Friday, March 5, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Nasty phishing scams aim to exploit coronavirus fears

March 6, 2020
in Internet Security
Nasty phishing scams aim to exploit coronavirus fears
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

How to protect yourself from a worldwide password-stealing campaign
Danny Palmer explains that researchers have discovered a mysterious phishing campaign attempting to steal usernames and passwords from government departments across North America, Europe and Asia. Here’s what we know – and how it could be stopped. Read more: https://zd.net/2LQ7S5Q

Cyber criminals are aiming to take advantage of fears over coronavirus as a means of conducting phishing attacks and spreading malware, along with stealing login credentials and credit card details.

You might also like

Ransomware as a service is the new big problem for business

Microsoft: We’re cracking down on Excel macro malware

Twitter and Twitch added to list of those concerned with Australia’s Online Safety Bill

Cybersecurity companies have identified a number of campaigns by hackers who are attempting to exploit concerns about the COVID-19 outbreak for their own criminal ends. Crooks often use current affairs to make their scams more timely.

Researchers at Sophos have identified a Trickbot banking trojan campaign specifically targeting Italian email addresses in an attempt to play on worries about the virus. The phishing email comes with a Word document which claims to contain advice on how to prevent infection – but this attachment is in fact a Visual Basic for Applications (VBA) script which drops a new variant of Trickbot onto the victim’s machine.

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)    

The message text claims to offer advice from the World Health Organization (WHO) in a Word document which claims to be produced using an earlier version of Microsoft Word which means the user needs to enable macros in order to see the content. By doing this, it executes a chain of commands which installs Trickbot on the machine.

As a banking trojan, Trickbot is primarily used to steal confidential information from victims – but once installed on a machine, it can also be used as a surrogate for installing other forms of malware, be that for the initial attacker, or leased out to other cyber criminals.

“The cybercriminals behind Trickbot are likely skilled attackers who leverage the concern of the day to scare people into clicking. While this is in Italy now, we would expect a similar attack in other countries where fears of COVID-19 outbreaks are high,” said Chester Wisniewski, principal research scientist at Sophos.

“The best approach to avoid this type of cyberattack is to turn off macros, be extra cautious about what you click, and delete email that is suspicious or from an unexpected source,” he added.

SEE: Cybersecurity: Let’s get tactical (ZDNet/TechRepublic special feature) | Download the free PDF version (TechRepublic)

Researchers at Fortinet have identified a separate coronavirus phishing campaign which claims to come from delivery company offering an update on the impact of the virus is having on its operations.

The email has the subject ‘Coronavirus Customer Advisory Issue’ and comes with what claims to be a PDF attachment, but is in fact an executable file. If the user runs this, Lokibot malware is installed on the machine.

Like Trickbot, Lokibot is primarily a trojan which creates a backdoor into Windows systems for stealing sensitive information from victims including including usernames, passwords and bank details via the use of a keylogger.

Fortinet recommends that organisations regularly apply patches to networks in order to ensure that malware like Lokibot can’t take advantage of known vulnerabilities to install itself onto machines. They also recommend that organisations train users to be suspicious of unexpected emails asking for action.

Researchers at Proofpoint have also identified a number of coronavirus themed hacking campaigns which install malware including Emotet, NanoCore and Azorult onto their machines and provide attackers with a means of stealing personal data and backdoor access into corporate networks.

“Overall, these latest examples serve as a reminder that users should be watchful and exercise caution where coronavirus-themed emails and websites are concerned,” said Sherrod deGrippo, senior director of threat research and detection at Proofpoint.

The World Health Organization has issued its own warning about crooks and scammers posing as the global health body and taking advantage of current events to for their own advantage.

“Criminals are disguising themselves as WHO to steal money or sensitive information.  If you are contacted by a person or organization that appears to be from WHO, verify their authenticity before responding,” said a WHO statement.

A common attack detailed by the WHO involves cyber criminals sending emails which claim to be a representative from the organisation and asking the potential victim to click a link, open an attachment or simply hand over sensitive information such as usernames and passwords.

However, the WHO has said that it will never send emails asking people to login to view information, open unexpected attachments or enter financial information to donate directly to causes.

The body has also asked people to check the address the email is coming from, stating that WHO communications only come from @who.int email addresses and that anything claiming to be the WHO sent from any other domain should be regarded with suspicion. The WHO has set up a link where you can report suspected scams.

READ MORE ON CYBERSECURITY

 


Credit: Zdnet

Previous Post

Michel Rauchs, CCAF: On Libra, Bitcoin power consumption, and learning from history

Next Post

Autonomous vehicles can be fooled to 'see' nonexistent obstacles

Related Posts

Ransomware as a service is the new big problem for business
Internet Security

Ransomware as a service is the new big problem for business

March 5, 2021
Microsoft: We’re cracking down on Excel macro malware
Internet Security

Microsoft: We’re cracking down on Excel macro malware

March 4, 2021
Twitter and Twitch added to list of those concerned with Australia’s Online Safety Bill
Internet Security

Twitter and Twitch added to list of those concerned with Australia’s Online Safety Bill

March 4, 2021
Google patches actively exploited Chrome browser zero-day vulnerability
Internet Security

Google patches actively exploited Chrome browser zero-day vulnerability

March 4, 2021
High severity Linux network security holes found, fixed
Internet Security

High severity Linux network security holes found, fixed

March 4, 2021
Next Post
Autonomous vehicles can be fooled to ‘see’ nonexistent obstacles

Autonomous vehicles can be fooled to 'see' nonexistent obstacles

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Six courses to build your technology skills in 2021 – IBM Developer
Technology Companies

Is your Cloud infrastructure securely configured? Does your DevSecOps pipeline integrate ibm-terraform compliance checks? – IBM Developer

March 5, 2021
Ransomware as a service is the new big problem for business
Internet Security

Ransomware as a service is the new big problem for business

March 5, 2021
Google Will Use ‘FLoC’ for Ad Targeting Once 3rd-Party Cookies Are Dead
Internet Privacy

Google Will Use ‘FLoC’ for Ad Targeting Once 3rd-Party Cookies Are Dead

March 5, 2021
AI and machine learning’s moment in health care
Machine Learning

AI and machine learning’s moment in health care

March 4, 2021
The Examples and Benefits of AI in Healthcare: From accurate diagnosis to remote patient monitoring | by ITRex Group | Mar, 2021
Neural Networks

The Examples and Benefits of AI in Healthcare: From accurate diagnosis to remote patient monitoring | by ITRex Group | Mar, 2021

March 4, 2021
Welcome to events Thursdays: Thursday’s daily brief
Digital Marketing

Welcome to events Thursdays: Thursday’s daily brief

March 4, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Is your Cloud infrastructure securely configured? Does your DevSecOps pipeline integrate ibm-terraform compliance checks? – IBM Developer March 5, 2021
  • Ransomware as a service is the new big problem for business March 5, 2021
  • Google Will Use ‘FLoC’ for Ad Targeting Once 3rd-Party Cookies Are Dead March 5, 2021
  • AI and machine learning’s moment in health care March 4, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates