Novel Coronavirus, originated in December 2019 is a viral disease spread
It has been reported that Threat Actors are using the COVID-19 pandemic as
a cyberattack vector for their own notorious gains.
Cyber criminals are taking advantage of victims increased craving for
information about the Novel Coronavirus due to fear and uncertainity
associated with it as the outbreak of the disease is progressing worldwide.
PRIMARY SET OF ATTACKS:
The Threat actors employed references related to COVID-19 in phishing
attacks to steal information and drop additional malware.
TACTICS AND ATTACK PROCEDURES INVOLVED POST INITIAL PHASE OF ATTACKS:
Threat actors devise following new strategies to target victims with scams
or malware campaigns:
Use of Legitimate corporate branding in the name of COVID-19 to send
malware to victims
Using names of trusted organizations in phishing attacks in order to attain
credibility and to lure victims to further open attachment
Using promotional code
"COVID19" as discount codes used by different hacking groups to promote
their goods (malicious malware or exploit tools) for financial gain sold
over dark net
Trojan being delivered via Android app that lures victims offering
Coronavirus safety mask upon installation.
Coronavirus tracker App that takes away access of android microphone and
camera once installed.
MALWARE FAMILIES RELATED TO COVID-19:
VICIOUS PANDA CAMPAIGN
Best Practice and Recommendations
The majority of the infections are primarily introduced via phishing
emails, malicious adverts on websites, and third-party apps and programs.
Hence, thoughtfully designed security awareness campaigns that stress the
avoidance of clicking on links and attachments in email, can establish an
essential pillar of defense.
Allow remote access to the organization's network strictly with two-factor
Systems having antivirus and a malware protection program on it and making
sure they are always up to date with latest signatures.
Administrators applying strict application whitelisting, blocking unused
ports, turning off unused services, and monitoring outgoing traffic to
prevent infections from occurring.
Checking all services and devices for remote access for updates of firmware
and security patches. Internet-facing open ports of remote-control services
are a key target for attacks.
Disable use of Macros in Microsoft office. COVID-19 used VBA Macros as an
initial step for targeting victims.