Overview

Precisely in this time, when the global society in isolation and everything around us is more stressful than before, threat actors are leveraging the situation and doing what they do best, trick people. Since the Coronavirus became a global issue, we see malware and phishing campaigns abusing the global effort of dealing with this pandemic.

Our system constantly identifies phishing and malware campaigns, and lately we have detected some campaigns related to the COVID-19 pandemic. In these campaigns the attackers are taking an approach of posing as different health organizations around the world.

Perception Point identified those campaigns due to our advanced anti-spoofing mechanism along with data gathered by our Incident Response and Research teams.

Malware: Ostap/Trickbot spoofing the World Health Organization

In this example we can see a spoofing attempt to the World Health Organization:

The cover email along with spoofed display name

In this email above we can see the spoofing attempt to the World Health Organization. The attackers abuse the global hysteria and create a misrepresentation that the WHO contacts random people by email and attaches a document with official precautionary against the Coronavirus. Instead of the official document, the attacker attached a malicious word macro document that, if the recipient enables macros, would drop and run a JavaScript downloader that installs ostap/trickbot malware.

Credential Phish spoofing the “Department of Health”

In this example, we can see this Department of Health spoofing attempt:

The cover email along with spoofed display name

In this incident, the attackers want to leverage the fear of COVID-19 carriers’ presence by tricking the victim into clicking a link. The link poses as a legitimate government page. However, once the victim clicks on it, this well-designed outlook phishing page will show up:

Recommendations

  1. Stay alert. Although it seems even too cynical, attackers will continue to leverage our natural, human behavior to infiltrate your organizations to capitalize financial gains. Train your employees even in these troubled times.
  2. Scan all content, across channels. Attackers are waiting for the right moment to hit. Make sure you monitor and actively scan all inbound traffic to intercept any form of attack.
  3. Adopt tools with robust anti-spoofing capabilities. Only advanced email security measures can properly handle and prevent the new phishing and BEC attempts that “flourish” now.