Trojan Overwriting The MBRMalware

Type: Malware

SonicWall Capture Labs Threat Research team recently found a new malware taking advantage of the CoViD19 pandemic which makes disks unusable by overwriting the MBR.

Upon execution, a number of helper files are dropped inside a temporary folder. You can see the infection cycle explained with details from the article.

Useful links:

Warn your peers!:

31.03Criminals Resurrect A Banking Trojan To Push COVID-19 Relief Payment ScamRansomware

Type: Ransomware

Bad actors around the globe are doing everything they can to capitalize on Coronavirus fears. They’re using every tool at their disposal including some that haven’t been seen for several years. Compromised systems become host to a banking Trojan. IBM X-Force notes that, like the version of Zeus Sphinx that went dormant three years ago, the current campaign is focusing on U.S., Canadian, and Australian bank accounts.

An example phishing email shared by the researchers reveals a relatively unsophisticated attack. While there are no glaring spelling or grammar mistakes to tip off would-be victims, the attachment itself is a giant red flag. Even if you were to open the attached document, there’s another red flag inside. The booby-trapped Word document asks recipients to enable macros.

Useful links:

Warn your peers!:

30.03Indian Cybercrime Officials Release a List of Potentially Dangerous Coronavirus-related DomainsPhishing

Type: Phishing

The cybercrime division of New Delhi, India, warned the public to be vigilant about malicious Coronavirus-related websites. The officials also tweeted a list of fake or potentially dangerous websites, urging people not to click on them.

Following domains are listed as potentially dangerous:

coronavirusstatus[.]space
coronavirus-map[.]com
canalcero[.]digital
coronavirus[.]zone
coronavirus-realtime[.]com
coronavirus[.]app
coronavirusaware[.]xyz
coronavirusaware[.]xyz
corona-virus[.]healthcare
survivecoronavirus[.]org
vaccine-coronavirus[.]com
coronavirus[.]cc
bestcoronavirusprotect[.]tk
coronavirusupdate[.]tk

“Fake links related to the pandemic are sent by criminals claiming to be health authorities, with the aim of tricking victims into connecting to a specific webpage and to log in their real email address and password. Scammers then use their credentials to access sensitive information and potentially to steal their money.”

Useful links:

Warn your peers!:

30.03Phishing Attack Says You’re Exposed to Coronavirus, Spreads MalwareMalware

Type: Malware

Cybercriminals are using a new phishing campaign that tells victims they've come in contact with someone diagnosed with COVID-19 and tricks them into downloading malware.

The campaign pretends to be from a local hospital telling the recipient that they have been exposed to the Coronavirus and that they need to be tested.

The text of this email reads:

Dear XXX

You recently came into contact with a colleague/friend/family member who has COVID-19 at Taber AB, please print the attached form that has your information prefilled and proceed to the nearest emergency clinic.

Maria xxx
The Ottawa Hospital General Campus
501 Smyth Rd, Ottawa, ON K1H 8L6, Canada

When a user opens the attachment. they will be prompted to 'Enable Content' to view the protected document.
If a user enables content, malicious macros will be executed to download a malware executable to the computer and launch it.

The installed malware performs behaviors like searching for cryptocurrency wallets, stealing web browser cookies, gets a list of programs running on the computer and more.

Useful links:

Warn your peers!:

30.03Phishing Attacks Increase 350 Percent Amid COVID-19 QuarantineMalware, Phishing

Type: Malware, Phishing

According to a report from Google, these nefarious actors are proving to be very successful. Google found there were 149,195 active phishing websites in January. That number rose by 50 percent in February to 293,235 websites. Now, in March, there are 522,495—a 350 percent increase since the beginning of the year.

A major factor in the rise of these scams is fake COVID-19 websites, which may promise a cure or treatment in exchange for personal information. A security company has tracked coronavirus keywords to determine that over 300,000 suspicious COVID-19 websites have been created between March 9 and March 23.


What can you do about these phishing attacks?

- Pay attention to the websites you go to—the URL is usually a dead giveaway.
- Open only those emails that come from a trusted source.
- Use a password manager.
- Use a VPN to keep your information safe and privacy intact.

Useful links:

Warn your peers!:

30.03Investigate | COVID-19 Cybercrime Daily UpdateMisc

Type: Misc

RiskIQ’s team of trained intelligence analysts began compiling disparate data and intelligence related to COVID-19 into comprehensive daily reports.

Useful links:

Warn your peers!:

25.03F-secure summary of COVID-19 email attacksScam

Type: Scam

F-Secure has observed more and more coronavirus-themed attacks appearing in the wild. While people across the globe are beginning to restrict their movements in hope of curbing the spread of the coronavirus, spammers and phishers are out in full force. They want to take advantage of the online demand for information about the pandemic.

