As the pandemic responsiveness increasingly gives way to many chaotic situations, scammers are busy teeing up malware to take advantage of internet users’ heightened craving for information about the coronavirus.
Researchers published a threat analysis report detailing the tactic in which hackers use “coronavirus maps” to steal information of users including user names, passwords, credit card numbers and other info stored in a browser.
In a blog post, Reason Labs’ cybersecurity researcher Shai Alfasi revealed that he found and analyzed how this malware weaponized coronavirus map apps in order to swipe credentials and other stored sensitive data. “Attackers can use this information for many other operations as well, such as selling it on the deep web or for gaining access to bank accounts or social media.”
The new malware activates a strain of malicious software known as AZORult, an information-stealer first discovered in 2016, which appropriates browsing history, cookies, ID and passwords, cryptocurrency and more. Attackers can then use this information for many other operations as well, such as selling it on the deep web or for gaining access to financial accounts or social media. Alfasi added it can also download additional malware onto infected machines.
Alfasi also described an AZORult variant, commonly offered on Russian underground forums for gathering sensitive information from infected computers, that generates a new, concealed administrator account on the infested machine in order to allow remote desktop protocol connections.
“The (coronavirus) is going to impact a lot of organizations through cybercrime, as well as more general economic loss. People not used to working from home are more likely to have their guard down and will naturally be attracted to phishing sites such as this infection map,” Colin Bastable, CEO of security awareness training company Lucy Security, said. Bastable noted while security teams focus on technology, bad actors focus on hacking people’s emotional responses with social engineering techniques closely aligned to marketing methods.
Additional employees working from home during this crisis also present more risks, Bastable conveyed. “Remote workers may inadvertently introduce major threats as a result of the disruptions from the virus outbreak. Patching people through heightened security awareness training will address up to 97% of the risk from cybercrime during this period of enhanced risk. We should anticipate major losses from CEO fraud, ransomware attacks and credential harvesting over the next few months.”
Chris Rothe, co-founder and chief product officer at security operations company Red Canary, also commented: “In general, attackers are looking for a vulnerability to deliver their attack. In this case, people’s fear over the virus is the vulnerability attackers will look to capitalize on.” Rothe pointed out if an individual is concerned or stressed about the virus they are less likely to remember their security training and more likely, for example, to click a link in a phishing email or give their credentials to a malicious website.
“Users are the weak link in every security program,” Rothe emphasized. Because a situation like the coronavirus amplifies that weakness, business leaders should remind their employees of their security training and call out the fact that attackers will use coronavirus as an opportunity. “Social engineering is all about leveraging the emotions of the target and fear is arguably the most powerful human emotion.”