The industrious and criminal-minded threat actors behind the majority of cyberattacks have reinvented their attack approaches during the ongoing COVID-19 pandemic. Since the advent of the outbreak, cybercriminals are developing new phishing tools, hacking strategies, and exploring different attack avenues to benefit from the crisis and eventually prove their cyber prowess.
By Rudra Srinivas, Senior Feature Writer, CISO MAG
Several new cybersecurity scams and malicious activities have risen during the pandemic. According to a survey the key cause for the emergence of these new threats is likely due to social distancing norms and malware authors being bored and stuck at home due to the lockdown.
COVID-19 has certainly reshaped the way darknet forums operate. CISO MAG learned four intriguing ways cybercriminals are trying to cash in on public fears.
1. Fake Products in Darknet Markets
Since the beginning of 2020, Coronavirus-related vaccines, virus testing kits, and other fake products are being peddled on the deep web and darknet markets. Hackers are taking advantage of panic as people look for safeguards against the disease. Several security experts warned that the products selling in these hacking forums are in no way real, and buyers are sure to be scammed. For instance, there are fake “vaccines” being sold on the darknet.
2. New Phishing Strategies
COVID-19-related phishing lures, scams, disinformation campaigns, weaponized websites, and malware infections have become widespread across the internet. Recently, a hacker group targeted the World Health Organization (WHO) via a sophisticated phishing attack, which involved an email hosted on a phishing domain that tried to trick the employees into entering their credentials. Researchers are noticing new types of phishing campaigns that pretend to be from authenticate sources, trying to trick users into downloading malicious attachments or entering sensitive data in fake forms.
Recently, a security firm discovered that threat actors distributed malware disguised as “Coronavirus Map” to steal personal information that is stored in the user’s browser. Attackers designed multiple websites related to Coronavirus information to prompt users to click/download an application to keep themselves updated on the situation. The website displays a map (a lookalike of a genuine one) representing the COVID-19 spread. The map generates a malicious binary file and installs it on victims’ devices.
3. Demand for Ransom Soars
With organizations working remotely, the security of the remote employees’ devices becomes a major concern for companies across the globe. Several industry experts stated that remote work increased the risks of cyberthreats like never before. Ransomware attacks on remote workers have become an additional threat level to organizations, especially for health care providers and businesses in financial, federal, and state agencies that deal with sensitive data. The ransomware operators are forcing enterprises to pay high ransom in order to get decryption keys. The average enterprise ransom payments increased 33% ($111,605) in Q1 of 2020 from Q4 of 2019, a survey revealed.
Information technology services provider Cognizant admitted that it is a recent victim of a ransomware attack. The IT giant stated that it was hit by Maze ransomware that caused service disruptions for some of its clients.
4. Income from Selling Credentials
Stolen user credentials and financial information have long been prevalent commodities on hacking forums. But with large swaths of remote workers depending on video conferencing apps and other virtual private networks, hackers are refocusing on these attack surfaces. As endpoint security at home is not as secure as it is in the office, attackers are trying to exploit loopholes.
Over 500,000 account credentials of video conference platform Zoom are being sold on the darknet. According to a recent investigation by IntSights’ researchers, hackers have shared a database containing more than 2,300 usernames and passwords to Zoom accounts on dark web forums. The exposed database contains usernames and passwords of personal Zoom accounts, including corporate accounts belonging to banks, consultancy companies, educational facilities, software vendors, and healthcare providers. Researchers also highlighted that they’ve found various posts and threads of dark web forum members discussing different approaches of targeting Zoom’s conferencing services.
Organizations across the globe are suffering from Coronavirus-related cyberattacks, but on the flipside, several ransomware groups came forward to assure that they would hold back from attacking health organizations during the Coronavirus crisis.
We can only hope that more hacker groups have a change of heart and spare institutions providing services to save lives. Hackers should instead turn a leaf and become security consultants, who are in great demand these days.
About the Author
Rudra Srinivas is part of the editorial team at CISO MAG and writes on cybersecurity trends and news features.