Here are the categories which are covered:
- Malspam campaigns
- Mask scams

Malware that’s been employed in these campaigns include:
- Emotet and Trickbot: modular threats that deliver different payloads to different targets. Emotet was originally a banking trojan that was updated/upgraded to include new capabilities, such as infostealing and malware delivery. It is known to deliver Trickbot, which then delivers Ryuk ransomware.
- Agent Tesla: an infostealer that has keylogging capabilities for stealing email credentials and passwords from browsers.
- Formbook: an infostealer that collects victim’s sensitive information, such as passwords/credentials from browsers.
- Lokibot: an infostealer that collects email credentials and passwords from browsers, FTP clients and CryptoCoin wallets.
- Remcos RAT: a remote access tool used by cyber criminals that allows attacker to control a victim’s system remotely, and execute commands.

Useful links:

Warn your peers!:

25.03Fake HM Government SMS / website scamScam

Type: Scam

Kieren Niĉolas, a cybersecurity specialist, who specialises in Incident Response (CSIRT/CERT) warns people about a number of large scale campaigns to phish users, using their anxiety with short term funding problems. SMS message impersonates HM Governments to send out malicious link with a cloned HM Governments website with a message to offer financial support due to COVID-19 pandemic.

Kieren adds: The site has been marked by all major browsers as deceptive, and we have taken steps to shut down the site, along with many others. However, people with older, unsupported phones with out of date browsers may still be able to see the site. Please make sure you talk to older loved ones, and they will still be vulnerable.

Quick advice on any messages regarding this:
- Read it fully
- Pause
- Get someone else to read it
- Double-check the URL
- Report it

Useful links:

Warn your peers!:

23.03Coronavirusmedicalkit.com “predatory wire fraud scheme” shut downScam

Type: Scam

A website claiming to offer a coronavirus vaccine has been taken offline after the US Department of Justice (DoJ) filed its first enforcement action to combat fraud relating to the Covid-19 pandemic. The operators of the website ‘coronavirusmedicalkit.com’ are accused of engaging in a “predatory wire fraud scheme” seeking to profit from the confusion and widespread fear surrounding the disease. “Information published on the website claimed to offer consumers access to World Health Organization (WHO) vaccine kits in exchange for a shipping charge of $4.95,” the DoJ said.

Useful links:

Warn your peers!:

22.03COVID-19: Impact on the Cyber Security Threat LandscapeStudy

Type: Study

Society as we know it is experiencing one of the worst pandemics of this century. The COVID-19 pandemic has had a massive impact in the world and has grinded several countries to a standstill already.

During these times cyber security is of even more importance,as the environment is just right for cyber criminals to strike. This paper examines the cyber security threat landscape during the COVID-19 pandemic. The paper takes a snapshot in time as to where we are now, and how has COVID-19 impacted the cyber security threat landscape so far. Society has seen a massive increase on the front of cyber security attacks during this pandemic and this paper aims to investigate this. This paper provides all the current trends of cyber security attacks during this pandemic and how the attacks have changed between different pandemics. The impact of COVID-19 on society, from a cyber security threat land-scape perspective is also provided and a discussion on why cyber security education is still of utmost importance. Education, as always, seems to be the number one means on how to prevent cyber security threats.

According to the authors, the main contribution to the increase in the cyber security threat landscape is there mere fact that:
1. Society has a heightened dependency on digital infrastructure;
2. Working from home has not been fully trailed by all organisations before;
3. The massive reliance on the online connectivity and network infrastructure of every country;
4. The curious nature of the human psyche, especially in times of uncertainty;
5. Society is spending most of their time consuming online services, which in turn could lead to riskier behaviour;
6. Individuals whom are not necessarily ‘tech savvy’ have to suddenly become accustomed to using technology for their daily lives;

Useful links:

Warn your peers!:

21.03Malwarebytes explains coronavirus scamsScam, Phishing

Type: Scam, Phishing

In the past week, Malwarebytes discovered multiple email scams that prey on the fear, uncertainty, and confusion regarding COVID-19, the illness caused by the novel coronavirus. The problem expands beyond pure phishing scams.

Malwarebytes has put together an article where they showcase different scam, phishing and malspam examples. It's valuable read and gives you a glimpse of what those impersonating emails and phishing emails look like.

You will see examples of:
- Impersonation of the World Health Organization (WHO) employees
- Phishing emails asking to act fast (before banks close)
- Email with a file for a quick remedy for Coronavirus which actually includes malicious .doc file
- Email that reports latest cases near you with a malicious .xls file
- Email in Spanish that also spreads malware

Useful links:

Warn your peers!:

20.03Coronavirus Sets the Stage for Hacking MayhemMisc

Type: Misc

Rapid changes to daily life during the pandemic have also changed how people interact with internet-connected technologies. Without time to develop tailored defenses, that also means new exposures and risks.

Useful links:

Warn your peers!:

20.03Coronavirus Used in Malicious CampaignsMalware

Type: Malware

The coronavirus disease (COVID-19) is being used in a variety of malicious campaigns including email spam, BEC, malware, ransomware, and malicious domains.

Useful links:

Warn your peers!:

20.03US authorities battle surge in coronavirus scams, from phishing to fake treatmentsPhishing

Type: Phishing

The rise in scams has come in the form of email phishing campaigns, fraudulent goods, and disinformation campaigns, according to a report released this week from Digital Shadows, a San Francisco cybersecurity company.

Useful links:

Warn your peers!:

20.03How to Recognize Malicious Coronavirus Phishing ScamsPhishing

Type: Phishing

This blogpost provides an overview to help you fight against phishing attacks and malware, examples of phishing messages we’ve seen in the wild related to coronavirus and COVID-19, and specific scenarios to look out for (such as if you work in a hospital, are examining maps of the spread of the virus, or are using your phone to stay informed).

Useful links:

Warn your peers!:

20.03COVID-19 Scams Are Everywhere Right Now. Here’s How to Protect Yourself?Phishing

Type: Phishing

Here’s what to know about the COVID-19 scams out there, as well as some precautionary measures you can take to avoid being scammed during the coronavirus outbreak.

Useful links:

Warn your peers!:

20.03Malware called BlackWater pretending to be COVID-19 informationMalware

Type: Malware

Recently MalwareHunterTeam discovered a RAR file being distributed pretending to be information about the Coronavirus (COVID-19) called "Important - COVID-19.rar". When opened, the malware will extract a Word document to the %UserProfile%\downloads folder called "Important - COVID-19.docx.docx" and opens it in Word. The opened document is a document containing information on the COVID-19 virus and is being used by the malware as a decoy as it installs the rest of the malware and executes it on the computer.

Useful links:

Warn your peers!:

20.03Coronavirus: Huge Surge in Fake News on Facebook, WhatsApp in IndiaFake news

Type: Fake news

The enormous surge in fake news, video clips, GIFs and also authentic-looking federal government alerts connected to coronavirus (COVID-19) in India has actually left countless customers, civil culture participants, reporters and also authorities totally frustrated and also caught, beginning with panic getting throughout the nation.

“There is a deluge of fake information on Facebook and WhatsApp as India fights this global health pandemic. Dedicated cybercriminal groups are spreading panic and the Indian government is helpless. Daily supplies are getting over fast as cybercriminals piggybacked on Dr Trehan’s popularity to send fake letter out and created panic,” Pavan Duggal, among the country’s leading cyber regulation professionals, informed IANS.

Useful links:

Warn your peers!:

20.03Phishing email impersonating WHO chief begins to circulatePhishing

Type: Phishing

Hospital workers should be cautious of a new phishing email that is impersonating the World Health Organization Director Dr. Tedros Adhanom Ghebreyesus.

IBM’s X-Force discovered the phishing scheme. The emails are being sent to people in personalized messages, addressing the recipient by a username found in the email address. If a person opens the spam email and clicks on the attachment, malware is spread onto the computer. The HawkEye malware is capable of stealing credentials from the computer. “It is remarkable how threat actors play with the fears and hopes of their potential victims. Speaking of prevention drugs and cures in an email that is spoofed to appear directly from the director of the WHO, in this current situation is expected to be highly successful,” the IBM X-Force team concluded.

Useful links:

Warn your peers!:

19.03Cybercriminals are using COVID-19 discount codes to sell malware and fake itemsMalware

Type: Malware

According to the latest research by security firm Checkpoint, hackers are using “COVID-19” code to sell malware and exploitation tools on the dark web.For example, below is a Facebook account hacking tool sold for $300 with “a 15% coronavirus discount.”

Useful links:

Warn your peers!:

19.03New Coronavirus Warning: Beware These ‘COVID-19 Discounts’—The Most Dangerous Deals OnlineMisc

Type: Misc

Hackers are now offering “COVID-19 discount codes” to encourage armies of newbies to buy their exploits and take up the trade.

