Multiple threat actors around world, including government sponsored threat groups, continue to leverage interest in the COVID-19 pandemic to attract victims, according to the Secureworks® Counter Threat Unit’s (CTU) latest Threat Intelligence Executive Report.
Government-sponsored threat groups have tailored their lures to exploit global interest in COVID-19. For example, COPPER FIELDSTONE targeted Indian citizens with a malicious Excel file that delivered malware capable of stealing files and system data; BRONZE PRESIDENT targeted Taiwanese citizens with a phishing lure that delivered a fully featured attacker toolkit, the report states.
While CTU researchers observed ransomware attacks targeting organizations in healthcare-related industries, there is no indication that this is a broad change in targeting. The threat groups operating the ransomware likely continue to opportunistically identify targets across all industries. However, threat actors recognize that healthcare organizations are under particular pressure due to the pandemic and therefore could be more susceptible to extortion.
Meanwhile, low-sophistication phishing, smishing (phishing via SMS), and other scam activity continues. Cybercriminal phishing campaigns with coronavirus-themed lures include a coronavirus “antivirus” website delivering a previously unknown remote access tool for the BlackNET botnet, a compressed file that drops information-stealing malware (also known as an infostealer), and an email that combines World Health Organization (WHO) and Centers for Disease Control and Prevention (CDC) branding to deliver an infostealer.
Threat actors are also exploiting the increased use of teleconferencing solutions as employees work from home during the pandemic. Attackers are spoofing teleconference provider applications to deliver malware and are creating malicious domains imitating providers such as Zoom, Microsoft Teams, and Google Hangouts.
The latest Threat Intelligence Executive Report from Secureworks’ CTU confirms that threat actors continue to opportunistically leverage the COVID-19. Secureworks is bringing best-of-breed solutions to help all types of organizations, from healthcare and education providers, to governments and private companies, do their best as they seek to navigate these challenges times.
However, Secureworks CTU added that while a slight increase in scanning and other activity levels began in mid-April, there has been “very little change” in the overall threat faced by most organizations as of the publication of the Threat Intelligence Executive Report.
The Secureworks® Counter Threat Unit™ (CTU) research team analyses security threats and helps organizations protect their systems. During March and April 2020, CTU™ researchers observed notable developments in threat behaviours, the global threat landscape, and security trends, and identified lessons to consider.