Significant rise in coronavirus themed phishing emails
Cybercrime groups have been using the current global circumstances and everyone’s fears about the coronavirus to infect unsuspecting victims. The most common delivery method are phishing emails that have attachments or malicious links as payloads.
So far researchers have seen attachments in the form of RTF (Rich Text Format) files that infect the victim device with RATs (Remote Access Trojans). According to ThreatPost, the malware exploits a vulnerability in Equation Editor, a feature in Microsoft Word that creates complicated equations and “after the victim opens the specially crafted RTF document, and the Microsoft Word vulnerability is exploited, a malicious file (intel.wll) is dropped into the Microsoft Word startup folder (%APPDATA%\Microsoft\Word\STARTUP)”. The attacker can then download files, take screenshots of the device and map out the files and folders.
Files like these are not the only dangers and other malicious URLs and scams have been resurfacing, but all of them have the same common theme: they prey on our anxieties around the pandemic. Actors are impersonating the World Health Organization and other international and government organizations that would have news about the spread of the virus and tricking individuals into clicking the links and downloading files that can cause great financial losses for organizations of all sizes.
The groups behind these attacks seem to be sophisticated Advanced Persistent Threat groups, but it would not be surprising to see more individuals and smaller units exploiting the global hunger for more information about the pandemic.
As a business owner, you should use this time to warn your employees to be extra cautious about any coronavirus external emails they are receiving and renew or conduct your training on sophisticated phishing campaigns.
And if you need any help with this training or raising awareness within your organization about the threat of phishing, we’re an email away!