When Technology Fails, It’s Up to Users to Stop the Spread of Malware – Coronavirus News Themed Malware Evading Detection

Malware authors are really good at modifying malware code to evade detection by antivirus and other security products, including artificial intelligence and machine learning security engines. They also predictably incorporate trending news for their lures. So it comes as no surprise that miscreants are currently using coronavirus-themed news to bypass detection technologies. Specifically, BleepingComputer recently observed Emotet and TrickBot samples using strings from actual CNN news stories in their malware files. With everyone working and learning from home, cyber attackers are leveraging theses added distractions in their social engineering tactics. While it is understandable that we are all watching the physical trends and doing our part to stop the spread, it is important to remind staff they also play a vital role in stopping the spread of the coronavirus-themed malware that may evade your organization’s blocking technologies. With countless organizations providing daily COVID-19 status updates and situational reports, it is crucial that we trust but verify before opening any emails that appear to be from legitimate or authoritative sources. Read more at BleepingComputer

Perch subscribers: WaterISAC is tracking specific coronavirus-themed campaigns reported by trusted third-parties, including Office 365 credential harvesting, Trickbot, and other phishing campaigns and entering custom indicators into Perch as appropriate. Perch users subscribed to the WaterISAC Community will be able to detect the custom/manually entered indicators within their environments. Likewise, Perch users are encouraged to enter their own malware sightings into Perch and share with the ‘WaterISAC Community’ for the benefit of all WaterISAC member organizations using Perch.