With the continuing surges of international and national reporting about the coronavirus outbreak – including the World Health Organization’s declaration of a global health emergency, more than 200 deaths and sickening of more than 20,600 people worldwide, and hoaxes falsely reporting local outbreaks of coronavirus – malicious actors have begun to deploy a variety of phishing and malware campaigns:
- Cybersecurity awareness firm KnowBe4 called attention to a classic social-engineering attack, involving an email purportedly from the U.S. Centers for Disease Control and Prevention that invites recipients to click on a link that purports to be a list of “new cases around your city.” (Email security company AppRiver has posted a redacted copy of the email.)
- Dark Reading reported that emails received in the United States and the United Kingdom purport to come from a health specialist. In these emails (first detected by security firm Mimecast), the “specialist” advises recipients to “go through the attached document on safety measures regarding the spreading of corona virus,” with the admonition “This little measure can save you.” The email contains a link entitled “Safety Measures.pdf” that supposedly includes health advice.
- IBM X-Force Exchange reported that an active malspam campaign directed at residents of Japan is being conducted via emails. The emails, which purport to come from a disability welfare service provider in Japan, falsely alert recipients to coronavirus infection reports in several Japanese prefectures. They urge the recipients to “check the attached notice,” and include language encouraging recipients to believe that the notice pertains to infection prevention measures. In fact, those who click on the attached document and follow the “Enable document” instructions therein download a copy of the advanced banking trojan Emotet. (The IBM site contains screenshots of the email and the attached document.)
- Most recently, the Chinese National Computer Virus Emergency Response Center warned of the use of emails and WeChat in China to distribute malware under names such as “novel coronavirus pneumonia.exe” and “coronavirus.exe.”
Note: IBM X-Force Exchange is undoubtedly right in stating that it “expect[s] to see more malicious email traffic based on the coronavirus in the future, as the infection spreads.” For that reason, corporate information-security and financial-crimes compliance teams should promptly alert employees to this spate of phishing and malware attacks. In particular, they need to reiterate warnings to employees never to click on any attachments in emails or other messages that do not come from a trusted source, remind them of the likely harm to their organizations that can come from inadvertent downloading of malware, and provide them with information on how to report such email- or chat-related attacks.