Coronavirus Cyberattacks: The Parallel Digital Infection

Coronavirus Cyberattacks: The Parallel Digital Infection

In this article, we examine the new wave of coronavirus cyberattacks and phishing attacks. Why should your enterprise feel concerned over these attacks in particular? What do these attacks look like? 

Coronavirus cyberattacks and phishing emails represent another in a long line of threats based on a real-world catastrophe. After all, panic over a crisis like a coronavirus doesn’t promote rational thinking. Instead, it promotes confusion, fear, and irrationality—the perfect atmosphere for a campaign of digital attack.

Here’s what you need to know. 

Coronavirus Cyberattacks and Phishing

Endpoint security provider Check Point discovered over 4,000 coronavirus-related domains (domains with references to the coronavirus). Of those, Check Point determined malicious domains made up around 3 percent. Another 5 percent proved suspicious. While this may not seem an overwhelming percentage, researchers say this makes coronavirus-related domains 50 percent more likely to be dangerous. 

Therefore, plenty of these domains can provide the launchpad for coronavirus cyberattacks. Indeed some of the worst of these attacks involve hackers posing as the World Health Organization (WHO) or the Centers for Disease Control (CDC). After all, your employees are going to look for authoritative resources to help them through these troubled times.

This is what hackers look to exploit. For example, researchers reported at least one malware campaign involving a PDF. According to the phishing email, this PDF contains coronavirus safety measures. Instead, clicking on the PDF executes a malicious malware backdoor that can execute keylogging and other activities. 

Remember How to Spot a Phishing Email

Coronavirus cyberattacks resemble other phishing attacks. On the one hand, this can prove a problem, as phishing attacks are devastatingly effective. On the other, it means that the same methods of preventing and mitigating other attacks can work here. 

The WHO issued a warning about phishing attempts posing as them. Your business can learn a lot about how to fight coronavirus cyberattacks from this post. First, immediately treat emails concerning the coronavirus as suspicious. Actually, you should treat all emails with healthy suspicion. 

First, do not trust PDFs, email attachments, or links that arrive via email. Neither the WHO or the CDC include unsolicited email attachments. Additionally, neither the WHO nor the CDC will link to pages outside their own organizations. In fact, your employees should vet any links they receive via email before clicking on it. If they feel doubts, they should seek out the page by manually connecting to the page in a separate browser page. The same applies to any phone numbers in suspicious emails—go to the legitimate webpage and use that number. 

Second, healthcare organizations like WHO or the CDC do not ask for direct donations for any reason. Immediately ignore any such requests. Further, these organizations do not conduct lotteries or offer prizes or grants through email. These activities should trigger red flag warnings and prompt your IT security team to investigate.                   

Third, look for errors. While some phishing attacks can pass for legitimate users, others reveal themselves as frauds on a second look. Look for spelling mistakes, discolored or otherwise “off” logos, or any message that promotes panic or confusion. No health organization, and no legitimate business, would send out messages with these errors. Also, you should verify the email address of the sender. If it doesn’t match legitimate emails, don’t click.                       

Never Trust, Always Verify, Don’t Panic

Again, whether the suspicious message focuses on coronavirus or another concern (like a credentials update), exercise caution. If you are unsure of the legitimacy of a request for personal information, call the institution directly through a verified number. Always question why an individual or institution needs this information: does it make sense? 

If someone in your company does fall for a coronavirus cyberattack, don’t panic. Immediately change their credentials and evaluate all of their permissions. Look to see what may have been accessed using their permissions and run incident response. But keep a cool head and take the steps necessary to protect your business. 

These are trying times. Make the right call for yourself and your employees. 

Learn more about protecting against phishing attacks and other malware in our Endpoint Security Buyer’s Guide

Follow me

Ben Canner

Editor, Cybersecurity at Solutions Review
Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
Ben Canner
Follow me