Corona Virus Themed Cyber Attack

Corona Virus Themed Cyber Attack

Coronavirus not only attacking people around the globe physically. The COVID-19 fears is being exploited by cyber attacker. They create multiple ways to get into your system and devices. Starting with mobile phone application, up to email scam. Many users have known phishing email, malicious URL, malicious application, but still many of them fall into these hackers’ trap. Many of their trap can be avoided if only the awareness distributed early by the SOC team.

Rob Lefferts, corporate vice president for Microsoft 365 Security, said that many of the attacks actually retreads of existing attacks that have been slightly altered to tie to this pandemic. “This means we’re seeing a changing of lures, not a surge in attacks.” Lefferts added.

  1. Malware on Mobile Phone

Checkpoint published at least 16 mobile applications claims that they can give up to date information regarding COVID-19, but instead they contain malware that stole user personal information or generated fraudulent revenues.

  1. Email Phishing

Group-IB, a cybersecurity firm, they noticed hundreds of phishing email related to coronavirus were carrying spyware. Since coronavirus is a hot topic these days, users are requested to be more careful in opening emails from unknown source. Users urged to see not only the name of the sender but also look into the email address of the sender.

https://www.group-ib.com/media/wp-content/uploads/2020/04/pic2.jpg

This email looks like it was sent by Unicef, but if you look closely to the email address, it is not Unicef domain address (unicef.org)

3. Malicious Application

More and more people now working from home and communicating to each other using email. In the office, those people are working behind firewalls and many layers of security technology, but now, at home, they are naked to the internet. When receiving files, everybody should be very careful in reading their file names about to open. Many malicious files hiding behind seemingly legitimate name.

Many malicious attacks hide well behind legit information known by many people. The best way to avoid fallen into their traps are being very cautious about what will be opened or clicked. For organizations, spread awareness on these malicious things to the users. If you have no resource in doing all these, you can engage manage service security company like EDGE. When you need more information about how can we help you, do not hesitate to contact us.