COVID-19 Related Cyber Attacks

Wednesday, March 25th, 2020 | Mark Bedford | Comments Off on COVID-19 Related Cyber Attacks

While it is unfortunate and tasteless in the light of COVID-19’s impact on the world, we are seeing that criminals are using the pandemic as an opportunity to exploit peoples goodwill and need for information or help.

Our wider cyber security community is reporting campaigns using the following propagation methods,often endeavoring to gain the trust of victims using branding associated with the U.S. Centres for Disease Control and Prevention (CDC) and the World Health Organization (WHO), as well as country-specific health agencies such as the Public Health Centre of the Ministry of Health of Ukraine and China’s Ministry of Health, and companies such as FedEx. Examples include:

Emails

There are a range of emails using COVID-19 to grab peoples interest. Examples include:

  • working from home statements from supervisors/managers (Director of Milan University)
  • requesting donation to fake WHO COVID-19 response fund
  • recommendations to avoid infection
  • blackmailing people to pay ransom or risk family member being infected
  • statements from health authorities (WHO, CDC, MoH, etc)

Often these will include attachments with malware or links that take you to a website or file download or ask you to login.

Phone

Receiving phone calls

  • Impersonating an authority to carry out a variety of scams, from gaining access to your account to phony donation requests and spreading of malware.
  • pretending to be a hospital looking for payment for treatment of a friend or relative
  • scams similar to the previously seen “microsoft” calling to clean a virus off your computer.

Receiving TXT message

  • text messages that have a link that claims to direct people to testing facilities. This link is not legitimate and instead may install malicious software on your device that’s designed to steal your personal information, such as banking details

Web Sites

Criminals are cloning or crafting websites to facilitate their scams

  • Fake anti-virus website promising coronavirus protection is actually delivering malware
  • fake shops, websites, social media accounts, and email addresses claiming to sell medical supplies currently in high demand, such as surgical masks.
  • clone of the (legitimate) Johns Hopkins University coronavirus map used to spread malware.
  • offering to sell or provide fake cures, vaccines, and advice on unproven treatments for COVID-19

Please be careful about which websites you go to. Our advice is to to only use trusted and verified information sources from government and research institution’s websites. Ideally by going directly to them rather then clicking off links in unsolicited emails.

Social Media Sites

  • Be cautious of legitimate fundraising sites like GoFundMe that are used to solicit donations as this is a common tactic of criminals
  • Watch for fake investment schemes using stocks being promoted via social media where there is a claim about having a product or service that is able to prevent or treat COVID-19
  • the obvious stupid or fake ‘trolls’ trying to get social attention by offering potentially dangerous advice
  • offering to sell or provide fake cures, vaccines, and advice on unproven treatments for COVID-19

Malware and Mobile Apps

Criminals are associating branding from authoritative sources or creating apps that provide coronavirus information to get people to install apps that include malware / spyware on mobile devices.

  • Coronavirus tracking apps like ‘corona live 1.1’ includes spyware that gives to attacker remote control over your device and the data it has access to.
  • COVID19 tracker – another tracking app that includes ransomware and encrypts the users devices demanding bitcoin.

Think carefully about whether you really need an app, especially where you have no idea that it will actually provide accurate information. Please ensure that you download apps only from official app store for your phone and always check the permissions apps request on your device make sense.

Summary

Expect to see a wide range of COVID-19 related phishing emails, text messages, dodgy apps and fake web sites. These scams will likely focus on the our interest in COVID-19 virus spreading by informing of infections in your local area, vaccine and treatment offers, and supply shortages that have become critical.

If you are unsure about the website, do not proceed with any login procedures. If there is some general information that can be found searching through an online search, do that instead of clicking the link from a suspicious sender.

If there is any doubt to a received item, then you should contact AskOtago like normal.

Man in the Inbox

Thursday, July 19th, 2018 | Mark Bedford | Comments Off on Man in the Inbox

There are criminals who when they compromise an email account use their access to undertake a “Man in the Inbox” attack. Such attacks are highly successful as antispam systems are not tuned to look for insider attacks and therefore less likely to catch them.

The attackers purport to be the owner of the account and use the already established trust relations to better their own bank balance. They do this in obvious ways such as sending change of bank account notices to all customers, this way they get the victims clients to make their remittance payments to a money mule’s bank account who then transfers it to the criminals account.

In any commercial relationship, the previously agreed terms and conditions about payments should include a statement about how to confirm a change in bank account. If your business includes sending or receiving invoices and making associated financial transactions then your bank account details should also be published on your website as this provides and alternative means of confirming it.

The interpretation of the law is somewhat grey on who is liable if you are the victim of such a scam. This should be reported to law enforcement, your bank and your insurance company. You should also take steps to preserve any forensic evidence (buy a new computer rather than wipe the old one and keep it powered off) as this might be useful in attribution.

To defend against these you need to be vigilant and not get hooked from phishing emails. If the messages’ date/time stamp is outside what you would expect, the bank account looks odd, or the request seems out of sequence (like sending an invoice that updates a previous one), or there is a minor difference in the email address such as “accounts” rather than “account” then phone them to confirm the change details. The criminals have allayed suspicions by responding to skeptical emails advising that the change is legit.

For further information see Cofense article

Everyday cyber crime

Thursday, November 2nd, 2017 | Mark Bedford | Comments Off on Everyday cyber crime

I recently discovered a very good TED presentation by James Lyne, it is definitely a goodie. In his presentation, “Everyday cybercrime – and what you can do about it” https://www.ted.com/talks/james_lyne_everyday_cybercrime_and_what_you_can_do_about_it he provides an excellent introduction into internet security. His entertaining style fits well with the content and the 17 minute presentation covers key material. This should be on everyone’s play list as he debunks common myths about cybercrime. A Sophos page with some helpful followup tips can be found over at https://sophos.com/wifi with the emphasis wifi services.