Useful links:

Warn your peers!:

19.03Coronavirus: Malwarebytes identifies new e-book phishing scam impersonating the WHOPhishing

Type: Phishing

Security researchers from Malwarebytes have identified a new phishing campaign. This latest email scam impersonates the World Health Organization (WHO) in an attempt to entice users to download a free e-book.

Useful links:

Warn your peers!:

19.03Hackers Promise ‘No More Healthcare Cyber Attacks’ During COVID-19 CrisisMisc

Type: Misc

As leading cybercrime gangs promise not to attack healthcare organizations during the COVID-19 pandemic, can we take them at their word?

Useful links:

Warn your peers!:

19.03Food Delivery Service in Germany Under DDoS AttackTargeted Attack

Type: Targeted Attack

The measures adopted by the country to limit the spread of the COVID-19 virus have a drastic impact on social life. Yet cybercriminals have launched a distributed denial-of-service attack on the website demanding 2 bitcoins (around $11,000) to stop the siege.

Useful links:

Warn your peers!:

19.03As coronavirus crisis worsens, hacking is increasing, security experts sayMisc

Type: Misc

A security firm said hacking threats on systems it monitors have increased 15% a month since the beginning of the year, and so far in March, they've jumped 20%.

Useful links:

Warn your peers!:

19.03COVID-19 Impact: As Retailers Close their Doors, Hackers Open for BusinessMisc

Type: Misc

Hackers around the globe are taking advantage of the Covid-19 outbreak by accelerating their activities to spread their own infections.

Useful links:

Warn your peers!:

19.03Coronavirus pandemic makes U.S. more vulnerable to serious cyberattackMisc

Type: Misc

The United States is increasingly vulnerable to a cyberattack targeting hospitals, food supplies or other vital functions during the coronavirus pandemic, lawmakers and experts say. They're calling on the Trump administration to take bold action to keep adversaries at bay.

Useful links:

Warn your peers!:

19.03Cyberattack on Czech hospital forces tech shutdown during coronavirus outbreakMalware

Type: Malware

Brno University Hospital in the Czech Republic was hit by a major cyberattack on 12 and 13 March, causing an immediate computer shutdown in the midst of the coronavirus outbreak.

Useful links:

Warn your peers!:

19.03‘Dirty little secret’ extortion email threatens to give your family coronavirusPhishing

Type: Phishing

Sophos Security team just sent us a phish they received that shows the stakes just got a lot higher and way more offensive. The price is $4000, and if you don’t pay then they’re threatening to infect your family with coronavirus.

Useful links:

Warn your peers!:

19.03Bluffton Township Fire District systems hacked during declared emergencyTargeted attack

Type: Targeted attack

BLUFFTON, S.C. (WTGS) — On March 15, the Bluffton Township Fire District's electronic systems were hacked. The hacking incident in no way interfering with emergency response times. The problem is impacting documentation and internal communication on the administrative side.

Useful links:

Warn your peers!:

18.03Online scammers target vulnerable Internet users during coronavirus outbreakPhishing

Type: Phishing

“Scammers have already devised numerous methods for defrauding people in connection with COVID-19,” the statement reads. “They are setting up websites, contacting people by phone and email, and posting disinformation on social media platforms.”

Useful links:

Warn your peers!:

18.03Coronavirus Scam Alert: COVID-19 Map Malware Can Spy On You Through Your Android Microphone And CameraMalware

Type: Malware

Watch out for any links texted to your Android phone promising an app to track coronavirus. Downloading the application will let snoops watch you through your smartphone camera, listen to you through your microphone or pilfer all your text messages.

Useful links:

Warn your peers!:

18.03Trickbot, Emotet Malware Use Coronavirus News to Evade DetectionMalware

Type: Malware

The TrickBot and Emotet Trojans have started to add text from Coronavirus news stories to attempt to bypass security software using artificial intelligence and machine learning to detect malware.

Useful links:

Warn your peers!:

18.03Hackers Hide Malware C2 Communication By Faking News Site TrafficMalware

Type: Malware

A cyber-espionage group active since at least 2012 used a legitimate tool to shield their backdoor from analysis attempts to avoid detection.

Useful links:

Warn your peers!:

18.03Thousands of COVID-19 scam and malware sites are being created on a daily basisMalware

Type: Malware

Most of these sites are being used to host phishing attacks, distribute malware-laced files, or for financial fraud, for tricking users into paying for fake COVID-19 cures, supplements, or vaccines.

Useful links:

Warn your peers!:

18.03Android malware uses coronavirus for sextortion and ransomware comboMalware

Type: Malware

Like many other cyber threats doing the rounds these days, the criminals have used the coronavirus pandemic as a lure, offering an intriguing if rather creepy app called COVID 19 TRACKER.

Useful links:

Warn your peers!:

17.03Coronavirus: Israel enables emergency spy powersMisc

Type: Misc

The Israeli government has approved emergency measures for its security agencies to track the mobile-phone data of people with suspected coronavirus.

Useful links:

Warn your peers!:

17.03Nation-Backed Hackers Spread Crimson RAT via Coronavirus PhishingPhishing

Type: Phishing

A state-sponsored threat actor is attempting to deploy the Crimson Remote Administration Tool (RAT) onto the systems of targets via a spear-phishing campaign using Coronavirus-themed document baits disguised as health advisories.

Useful links:

Warn your peers!:

17.03Why cybersecurity matters more than ever during the coronavirus pandemicMisc

Type: Misc

As the coronavirus pandemic continues to disrupt global health, economic, political and social systems, there's another unseen threat rising in the digital space: the risk of cyberattacks that prey on our increased reliance on digital tools and the uncertainty of the crisis.

Useful links:

Warn your peers!:

16.03Argentinean Gov’t Blockchain Hacked to Spread Face News on CoronavirusTargeted attack

Type: Targeted attack

The Argentine government confirmed on March 14 that they suffered a hack on the website of their official gazette (Boletin Official). The compromise resulted in false statements regarding the coronavirus.

Useful links:

Warn your peers!:

16.03Will Coronavirus Lead to More Cyber Attacks?Misc

Type: Misc

While the world is focused on the systemic threat posed by Covid-19, cyber criminals around the world undoubtedly are poised to capitalize on the crisis by launching a different kind of “virus.”

Useful links:

Warn your peers!:

16.03A COVID-19 Cybersecurity Poll: Securing a Remote WorkforceMisc

Type: Misc

COVID-19 is changing how we work. Weigh in on how your organization is securing its remote footprint with our short Threatpost poll.

Useful links:

Warn your peers!:

16.03Cyber criminals exploit coronavirus disruptionMalware

Type: Malware

Cyber criminals and hacking groups are exploiting disruption caused by the coronavirus through a range of phishing and malware attacks which are likely to proliferate as the outbreak intensifies, UK security officials have warned.

Useful links:

Warn your peers!:

16.03UK intelligence agency warns of cybercriminals exploiting the Coronavirus outbreakMalware

Type: Malware

A division of GCHQ (Britain’s equivalent to the NSA) has warned the public to be on their guard against cyber criminals exploiting the Coronavirus outbreak.

Useful links:

Warn your peers!:

14.03COVID-19 Testing Center Hit By CyberattackTargeted Attack

Type: Targeted Attack

Computer systems at the University Hospital Brno in the Czech Republic have been shut down on Friday due to a cyberattack that struck in the wee hours of the day.

Useful links:

Warn your peers!:

13.03Coronavirus: How hackers are preying on fears of Covid-19Phishing

Type: Phishing

Cyber-criminals are targeting individuals as well as industries, including aerospace, transport, manufacturing, hospitality, healthcare and insurance. Phishing emails written in English, French, Italian, Japanese, and Turkish languages have been found.

Useful links:

Warn your peers!:

13.03Coronavirus tracking app locks up Android phones for ransomRansomware

Type: Ransomware

This Android ransomware application, previously unseen in the wild, has been titled “CovidLock” because of the malware’s capabilities and its background story. CovidLock uses techniques to deny the victim access to their phone by forcing a change in the password used to unlock the phone. This is also known as a screen-lock attack and has been seen before on Android ransomware.

Useful links:

Warn your peers!:

11.03Hackers are using coronavirus maps to infect your computerMalware

Type: Malware

Several organisations have made dashboards to keep track of COVID-19. But now, hackers have found a way to use these dashboards to inject malware into computers.

Useful links:

Warn your peers!:

09.03COVID-19 boosts remote work, security concernsMisc

Type: Misc

With the instances of COVID-19 (coronavirus) cases increasing by the day, organisations in affected countries across the globe are instructing their employees to work remotely. However, offering this option without proper oversight or preparation is raising security concerns.

Useful links:

Warn your peers!:

Show older

Do you have more information or have we missed something?
Help us out!

Be part of spreading the awareness about the
online threats surrounding COVID-19 pandemic.

    What is WebARX?

    WebARX enables web developers to virtually patch third-party code vulnerabilities in large number of websites.

    Start blocking malware infections, magecart attacks and other malicious traffic today.

    Learn more

    WebARX is compatible with the following platforms:

    PHP
    WordPress
    Magento
    Drupal
    Joomla