Reader Advisory

Some articles posted in The SlickMaster's Files may contain themes, languages, and content which may neither appropriate nor appealing to certain readers. READER DISCRETION is advised.

Monday, April 27, 2020

Pandemic hits both online and offline worlds as cybercriminals use COVID-19 for their malpractices

04/23/2020 01:23:04 PM

The coronavirus pandemic has been one hell of destruction in the world today. With two million cases accumulated globally, the said health scare has caused massive disruption for months and still continues to pose a real-life threat to humans across the globe. 


However, the invisible risk didn't just cross the physical world as researchers from global cybersecurity firm Kaspersky have found potential risks in cyberspace, though not as sick as what it is offline. 

“Is the pandemic only a physical threat to us or has the virus become a threat in the cyber domain too? Any big trend or any big event on the physical world will always have a reflection on the cyber domain,” said Vitaly Kamluk, director for Global Research and Analysis Team (GReAT) Asia Pacific at Kaspersky.

In an online webinar dedicated to media from the Asia Pacific (APAC), Kamluk cited a lot of factors on how COVID-19 has disturbed the normal IT ecosystem of organizations in the region and on the global stage as well.

The different forms of quarantine measures resulted in more staff bringing work computers to arguably unprotected home networks. This trend of working from home widens the surface of attack cyber criminals can exploit. It also turned the usual consumer protection to an enterprise concern as an increased number of employees access their companies’ assets and networks through their vulnerable personal devices.

It is also understandable that companies have to proactively cut budgets by choose cheaper cybersecurity solutions, and having lost the ability to do incident response on location in case of a cyberattack in the process.

Social engineering attacks have also become easier during the global chaos as more people became gullible by falling for simple tricks which cybercriminals are well aware of it. In fact, Kaspersky researchers have detected a seven-year-old malware in Vietnam and in some countries in APAC resurrected through its automated behavior and made relatable just by adding “hot phrases” related to the current coronavirus situation.

After spotting the self-propagating malware in the wild, Kamluk noted that it automatically adapts to COVID-19 pandemic as a computer parasite piggybacking on the coronavirus being a hot topic and used as a “carrier” for the cyber counterpart.

“Using the names and popular terms related to the current pandemic simply elevated the probability of these worms to be opened by another user after it was copied to a network share or a USB drive,” he added.

Listed below are the names of the detected malware files:
  • BC rut kinh Nghiem COVID.exe
  • Tuyen truyen dich COVID 19.exe
  • 2KH CXUNG KICH COVID.exe
  • KE HOACH COVID GIAI DOAN 2.2020. chuan.exe


Automatic translation from Vietnamese:
  • BC learned from experience COVID.exe
  • Propagating translation COVID 19.exe
  • COVID PLAN GIAI DOAN 2.2020. standard.exe


Threat Dynamics: Peaks and lows suggest cybercriminals are also humans

In terms of web threats, Kaspersky has also monitored a steady increase of Internet-borne malware from last week of January to mid-March. Interestingly, though there was a consistent decline from then on until the first week of April. Kamluk's analysis cited it was the time period when the European Union and other countries started implementing social distancing, strict quarantine, and stay-at-home measures.

“The government measures affect the cybercrooks, as well, because they are humans, too. They have to stay at home. I am not sure if they go to the office but they also have to take care of their everyday living, like restock their food supplies, running around looking for popular demands such as toilet paper. These did affect their business for sure as we see the number of blocked threats went down.”

Another factor that resulted in the d companies closing down at first. Operations were halted due to the absence of remote working tools and policies.

When it comes to COVID-19-related threats between the periods of February to the first week of April, Kaspersky has observed four malware campaigns where cybercriminals were distributing infected URLs and files massively.

Likewise, there are drops during the weekends. This is because people working from home also follow their regular office hours or business schedules, keeping their laptops and work emails untouched during Saturdays and Sundays. In turn, this results in lower online activity and fewer email exchanges.

In terms of email scams, Kamluk showed a couple of examples that prove how cybercriminals are unethically riding on the pandemic. The Kaspersky executive also noted that cybercriminals keep on exploring other means to infect users, such as avoiding the usual .zip and .rar files which are usually blocked by security solutions.

The top topics being used to scam people are:
  • Government orders
  • Money reimbursements coming from government or employer
  • Promise of the vaccine
  • Offerings for home test-kits
  • Impersonation of medical institutions and staff
  • Charity and donations
  • Virus infection tracking apps for mobile
  • Investment and stock offerings
  • Medical supplies in high demand – such as face masks and sanitizers
  • Government financial support initiatives


Hope in the time of coronavirus

While cybercriminals will continue to use the pandemic for their financial gain and personal interest, Kamluk has also shared how cybersecurity professionals are uniting to stop the online crooks on their tracks.

He, through this Kaspersky press release, shared about the COVID-19 CTI League which is a non-profit, voluntary focus group made up of more than 150 different individuals and organizations across the globe which try to take down fake websites, detect coronavirus-related malware, as well as offer incident response in case of an attack. Kaspersky is part of this group, alongside other researchers and individuals from the government, academia, and private organizations.

The challenge in terms of responding in case of an attack can also be assisted by Bitscout. It is an open-source and free tool developed by Kamluk himself for all people interested in digital forensics and cyber investigations. It aims to help organizations especially law enforcement agencies to conduct incident response and analysis without traveling.

For those interested, there will be free online training about this tool on Monday, 28 April 2020. Find out more about Bitscout here: https://bitscout-forensics.info

Author: slickmaster | © 2020 The SlickMaster's Files
By at
Labels: , , , , , , ,

No comments:

Post a Comment

Feel free to make a comment as long as it is within the bounds of the issue, and as long as you do it with decency. Thanks!

Subscribe to: Post Comments (Atom)