Quiss: COVID-19 phishing emails designed to distribute malware

At a time when the world is rightly focussed on resolving the current coronavirus crisis, it is perhaps unsurprising to discover criminals are seeking to use the disruption to create even more problems for organisations and even foreign governments.

Malicious actors, both private and state-sponsored, appear to have been crafting COVID-19 themed phishing scams to take advantage of worries about the spread of the virus and the desire for up-to-date information, along with healthcare advice.

Russian hackers, reputedly affiliated to Fancy Bear, a cyber espionage group believed to be associated with Russian military intelligence, have been identified as sending phishing emails that contain malicious document attachments, to a number of Ukrainian targets.

The emails were designed to look like they had been distributed by the Ukraine's Ministry of Health and hit in-boxes as part of a larger disinformation campaign that heightened fears about the spread of the virus in Ukraine, no doubt hoping to de-stabilise the government.

Another campaign believed to have been undertaken by Chinese state-sponsored hackers targeted victims in Mongolia, while North Korean hackers targeted South Korea with phishing attacks at the end of February, using malware-filled documents to target government officials.

It is a reminder that with worried, distracted employees, many working from home away from the typical scrutiny of the office, phishing emails are a constant threat; criminals are unlikely to take a break while the world is distracted.

It is worth covering the basics when it comes to guarding against phishing attacks. Remind your people about the risk posed by every email. Get them to check carefully the email address from which the email was sent before taking any action, even if they think they recognise it.

Emails containing urgent information requests, requests to follow links or those with unexpected attachments and instructions to open them, must all be treated with suspicion.

Recently, phishing and spear phishing e-mails have become a real problem for many organisations, where the content adopts a familiar tone, implying personal knowledge of the organisation, personnel or a specific situation, like a property sale or contract details. 

And of course it is essential that individuals and organisations have appropriate e-mail security that’s current, patched and managed, as well as keeping up to date with the latest phishing trends and practices. Stay safe, in every way that matters.

When you think it can’t get worse!

Palo Alto Networks, an American multinational cybersecurity company, recently reported that the healthcare sector is at great risk of cyber-attacks due to the amount of equipment, including medical imaging devices, that are still running on outdated, unsupported operating systems.

The report highlighted that whilst some still run on Windows XP released in 2001, a bigger problem is the more recently released and popular Windows 7, which reached the end of its useful life in January of this year. Both systems have known vulnerabilities that could be exploited.

Hospitals using these old unsupported operating systems to run otherwise perfectly useable X-RAY and MRI machines, as well as CAT scanners, leaves them vulnerable to exploitation.

The machines which will no longer be receiving security updates are vulnerable to new threats and will be targeted by cybercriminals. Given the current healthcare crisis, an organisation might be expected to pay quickly if these machines were taken offline by a ransomware attack.

The report serves as an important and timely reminder to every organisation that whilst their attention is directed towards the health of their employees and maintaining business as usual with remote working, security has to be a major consideration, now more than ever.

Add your comment

The content of this field is kept private and will not be shown publicly.