The lockdown of countries as a result of the COVID-19 pandemic has forced billions of people to stay at home. Employees have been forced to work remotely, schools are on lockdown and social activities are on hold, except social media and the internet.
As we know, a time like this presents opportunities for cybercriminals and crooks. While email phishing attempts, COVID-19 themed scams, malware delivery campaigns and hoaxes have been used repeatedly by these cybercriminals, there have also been relentless efforts on their side to reinvent their approaches. Today, we will discuss two of these methods.
- Malicious Advertising Campaigns and Extortion
Malicious advertising, or malvertising, is the use of online based advertisements to perpetuate malware attacks and compromise systems. It is mostly done through the injection of foreign code into ads, after which the actors pay online advertising networks to put these ads on different websites. People fall victims to these malware by either clicking on the infected ad or by visiting the website that hosts the malvert. Once you fall victim, the actors might have access to important data like your financial information and credit card details.
Recently, SpyCloud researchers dug out information from popular online criminal forums, suggesting that criminals have devised a new method of using malvertising scams to exploit the COVID-19 pandemic. Some of which are:
- Threat actors are now advertising services in which coronavirus focused letters are crafted and sent as emails to unsuspecting victims.
- There has also been situations in which threat actors share instructions or promo-codes to accounts for meal-kit delivery accounts. This is targeted at people that mostly order food online and as such, adverts like this will mostly be found on shopping sites.
There have also been cases where threat actors get to threaten unsuspecting victims that they will infect them with the virus. They do this by making them believe that they have hacked into their systems, saying that they know everything about them and as such, if a certain amount of money is not paid, they will be infected.
- BEC Attacks
Most BEC (Business Email Compromise) attacks do not pass as threats as they come in stages. Most times, all they need their victims to do is to reply to their emails and get comfortable for them. In the words of BEC experts, the coronavirus-themed BEC attacks “…often come with spoofed display names, which are likely real people known to the recipient. In the body of this message, the actor attempts to eliminate the possibility of voice-verification, in hopes of ensuring a higher success rate, by saying their phone is ‘faulty at the moment.”
The new approach that the actors use is the use of emails to impersonate health institutions and non-governmental organizations.
The increase in remote work has also seen BEC mails targeted at employees of big enterprises. These emails mostly request for credentials and they tend to impersonate CTOs, IT staffs, HR and risk managers.