From ventilator manufacturers to health-care staff to leaders in government, business and the not-for-profit sector on the frontlines of the battle against Coronavirus, hackers have spared none in their pursuit for disruption and making some quick money. At the very heart of their operations, the hackers have worked to exploit the loopholes in modern security architectures in the IoT, OT and IT infrastructures and walk away with data, ransom or an open backdoor to exploit in the future.
While governments and businesses are dealing with the challenges associated with the Coronavirus pandemic, hackers have been modifying their strategies almost every week to create new opportunities to exploit. Here is how the hackers have changed stance often in the last month alone:
Feb 21-Feb 29 – large scale phishing attacks faking origin from leading global and regional health regulators and laboratories. The e-mails were attributed to the highest authority in these bodies. Each mail used to contain an attachment that triggers a ransomware attack and links that lure victims into giving away their personal information. Fake websites were set up and a Coronavirus prepared kit bugged with a data logging trojan was emailed to potential victims.
March 01-March 07 – in case of victims who were compromised earlier, mails purporting to be from their colleagues or vice versa were sent to lure them further. The messaging was again quite convincing. Besides, malicious links were circulated on social media and popular instant messaging apps along with fake news to reach out to and lure more victims.
March 07-17 – targeted attacks on armed forces, government agencies and healthcare sector launched using information stolen from the previous attacks. Attacks geographically focused on Western Europe, South East Asia, and the USA. APT groups also got involved at this stage to target diplomatic communication.
March 18- 29 – Attacks continue on the healthcare sector, education and on businesses using online collaboration applications. Hackers also start attacking institutions in the not for profit sector that have recently received monetary contributions from various sources. Attempts were also made to target e-learning sites and platforms
Such rapid change in strategies and tactics indicate the handiwork of mature and sophisticated hacker groups. The malware isolated by us also indicates a gradual shift towards targeting home-based employees and smart device users (including smart elevators). This trend is still evolving so we are still monitoring the situation and you will hear more from us in the next edition of this paper.
Emotet On The Rise: CoronaVirus Phishing Campaign