Cyber Criminals ‘Join’ Race Towards Coronavirus Vaccine

Cyber criminals took advantage of the latest developments in the race to develop a vaccine, and this resulted in a malspam campaign that was seen in the wild with the email subject “URGENT INFORMATION LETTER: COVID-19 NEW APPROVED VACCINES”.

Media Release:

IT seems that Covid-19 is here to stay, at least in the foreseeable future and, for many, a vaccine is the only hope for everyone being able to return to what we once knew as normal.
This month, the top front-runners in the race to develop a Covid-19 vaccine, Oxford University and Moderna, announced that they have had significant progress in their developments. Both organisations recently published encouraging results for their latest experiments and declared their intention to move on to the 3rd stage out of 4 in their race towards the desired vaccine.
As we’ve previously reported, threat actors and hackers have been closely following the pandemic’s development globally. The “new normal” has already brought about new cyber scams. Now, in the race for a vaccine, we’re witnessing a doubling in the number of vaccine-related new coronavirus domains between June and July. In fact, 1 out of every 25 malicious coronavirus-related websites’ landing pages is vaccine related.

Vaccine related campaigns

Cyber criminals took advantage of the latest developments in the race to develop a vaccine, and this resulted in a malspam campaign that was seen in the wild with the email subject “URGENT INFORMATION LETTER: COVID-19 NEW APPROVED VACCINES”. These emails delivered malicious .EXE files with the name “Download_Covid 19 New approved vaccines.23.07.2020.exe” that when clicked on, installs an InfoStealer capable of gathering information, such as login information, usernames and passwords from the user’s computer.
Another example is an email phishing campaign that sends an email with the subject “UK coronavirus vaccine effort is progressing badly appropriate, recruiting consequence and elder adults”. The mail contains a malicious link “surgicaltoll\.com/vy2g4b\.html” which now seems to be inactive. Our further research revealed that it was used to redirect traffic to a medical phishing website; “thelifestillgoeson[.]su”, which was trying to imitate a legitimate Canadian pharmacy.   
Scam logo from website below: 

Weekly Coronavirus Related Cyber Attacks

The number of general cyber-attacks remained high in July, as many countries around the globe are returning, or trying to return, to different degrees of normality. This ultimately means things are going back to (relatively) normal for hackers, too.
In the meantime, the number of coronavirus-related attacks have dropped significantly. In July, we witnessed an average of about 61,000 (60,962) corona-related attacks, a decrease of over 50% when compared to the weekly average of 130,000 attacks in June.

When mailboxes become your weakest link

Over 80% of attacks against organis lolations start from a malicious email. Since email attacks usually involve the human factor, your employees’ email inboxes are your organisation’s weakest link. Closing this security gap requires protections against various threat vectors: phishing, malware, data theft and account-takeover.
This might force you to choose between the security level you need and what you can actually afford and efficiently manage. Email is the first link in a chain of attacks, and with the rise of remote working, the use of cloud mailboxes and productivity applications have been increasing exponentially.
Attack vectors for malicious files in the last 30 days
Top malicious file types transferred via Email in last 30 days
So how can you improve your organisation’s resilience to email-based attacks?

Here are our tips:

  • Protect your email traffic with at least one layer of an advanced email security solution from a known vendor. Niche players and open-source solutions might cause more damage than good.
  • Protect mobile and endpoint browsing with advanced cyber security solutions, which prevent browsing to phishing web sites, whether known or unknown.
  • Use two-factor authentication to verify any change to account information or wire instructions.
  • Continuouslyeducate your end users:  whenever irreversible actions such as money transfers are conducted, details of the transaction must be verified in additional means such as voice communication and must not exclusively rely on information from email correspondence.
  • Checkthe full email address on any message and be alert to hyperlinks that may contain misspellings of the actual domain name.
  • Don’t supply login credentials or personal information in response to a text or email.
  • Regularlymonitor financial accounts.
  • Keep all software and systems up to date.
  • Makesure you are using an email security solution that blocks sophisticated phishing attacks like BEC, in order to prevent them from reaching employees mailboxes to begin with.
CloudGuard SaaS provides organisations with complete protection that is constantly adapting to the ever-changing threat landscape, while providing security admins with a platform that is easy to deploy and manage, all while lowering TCO and strengthening security posture. (✓)
Featured image: Photo by Martin Lopez from Pexels

Don't be shy, comments are welcome! Thank you.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: