Capture computers, steal passwords, extort money: criminals exploit the hectic reactions to the corona crisis. Newcomers to home offices ...
Capture computers, steal passwords, extort money: criminals exploit the hectic reactions to the corona crisis. Newcomers to home offices are, particularly at risk.
How Cybercriminals Are Now Exploiting Corona Fear
Not only the average medium-sized company - even the large companies in Silicon Valley are struggling with problems when changing their work under pandemic conditions. Another branch, on the other hand, quickly adapted to the new situation: cybercriminals of all kinds are trying to take advantage of the fear and confusion among the population.In early March, security specialist Shai Alfasi from Reason Labs discovered a program that promises to clearly present the current number of cases of the Coronavirus. In fact, the program appears to display the Johns Hopkins University infographics on the state of the pandemic, which has been cited in recent weeks - but in addition, the program also acted as malware.
"The Azorult Trojan is usually traded in Russian underground forums," Alfasi writes in his analysis. Once a user has activated it, they will search for all information that can be turned into money: passwords, for example, credit card information or even information about cryptocurrencies. Thanks to the modular principle of such Trojans, they can easily be adapted to new occasions.
Same trick, different platform: DomainTools found an Android app that also pretended to display the latest figures on the spread of the new coronavirus.
Anyone who installed the program on their smartphone was soon exposed to a blackmail attempt: the app blocked the device and offered the user the release for a payment of $ 100. Fortunately, the program was so poorly programmed that security researchers could quickly crack and publish the decryption key.
Two cases, probably hundreds. Internet criminals have been trying to exploit attention to the epidemic since January: For example, the World Health Organization (WHO) warns against fake emails that are said to contain health tips or documents with security measures but to cheer users off malicious malware or otherwise want to steal information from them.
No new attack campaigns yet exposed
Since January we have been seeing that both cybercriminals and - we assume - state-sponsored spy campaigns are using the subject of Covid-19 as bait in phishing emails," explains Jens Monrad from IT security company FireEye. In the event of phishing attacks, attachments are sent by e-mail, the opening of which triggers the downloading of malware, with the help of which attackers can gain access to a computer or even entire company networks.Another variant tries to lure users to fake websites where the user name and password are to be entered. In view of the current uncertainty and the high level of information required by many people with regard to the new coronavirus, simple attacks like this promise success.
The Federal Office for Information Security (BSI) has so far recorded no increase in cyber attacks. "Rather, attackers use the current occasion to make their spam emails more interesting," explains a government spokesman. This is a phenomenon that occurs again and again on special occasions - such as the bargain weeks around Black Friday and Cyber Monday, but also during major sporting events.
Essentially, well-known malware programs that were previously disguised as video players or sold as cell phone games are now being distributed under the guise of corona information. However, such attacks can have serious consequences. The university clinic in Brno, Czech Republic, for example, was partially paralyzed by such an attack. In recent years, several hospitals around the world have also been infected with so-called ransomware, which is software that encrypts internal databases in order to extort a ransom. "Users in unfamiliar surroundings are easier to fool"
Phishing attacks are currently particularly attractive to attackers because many companies have currently sent most of their employees to their home office to prevent infection in the workplace. In many cases, this means a radical change: Many employees who were previously only allowed to work in the office are now being sent home with company laptops or even have to use their own computers. At their desk at home, they often have to see for themselves how to cope with new video conferencing software and unusual collaboration platforms without training.
Users who have to work in an unfamiliar environment are easier to deceive," The employees who have now switched to their home office have to click through many dialogues, the number of emails has increased significantly. It is therefore understandable that they open emails that at first glance appear legitimate.
A large part of the circulating malware is still sent via this route today. And the administrators of many medium-sized companies are currently working under enormous pressure: not only do they have to come to terms with many unfamiliar programs, but they also often lack the opportunity to train their employees on how to secure communication.
Improvised security
In addition, the usual security rules that apply in many companies can only be implemented at a lower level in the current hectic anyway. For example, when it comes to virtual private networks, thanks to which the communication via unsecured Internet infrastructure is encrypted and takes place in a kind of tunnel.
Many companies have bottlenecks in VPN licenses or have to upgrade their hardware so that all employees can dial into the company network," explains Aug. The companies are therefore faced with the choice of either denying their employees access to important resources such as internal software solutions, databases or the intranet for security reasons - which, however, makes decentralized work very difficult.
