The novel coronavirus SARS-CoV-2 (COVID-19) has sparked creativity in many people, like the folks in Spain associated with the OxyGEN project who rapidly prototyped an automatic ventilator using a wiper blade motor to help produce a stop-gap solution for the mechanical ventilation shortage.
Unfortunately, we have seen cybercriminals reacting creatively as well. One manifestation is the sudden growth in domains containing the word “Zoom.” With the quarantine-induced explosion of Zoom customers, organizations (both legitimate and not) are moving quickly to capitalize on the web-conferencing product’s soaring name-brand popularity. This will almost certainly mean new phishing attacks against new folks learning to “Zoom.”
The Medical/Health Care industry is regularly a top target of hackers. The COVID-19 situation seems to have created an interesting divergence in attitude among ransomware groups. While some (e.g. Ryuk) seem to view this extraordinary situation as an opportunity, others have decided to back-off and give the health care community a break. In particular, the Maze Team, which tends to view its ransomware exploits as courageous acts of revealing truth (think Julian Assange and Edward Snowden), took the novel approach of publishing an official press release on 18 March, stating: “We also stop all activity versus all kinds of medical organizations until the stabilization of the situation with virus.”
The most recent FBI annual Internet Crime Report released in February indicates that business email compromise (BEC) and email account compromise (EAC) continue to be major attack vectors. Examples of typical criminal behavior involve vendor payments or HR updates to direct deposit info. Mix in the current situation and all the old hits are playing well as COVID-19-re-branded social engineering attacks.
New remote workers especially should be cautious when reading and dealing with COVID-19 related emails insisting on a (false) sense of urgency related to paying third party vendors, transferring funds, responding to (fake) government entities, and/or processing HR matters related to payroll. While there is a lot of goodwill out there in the world and folks willing to hustle to make a buck, there are plenty of malicious actors who only want to take a buck. Stay alert – stay secure.