This update is a reminder to warn staff to remain vigilant against such activity, particularly as many workplaces encourage staff to work remotely, reducing the likelihood of face to face and telephonic communications (which increases the effectiveness of scams).
As at 11 March 2020, the World Health Organisation (WHO) reports there are currently 118,326 cases of COVID-19 confirmed across 114 countries, with the outbreak officially now classified as a pandemic.
We know that cybercrime peaks in times of crises or significant world events, with cyber criminals capitalising on public concern and confusion. In Australia we have seen this most recently with the bushfires and other headline news stories.
Security researchers have identified that since January 2020, over 4,000 coronavirus related domains have been registered globally, estimating that 3% (120) are malicious and 5% (200) are suspicious. We expect this trend to continue.
These domains can be used to set up fake websites. Using social engineering techniques, scammers can then act under the guise of experts claiming to provide credible information about the virus, offers for vaccinations, advertisements for prevention of the disease, and set up donation platforms.
Typically the scams will invite a user to provide sensitive information for later misuse, pay money into the criminal's account, or click on dangerous links and attachments. Once the link or attachment has been opened, there is a risk that the user's system can be compromised.
In February 2020, the UN Health Agency reported that phishing emails appearing to come from WHO are circulating. If clicked through, users are requested to enter user credentials (i.e. email and password) thereby providing cyber criminals with the keys to access that user's online systems. More information is available here and here.
More recently, security researchers have identified a phishing email with the subject line "Coronavirus Updates" circulating, which attaches a malicious executable disguised as an Excel spreadsheet (titled "MyHealth.exe"). If opened, malware is downloaded capable of capturing screenshots of the user's desktop, monitoring clipboard, keystroke logging, clearing browser cookies, and downloading and executing files. More information is available here.
In Italy, a 'regionalised' spam campaign has been identified leveraging concerns in this growing hotspot. The well drafted email lures recipients into opening a document and clicking through links to "Enable Content". Once clicked, malware is downloaded including well known banking Trojan Trickbot. More information is available here.
Finally, in Japan, a spam campaign has been identified which lures users into responding to malicious emails containing attachments which, if opened, executes the well-known Emotet Trojan. We have previously written extensively about Emotet here. More information about the scam is available here.
Awareness: as a starting point, warn your employees of the potential that they may come across malicious websites and advertisements or receive malicious emails.
Educate: train staff not to click on malicious links or attachments. If employees are unsure, they should speak with your IT team or the sender of the communication to confirm the communication it is legitimate.
Prepare to respond: more generally, organisations should also ensure that as part of their COVID-19 business continuity planning, steps are taken to increase the access and identity controls in place to create a secure yet effective environment for remote working. This includes enforcing secure VPN connections to critical digital assets, implementing multi factor authentication over key applications, and strengthening password requirements.
More information about protecting yourself from scams is available on the ACCC's website here. You can also visit the Clyde & Co Coronavirus Information Hub for wider guidance on responding to the evolving global situation.
Clyde & Co has the largest dedicated and rapidly expanding cyber incident response practice in Australia and New Zealand. Our experienced team have dealt with over 700 data breach and technology related disputes in recent times, including a number of the largest and most complex incidents in Asia Pacific to date.
From pre-incident readiness, breach response, through to defence of regulatory investigations and proceedings, as well as recovery actions against wrongdoers, we assist clients in Asia Pacific across the full cyber lifecycle. Our team is also highly regarded for their expertise and experience in managing all forms of disputes across sectors including advising on some of the most newsworthy class actions commenced in Australia.
Our 24 hour cyber incident response hotline or email allows you to access our team directly around the clock. For more information, contact us on: