Criminals, Rogue Nations Using COVID-19 To Distribute Malware

Attackers are continuing to use concerns over COVID-19 to distribute ransomware and malware, including for smartphones. While the healthcare sector is perhaps at the greatest risk from these attacks, criminals are using the panic as a widespread opportunity.

Attacks include the usual suspects: cybercrime operators looking to make a fast buck – for example, by demanding a ransom to unlock crypto-locked systems – as well as nation-states seeking to sow chaos. Recently the U.S. Department of Health and Human Services saw increased scanning of its network and potentially a distributed denial-of-service attack.

Expect increased attacks in the name of COVID-19. Key points to keep top of mind are:

  1. Verify your defenses, including monitoring and alerting capabilities
  2. Keep an eye on operational impacts of increased numbers of remote workers
  3. Be prepared to alter your definition of normal due to modified working arrangements

Malicious Mobile Apps
Attackers have also been deploying malicious Android apps with COVID-19 themes. This includes CovidLock, a newly spotted Android ransomware designed to lock victims’ screens until they pay a ransom.

Attackers offered a malicious real-time update app via the domain, which pulled information from the legitimate, for tracking U.S. COVID-19 news, and featuring a banner encouraging users to install the app.

If users download and install the app, it requests full access to a user’s device by asking if you want to enable the application in Accessibility to monitor COVID-19 stats. Once a user allows CovidLock’s request, this permission provides nearly full control of the device to CovidLock.

The ransom being demanded CovidLock is 0.011 bitcoins, equivalent to $100 when the app was coded, but now just worth $60 because the COVID-19 pandemic has led to a dramatic drop in the value of cryptocurrencies.

As with most cyber threats, some simple precautions remain the best defense. Make sure your employees aren’t downloading or clicking on suspicious links or apps, and with any large financial requests, make sure that there is reliable verification.

If you have any questions about the evolving cyber threats or what your bank can do to protect itself call, ITPAC today.