As we perceive the arisen pandemic brought great changes in the status quo, rules, and best practices from the economy through healthcare to IT sector.
People are alarmed, scared, or even in panic. Numerous companies already had or currently transitioning their everyday work to Home Office environments (RDP,VPN). Hence the borderline between the corporate infrastructure (as a target) and the employee’s home network is becoming more and more blurred.
As with all major world events (economic crisis, terrorist attacks, etc.), cybercriminals and assailants have been feasting on the occasion. Since the outbreak of COVID-19 (SARS-CoV2) in January, there has been an exponential increase in the number of attacks, malware that provide either information (COVID19 Tracker app, CovidLock ransomware), or protection, cure, prevention advice, that take advantage of the fundamental pillars of human nature (curiosity, fear, need for safety).
Some of the recently discovered attacks, campaigns (extended list here):
A spear phishing campaign by a Pakistani government-sponsored team (APT36) focusing on Indian defense, foreign missions and government infrastructures. It has been using an active coronavirus health advice document to deliver the Crimson Remote Administration Tool (RAT) to the target machine.
Students and university employees are the target of a phishing attack that attempts to obtain target Office 365 login credentials from fake email addresses by redirecting them to a fake Office 365 login page.
A serious malspam campaign has been launched against industry, finance, shipping, pharmaceuticals and cosmetics. The attachment is an MS Word document that uses a 2.5-year-old bug (Equation-Editor) to deliver the AZORult malware to the target machine.
North Korean hackers have launched a malware campaign, with transfer documents namely containing South Korea’s response to the COVID-19 outbreak to deliver BabyShark malware to the target machines of unsuspecting (and irresponsible) victims.
Comment-spamming attacks hit many comment sections that link to pages that appear to contain credible coronavirus information, but the users is being redirected to various drug dealers pages after clicking.
A fake real-time coronavirus-tracking Android application, ‘COVID19 Tracker’ requests user permissions to be able to change its lock screen password / pin and install CovidLock ransomware. It requires $ 100 bitcoin for decryption. The good news is that the unlock key is hard-coded, so readable 🙂
In addition to the above, there are a growing number of sites offering special ‘corona’ discounts on laptops, masks, disinfectant products that do not fulfill your order after payment. Here too, the eternal rule applies: ‘if it is too good to be true, it’s not’.
How secure your Home Office / Remote Desktop Access environment is?
Are your soultions trustworthy?
Are the data of your company and of employees secured despite of the changed working conditions?
We are here to help you answer the questions above with our Offensive Division’s Home Office specific security assessment solutions!
Regarding our Home Office packages we will provide more information soon on https://www.blackcell.io