Coronavirus is dominating the news and hackers/threat actors are taking advantage by sending spam or malicious emails. Security companies all over the world has found multiple malware families being distributed with Coronavirus lures and themes.
How it works ?
The majority of these campaigns were driven through email and mail spam specifically. These threat actors would send coronavirus themed emails to potential victims and, in some cases, use filenames related to coronavirus as well, enticing victims to click attachments. One of the reasons this was so effective was the large amount of legitimate email related to coronavirus that also included attachments.
One Recent Example :
The letter below appear to come from the Centres for Disease Control and Prevention, which is a real organization in the United States, and they do recommend some actions regarding the coronavirus. The e-mails also come from a convincing domain, cdc-gov.org, whereas the CDC’s real domain is cdc.gov. A user not paying careful attention isn’t likely to notice the difference.
Advice & Thoughts
Knowing the seriousness/impact potential of these threat factors, I advise everyone to be vigilant in identifying these emails and not to click on it. (also share this message with your work colleagues, family and friends).
What to do with suspicious email?
Delete or if your company has a process for spam (monitoring / security sandbox) – send the suspicious email to companies spam email by attaching to new email (compose new email and attach the suspicious email).
Some reading content
Kaspersky has also sounded the alarm over coronavirus-themed attacks. It detected multiple malicious pdf, mp4 and docx files claiming to contain updates and information on how to stay safe from the virus.
Mimecast has detected one such campaign, with emails titled “Singapore Specialist: Corona Virus Safety Measures.”