The volume of email attacks related to the coronavirus already represents the largest collection of types of cyber attacks registered under the same theme in years, according to the research team of the security firm Proofpoint.
Its researchers say that the volume of email attacks related to Covid-19 already represents the largest collection of types of cyber attacks registered under the same theme in years “or even in history,” they say.
Their work has seen new attacks by two prolific hacker groups, TA505 and TA564, who have launched sophisticated campaigns targeting the pharmaceutical, healthcare and manufacturing sectors, as well as public services.
In them, the coronavirus has been used as a hook in phishing credentials, attachments and malicious links, compromise of corporate email accounts (BEC), forgery of landing pages, downloaders, spam and sending malware, among other techniques.
According to senior director of the company’s Investigation and Detection team, Sherrod DeGrippo, criminals have sent out waves of emails ranging from several dozen to more than 200,000 at the same time, and the number of campaigns continues to increase.
Initially, we detected around one campaign a day worldwide, while now we are seeing three to four every day. Using COVID-19 as bait is a large-scale social engineering campaign. Attackers know that people are looking for security information and that they are more likely to click any link or download attachments, “she says.
Examples Of Attacks
- An unknown malware called RedLine Stealer, that takes advantage of people’s predisposition to help find a cure for Covid-19 through a distributed computing project for disease research. RedLine Stealer is being marketed on underground Russian forums with different pricing options, starting at $ 100, and has recently been updated for cryptocurrency wallet theft.
- Emails addressed to “parents and caregivers”, which include a malware called Ursnif that can steal information such as from bank accounts. Attackers have used the recipient’s real name to increase the perception of email legitimacy.
- Posts addressed to health organizations, offering remedies for the coronavirus in exchange for bitcoins.
- False guides on how to protect family and friends from the coronavirus, which invite users to click on malicious links
