Coronavirus themed attacks are being used to socially engineer targets

In the past month there have been an increased level of coordinated and aggressive cyber-attacks targeting Australian businesses, individuals and Government agencies. These attacks have leveraged the news and hysteria around Coronavirus (COVID-19) and played into the general fear and associated media which the virus has caused.

We have identified a combination of different attacks that have been used in recent weeks, providing attackers with the ability to appear legitimate in their actions.

How are the attacks propagated?

Several attack vectors have been observed including:

The attackers will distribute phishing emails containing documents that appear to detail information regarding safety measures or new cures to the virus. Unbeknownst to the recipients, the documents contain malicious code that allows an attacker to remotely install malware.

The malware in these attacks is designed to enable the theft of financial information, login credentials and install key loggers and ransomware.

Some emails are purporting to be from the World Health Organisation (WHO), Australia HealthCare and various other health organisations.

The phishing emails will direct a recipient to log in to an external website in order to view the health alert. Amongst other services, the common platforms which attackers are impersonating in order to steal credentials are Office 365, Adobe, Dropbox and DocuSign.

How you can protect yourself?

Phishing emails continue to be an increasing problem to both organisations and individuals. Although the design of the emails continue to evolve, the way in which attackers attemptto compromise their victims remains the same. Outlined below are some key tips to avoid being compromised:

  • Don’t click on links sent to you from an unknown sources.
  • Inspect each email or SMS you receive, as phishing emails may contain spelling and grammatical errors.
  • If you are sent a health update, you should not be required to sign in or provide a password to view the information.
  • Ensure you remain vigilant. As the fear around the Coronavirus grows, this will only entice cyber criminals to increase their attack frequency.
  • If unsure about something you have received reach out and get help from your IT or Security team.

What to look out for to help protect yourself from these types of scams?

Phishing emails appear in a range of different designs. The following emails have been circulated in recent weeks.

Malicious attachments

This particular phishing email has a document attached that the recipient is urged to click.

It is likely that this document contains malware which will execute when the document is opened.

Unknown hyperlinks

This phishing email contains a link which the recipient is asked click in order to download a file.

This is designed to either take the recipient to a fake login page or capture credentials, or to install malware.

Close to home

In order to trick recipient into falling for a phishing email, the attacker may impersonate a more personal connection.

In this phishing email, they purport to be from the Australian Medical Association in an attempt to give legitimacy to their email.

Preying on fear and anxiety

This attack takes advantage of the general unrest being felt across the world with regards to COVID-19.

The attackers claim to have manufactured a cure to the virus to entice the recipient to click on the link.

AUTHORED BY

Rob Brown

Rob Brown
Senior Manager, Brisbane
T: +61 7 3333 9863
E: rbrown