Situational Awareness – Coronavirus Scam Highlights

It’s no surprise that COVID-19-related issues are continuing to be used in cyber criminals’ activities, such as with the lures in phishing emails sent to victims. But the scale of the COVID-19-related cyber attacks continues to astound, with IBM’s Security Intelligence reporting it has seen a significant spike in this activity on a week-to-week basis. It adds that its teams have not seen such a high number of cases on a single topic in the past. Since March 1 to date, IBM’s Security Intelligence reports it has seen a 5,000-plus percent increase in COVID-19 spam. It encourages organizations and end users to be even more vigilant in this new era, educating themselves about emerging threats and spam ploys to keep networks safe even while most staff members are not on-site. According to recent reporting by Proofpoint, some of the latest activity includes ready-made COVID-19-themed phishing templates that mimic government websites, such as for the World Health Organization (WHO), the U.S. Centers for Disease Control and Prevention (CDC), and the government of Canada, among others. The Proofpoint report includes screenshots of these templates, providing an invaluable orientation. Cybersecurity expert Graham Cluley comments further on these templates; he also discusses a Trojan whose name, “Company PLP_Tax relief due to Covid-19 outbreak CI+PL.jar”, suggests it may have been spread via a COVID-19-themed phishing campaign, perhaps one of the ones featuring a fake government website.