SECURITY
SECURITY
SECURITY
COVID-19-themed cyberattacks continue to proliferate
Despite reports in March that those in the hacking community were encouraging others to not take advantage of the COVID-19 pandemic, the number of cyberattacks has continued to rise, according to new research from Palo Alto Networks Inc.’s Unit 42.
The researchers found that COVID-19-themed attacks, particularly phishing attacks, continue to surge. The company said it’s now tracking multiple campaigns with COVID-19 themes being used by threat actors on a daily basis and this trend is likely going to continue for weeks to come.
Although there are have been several cases of coronavirus attacks detailed, the researchers dug deep on two specific campaigns.
The first is a ransomware variant called EDA2 that has targeted a Canadian government healthcare organization and a Canadian medical research university. Detected between March 24 and 26, the campaign started with malicious emails that pretend to come from the World Health Organization complete with fake WHO address. Those targeted were individuals associated with a Canadian government health organization actively engaged in COVID-19 response efforts and a Canadian university conducting COVID-19 research.
The emails included a malicious rich text format or RTF phishing lure that was pretending to be a COVID-19 related Word document. Once open, the document attempts to deliver a ransomware payload using a known Microsoft Windows vulnerability.
The second campaign also involves attempts to take advantage of the coronavirus pandemic in luring victims to click on malicious attachments. In this case, the targets were those in healthcare, pharmaceutical and government.
The attachments involved “droppers” that were variants of the AgentTesla family. AgentTesla has been around since 2014 and steals information from an infected computer.
“It is clear from these cases that the threat actors who profit from cybercrime will go to any extent, including targeting organizations that are in the front lines and responding to the pandemic on a daily basis,” the researchers conclude.
Image: Palo Alto Networks
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
