Skip to main content

MALWARE FAMILIES RELATED TO COVID-19 - CYBER ATTACKS

CORONAVIRUS PANDEMIC [COVID-19] BASED CYBER ATTACKS

Novel Coronavirus, originated in December 2019 is a viral disease spread worldwide.  It has been reported that Threat Actors are using the COVID-19 pandemic as a cyber attack vector for their own notorious gains. 

Cyber criminals are taking advantage of victims increased craving for information about the Novel Coronavirus due to fear and uncertainity associated with it as the outbreak of the disease is progressing worldwide.

ATTACK STAGES- 

PRIMARY SET OF ATTACKS: 

The Threat actors employed references related to COVID-19 in phishing attacks to steal information and drop additional malware. 

TACTICS AND ATTACK PROCEDURES INVOLVED POST INITIAL PHASE OF ATTACKS: 

Threat actors devise following new strategies to target victims with scams or malware campaigns:

Use of Legitimate corporate branding in the name of COVID-19 to send malware to victims
Using names of trusted organizations in phishing attacks in order to attain credibility and to lure victims to further open attachment Using promotional code Coronavirus Maps
"COVID19" as discount codes used by different hacking groups to promote their goods (malicious malware or exploit tools) for financial gain sold over dark net Trojan being delivered via Android app that lures victims offering Coronavirus safety mask upon installation. Coronavirus tracker App that takes away access of android microphone and camera once installed.

MALWARE FAMILIES RELATED TO COVID-19:

  1. AGENT TESLA
  2. TRICKBOT
  3. LOKIBOT
  4. EMOTET
  5. TRICKYMOUSE
  6. VICIOUS PANDA CAMPAIGN
  7. AZORULT
  8. CRIMSON RAT
  9. COVIDLOCK


Best Practice and Recommendations

The majority of the infections are primarily introduced via phishing emails, malicious adverts on websites, and third-party apps and programs. Hence, thoughtfully designed security awareness campaigns that stress the avoidance of clicking on links and attachments in email, can establish an essential pillar of defense. Allow remote access to the organization's network strictly with two-factor authentication. Systems having antivirus and a malware protection program on it and making sure they are always up to date with latest signatures.

Administrators applying strict application whitelisting, blocking unused ports, turning off unused services, and monitoring outgoing traffic to prevent infections from occurring.

Checking all services and devices for remote access for updates of firmware and security patches. Internet-facing open ports of remote-control services are a key target for attacks. Disable use of Macros in Microsoft office. COVID-19 used VBA Macros as an initial step for targeting victims. 
Labels:

Comments

Post a Comment

PLEASE SUBMIT YOUR VALUABLE SUGGESTIONS TO GET PUBLISHED.

Popular posts from this blog

Get PPO number using Bank Account Number or PF Number in EPFO Website

 
Post a Comment
>>READ MORE>>

petition.republicworld.com RED PROBE INTO THE SUSHANT SINGH RAJPUT DEATH CASE

  petition.republicworld.com RED PROBE INTO THE SUSHANT SINGH RAJPUT DEATH CASE WHAT IS THIS PETITION? This is a petition to demand that the investigation into the death of Sushant Singh Rajput be transferred to an independent and impartial organisation for a Supreme Court monitored time bound inquiry. We believe nothing short of this will bring the whole truth out. Join the Republic Media Network Campaign for #CBIForSSR to ensure that the cloud over the circumstances of actor Sushant’s death are removed, that the truth prevails, and that those who have compromised the investigation so far face penalties under the law.
Post a Comment
>>READ MORE>>

Income Tax New e-Filing Portal www.incometax.gov.in - launch on June 7th

  New e-Filing Portal www.incometax.gov.in launch on June 7th -  existing e-filing portal unavailable from  June 1st to June 6th, 2021 - Plan your work accordingly
Post a Comment
>>READ MORE>>