MALWARE FAMILIES RELATED TO COVID-19 - CYBER ATTACKS

Computer, Cyber Attack, Information, medicine,

CORONAVIRUS PANDEMIC [COVID-19] BASED CYBER ATTACKS

Novel Coronavirus, originated in December 2019 is a viral disease spread worldwide.  It has been reported that Threat Actors are using the COVID-19 pandemic as a cyber attack vector for their own notorious gains. 

Cyber criminals are taking advantage of victims increased craving for information about the Novel Coronavirus due to fear and uncertainity associated with it as the outbreak of the disease is progressing worldwide.

ATTACK STAGES- 

PRIMARY SET OF ATTACKS: 

The Threat actors employed references related to COVID-19 in phishing attacks to steal information and drop additional malware. 

TACTICS AND ATTACK PROCEDURES INVOLVED POST INITIAL PHASE OF ATTACKS: 

Threat actors devise following new strategies to target victims with scams or malware campaigns:

Use of Legitimate corporate branding in the name of COVID-19 to send malware to victims

Using names of trusted organizations in phishing attacks in order to attain credibility and to lure victims to further open attachment Using promotional code Coronavirus Maps

"COVID19" as discount codes used by different hacking groups to promote their goods (malicious malware or exploit tools) for financial gain sold over dark net Trojan being delivered via Android app that lures victims offering Coronavirus safety mask upon installation. Coronavirus tracker App that takes away access of android microphone and camera once installed.

MALWARE FAMILIES RELATED TO COVID-19:

1. AGENT TESLA
2. TRICKBOT
3. LOKIBOT
4. EMOTET
5. TRICKYMOUSE
6. VICIOUS PANDA CAMPAIGN
7. AZORULT
8. CRIMSON RAT
9. COVIDLOCK

Best Practice and Recommendations

The majority of the infections are primarily introduced via phishing emails, malicious adverts on websites, and third-party apps and programs. Hence, thoughtfully designed security awareness campaigns that stress the avoidance of clicking on links and attachments in email, can establish an essential pillar of defense. Allow remote access to the organization's network strictly with two-factor authentication. Systems having antivirus and a malware protection program on it and making sure they are always up to date with latest signatures.

Administrators applying strict application whitelisting, blocking unused ports, turning off unused services, and monitoring outgoing traffic to prevent infections from occurring.

Checking all services and devices for remote access for updates of firmware and security patches. Internet-facing open ports of remote-control services are a key target for attacks. Disable use of Macros in Microsoft office. COVID-19 used VBA Macros as an initial step for targeting victims.