Over the past few months, researchers at Panda Security have noted an increase in malicious social engineering campaigns using the global COVID-19 pandemic as a hook. As the crisis deepens, the number of related malicious domains, spam, malware and ransomware attacks has increased. With a large portion of the workforce now working from home, the attack surface has increased dramatically – creating more opportunities for cyber criminals.
Spam
Recently, researchers have observed an increase in COVID-19 related spam e-mails that were not limited to specific regions, but common around the world. The e-mails feature enticing subject lines such as ‘official’ updates and information about the virus, or delayed delivery schedules due to COVID-19. As with most spam campaigns, they prompt the receiver to open malicious attachments.
Malware and ransomware
Using online monitoring maps, hackers have been able to identify high-traffic sites in order to replace them with fake sites that facilitate the installation of malware. Panda Security’s 100% attestation service has allowed researchers to identify and block malicious executables, including new ransomware variants CoronaVirus & CovidLock. CovidLock originates from a malicious Android app that supposedly helps track COVID-19 cases, but instead the malicious executable blocks the user’s device and demands a ransom.
Indicators of compromise
Organisations that have implemented an advanced endpoint security (EDR) technology supplemented with a patch management service need not be too concerned about these kinds of threats. Solutions like Panda Adaptive Defense 360, with its 100% attestation service, monitor all processes and block malicious or potentially malicious processes from running. However, it is important to maintain a multi-layered approach that speaks to current threats.
Learn more about how cyber criminals are exploiting COVID-19 – reference Panda Security’s new eBook – Cyberattacks Exploiting COVID-19.
Share