UPDATED 22:15 EST / MARCH 16 2020


Remote workers targeted with coronavirus phishing campaigns and malware

With millions of people worldwide being asked to work from home due to the ongoing spread of the coronavirus, scammers are targeting remote workers with phishing campaigns and malware.

In one phishing campaign detailed by security researchers at Mimecast Threat Intelligence, hackers are targeting remote workers with a credential-stealing scam (below) that takes employees to a faked OneDrive login, preying on human error through the compromise of employee accounts and organizational network pages. So far Mimecast’s Threat Intel team has seen more than 300 examples of the campaign.


“We see that threat actors are keeping up with the daily developments concerning the coronavirus,” the researchers wrote. “As the pandemic continues to spread and more and more people are made to work from home, we are seeing more phishing emails that are trying to trick users into giving their credentials through a faked login page.”

Threat actors are said to be actively using the pandemic to attempt to compromise individual’s accounts and organization’s networks. “The potential for human error will inevitably increase in the coming weeks and we expect to see more of these phishing attempts in the coming days and weeks,” the researchers added.

The U.K. National Cyber Security Centre has issued a warning that a range of attacks are being perpetrated online as cybercriminals seek to exploit the virus, officially known as COVID-19. Phishing is at the forefront, with scammers using bogus emails claiming to have important updates.

“With a large part of the workforce moving to working from home and many schools going to online learning during the pandemic, expect to see a rise in phishing and malware attacks,” Lamar Bailey, senior director of security research at cybersecurity firm Tripwire Inc., told SiliconANGLE. “It is a great time for schools and employers to remind their employees and students of basic internet hygiene to go along with the increased focus on personal hygiene. Wash your hands and don’t click on suspicious links.”

If phishing scams weren’t bad enough during a global pandemic, a new strain of Android malware has been discovered that also puts remote workers at risk. Dubbed “Cookiethief” by Kaspersky Lab, the cookie-stealing Trojan acquires root rights on a victim’s device then transfers cookies used by the browser and Facebook app to the cybercriminal’s server. The stolen cookies can be used to obtain a unique session I.D. that can identify the user without a password and login, giving those behind the malware access to accounts.

“With employees now working fully remote, security teams must be able to rapidly deploy secure remote connectivity at scale,” said Mike Riemer, chief security architect at secure access provider Pulse Secure LLC. “Without the appropriate enterprise class tools enabling this growing remote workforce, employees will connect with their teammates using personal apps, like Facebook Messenger, despite the serious security risks associated with these types of consumer based apps.”

In the case of Facebook Messenger, he added, cybercriminals have discovered a means to compromise social media accounts without ever alerting users or Facebook. That leaves enterprises vulnerable should the employee turn to Messenger to connect with colleagues.

“A zero-trust approach to remote connectivity would ensure that the employees devices were secure and met corporate security policies, prior to any intellectual property being allowed onto the device, or to flow through the device,” he said. “Enhanced security policies seamlessly enforced on the employees devices during these remote connectivity sessions, will enhance the enterprise security posture, as well as ensure that all endpoints — even new ones introduced during remote work — are protected.”

Image: Tumisu/Pixabay

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy