Threat Alert:

COVID-19 MALWARE

Threat Overview

Threat Type

Phishing Attacks

Target Industries

Everyone

Attack Goal

RANSOM

Impacted GEO

TARGETED TO COVID-19 REGIONS

What's Happening?

The Cybereason Nocturnus team is investigating multiple types of campaigns that specifically target regions most heavily impacted by the coronavirus with coronavirus-themed files and domains.

Attackers are abusing the pandemic for their benefit by manipulating people’s anxiety over the virus to trick them into downloading malware.

Read The Full Research

KEY OBSERVATIONS & TTPS

Taking Advantage of Remote Workers: Attackers are taking advantage of the shift to remote work by promoting malware masquerading as VPN installers. This is particularly dangerous as businesses make the transition to remote work and suggest best practices to employees, including the use of VPNs.
Using Mobile Malware: Attackers are creating malicious mobile applications posing as legitimate apps developed by the World Health Organization to help individuals recover from coronavirus. Instead, the application downloads the Cerberus banking trojan to steal sensitive data.
Targeting Healthcare Organizations: Attackers are using ransomware to target healthcare organizations, arguably the most vital and overworked among us at this time.

Remediation Steps

Consider social engineering awareness and training, which are key in preventing such attacks.

Disable macros and install an endpoint protection solution to help mitigate similar attacks.

Periodically proactively hunt in your environment for sensitive assets.

Future-Ready Cybersecurity Protection