{"id":17916,"date":"2020-03-17T20:33:47","date_gmt":"2020-03-18T04:33:47","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2020\/03\/17\/news-11649\/"},"modified":"2020-03-17T20:33:47","modified_gmt":"2020-03-18T04:33:47","slug":"news-11649","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2020\/03\/17\/news-11649\/","title":{"rendered":"Attackers Taking Advantage of the Coronavirus\/COVID-19 Media Frenzy"},"content":{"rendered":"
\n
\n
<\/div>\n<\/p><\/div>\n
\n

FortiGuard Labs<\/a> Threat Analysis Report<\/b><\/p>\n

For the first quarter of 2020, coverage on the Coronavirus\/COVID-19 outbreak has dominated the 24-hour global news cycle. Government leaders, scientists, and health professionals worldwide suggest that this is not merely an epidemic, but a potential pandemic crisis. As individuals worldwide fixate on this global health emergency, combining legitimate sources and news feeds with rampant rumors and amateur reports on social media, bad actors know that events like this are the perfect opportunity for exploitation.\u00a0<\/p>\n

And the easiest and fastest way to exploit a target, whether an individual or an organization, is through social engineering attacks. These attack vectors are the fastest to spin up, and have the highest rate of return. This is especially true as drive-by downloads become less common due to security vendors improving response times and security posture by the timely patching of vulnerabilities. And social engineering attacks are especially attractive because, regardless of whatever technological security measures in place, the human psyche is the weakest link in any security systems as it is the easiest to exploit.<\/p>\n

Coronavirus-related Threat Activity<\/h2>\n

Over the past several weeks, FortiGuard Labs has been observing a significant increase in both legitimate and malicious activity surrounding the Coronavirus. We\u2019ve seen benign emails containing documents with guidance from HR departments, to emails from distribution companies selling masks, gloves, and other protective equipment that at first appeared to contain suspicious links, but in fact have been benign as well.\u00a0<\/p>\n

And we and other threat researchers have documented malicious attacks leveraging the Coronavirus outbreak theme. Threat findings via OSINT channels have yielded multiple themes, such as those appearing to be reports from trusted sources, such as governmental agencies, news outlets, etc. but that were actually malicious. It is also important to note that we are likely only scratching the surface on observable attacks as this is a global outbreak, and most of our observations have been in English or languages utilizing ASCII (ISO-8859) characters.\u00a0<\/p>\n

The issue has now become so problematic that the World Health Organization (WHO) recently issued a statement on their website titled,\u00a0Beware of criminals pretending to be WHO<\/i><\/a>.\u00a0<\/i>The UN also recently added an\u00a0advisory<\/a>\u00a0on the 29th<\/sup>\u00a0of February as well reminding citizens to be vigilant of such scams.<\/i><\/p>\n

First Wave of Attacks<\/b><\/h3>\n

As the news cycle continues to accelerate, there have been reports of ranging from phishing and SMS phishing attacks to a host of others too many to list in this blog. For the purpose of this blog, we are going to stick to the more well-known actors and their campaigns to highlight that even the professionals are getting in on the frenzy.\u00a0<\/p>\n

First reported at the end of January by various security vendors, Emotet was one of the first campaigns to have leveraged the Coronavirus scare to spread itself further. Other recent attacks discovered by security researcher\u00a0@issuemakerslab<\/a>\u00a0include a malicious Word doc written in Korean by the threat actors behind BABYSHARK, (North Korea):<\/p>\n<\/p><\/div>\n