UPDATED 22:15 EST / MARCH 16 2020


Remote workers targeted with coronavirus phishing campaigns and malware

With millions of people worldwide being asked to work from home due to the ongoing spread of the coronavirus, scammers are targeting remote workers with phishing campaigns and malware.

In one phishing campaign detailed by security researchers at Mimecast Threat Intelligence, hackers are targeting remote workers with a credential-stealing scam (below) that takes employees to a faked OneDrive login, preying on human error through the compromise of employee accounts and organizational network pages. So far Mimecast’s Threat Intel team has seen more than 300 examples of the campaign.


“We see that threat actors are keeping up with the daily developments concerning the coronavirus,” the researchers wrote. “As the pandemic continues to spread and more and more people are made to work from home, we are seeing more phishing emails that are trying to trick users into giving their credentials through a faked login page.”

Threat actors are said to be actively using the pandemic to attempt to compromise individual’s accounts and organization’s networks. “The potential for human error will inevitably increase in the coming weeks and we expect to see more of these phishing attempts in the coming days and weeks,” the researchers added.

The U.K. National Cyber Security Centre has issued a warning that a range of attacks are being perpetrated online as cybercriminals seek to exploit the virus, officially known as COVID-19. Phishing is at the forefront, with scammers using bogus emails claiming to have important updates.

“With a large part of the workforce moving to working from home and many schools going to online learning during the pandemic, expect to see a rise in phishing and malware attacks,” Lamar Bailey, senior director of security research at cybersecurity firm Tripwire Inc., told SiliconANGLE. “It is a great time for schools and employers to remind their employees and students of basic internet hygiene to go along with the increased focus on personal hygiene. Wash your hands and don’t click on suspicious links.”

If phishing scams weren’t bad enough during a global pandemic, a new strain of Android malware has been discovered that also puts remote workers at risk. Dubbed “Cookiethief” by Kaspersky Lab, the cookie-stealing Trojan acquires root rights on a victim’s device then transfers cookies used by the browser and Facebook app to the cybercriminal’s server. The stolen cookies can be used to obtain a unique session I.D. that can identify the user without a password and login, giving those behind the malware access to accounts.

“With employees now working fully remote, security teams must be able to rapidly deploy secure remote connectivity at scale,” said Mike Riemer, chief security architect at secure access provider Pulse Secure LLC. “Without the appropriate enterprise class tools enabling this growing remote workforce, employees will connect with their teammates using personal apps, like Facebook Messenger, despite the serious security risks associated with these types of consumer based apps.”

In the case of Facebook Messenger, he added, cybercriminals have discovered a means to compromise social media accounts without ever alerting users or Facebook. That leaves enterprises vulnerable should the employee turn to Messenger to connect with colleagues.

“A zero-trust approach to remote connectivity would ensure that the employees devices were secure and met corporate security policies, prior to any intellectual property being allowed onto the device, or to flow through the device,” he said. “Enhanced security policies seamlessly enforced on the employees devices during these remote connectivity sessions, will enhance the enterprise security posture, as well as ensure that all endpoints — even new ones introduced during remote work — are protected.”

Image: Tumisu/Pixabay

Since you’re here …

Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!

Support our mission:    >>>>>>  SUBSCRIBE NOW >>>>>>  to our YouTube channel.

… We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.