Skip to main content

CYBER CRIMINALS PENETRATE EVERY PRIVILEGE. As Per Trending, Hackers Have Created Over 2200 Malicious Websites And Apps On Coronavirus (COVID-19) Related Phishing.




As the world comes to grips with the coronavirus pandemic, the situation has proven to be a blessing in disguise for threat actors, who've taken advantage of the opportunity to target victims with scams or malware campaigns.
Now, according to a new report published by Check Point Research today, hackers are exploiting the COVID-19 outbreak to spread their own infections, including registering malicious Coronavirus-related domains and selling discounted off-the-shelf malware in the dark web.

"Special offers by different hackers promoting their 'goods' — usually malicious malware or exploit tools — are being sold over the darknet under special offers with 'COVID19' or 'coronavirus' as discount codes, targeting wannabe cyber-attackers," the cybersecurity firm said.
COVID-19 Discounts: Exploit Tools for Sale
The report comes following an uptick in the number of malicious coronavirus-related domains that have been registered since the start of January.

             Coronaviruss Malware Domains.
"In the past three weeks alone (since the end of February 2020), we have noticed a huge increase in the number of domains registered — the average number of new domains is almost 10 times more than the average number found in previous weeks," the researchers said. "0.8 percent of these domains were found to be malicious (93 websites), and another 19 percent were found to be suspicious (more than 2,200 websites)."
Some of the tools available for purchase at a discounted price include "WinDefender bypass" and "Build to bypass email and chrome security."


                 Malwaree Attack.
Another hacking group, which goes by the moniker "SSHacker," is offering the service of hacking into Facebook account for a 15 percent discount with "COVID-19" promo code.

What's more, a seller that goes by the name of "True Mac" is selling a 2019 MacBook Air model for a mere $390 as a "corona special offer." It goes without saying the offer is a scam.
A Long List of Coronavirus-Themed Attacks
The latest development adds to a long list of cyberattacks against hospitals and testing centers, phishing campaigns that distribute malware such as AZORuIt, Emotet, Nanocore RAT and TrickBot via malicious links and attachments, and execute malware and ransomware attacks that aim to profit off the global health concern.
APT36, a Pakistani state-sponsored threat actor that targets the defense, embassies, and the government of India, was found running a spear-phishing campaign using Coronavirus-themed document baits that masqueraded as health advisories to deploy the Crimson Remote Administration Tool (RAT) onto target systems.
Researchers from security firm IssueMakersLab uncovered a malware campaign launched by North Korean hackers that used boobytrapped documents detailing South Korea's response to the COVID-19 epidemic as a lure to drop BabyShark malware. Recorded Future observed, "at least three cases where reference to COVID-19 has been leveraged by possible nation-state actors."
A COVID-19-themed malspam campaign targeted the manufacturing, industrial, finance, transportation, pharmaceutical, and cosmetic industries via Microsoft Word documents that exploits a two-and-a-half-year-old Microsoft Office bug in Equation Editor to install AZORult malware. The AZORult info stealer has also been distributed using a fraudulent version of the Johns Hopkins Coronavirus Map in the form of a malicious executable.
A fake real-time coronavirus tracking Android app, called "COVID19 Tracker," was found to abuse user permissions to change the phone's lock screen password and install CovidLock ransomware in return for a $100 bitcoin ransom.
Another phishing attack, uncovered by Abnormal Security, targeted students and university staff with bogus emails in a bid to steal their Office 365 credentials by redirecting unsuspecting victims to a fake Office 365 login page.
Comment spamming attacks on websites that contained links to a seemingly innocuous coronavirus information website but redirected users to dubious drug-selling businesses.
Aside from malware-laden spam emails, F-Secure researchers have observed a new spam campaign that aims to capitalize on the widespread mask shortage to trick recipients into paying for masks, only to send them nothing.
Staying Secure in the Time of COVID-19
It's amply clear that these attacks exploit coronavirus fears and people's hunger for information about the outbreak. Given the impact on the security of businesses and individuals alike, it's essential to avoid falling victim to online scams and practice good digital hygiene:
Businesses should ensure that secure remote access technologies are in place and configured correctly, including the use of multi-factor authentication, so that employees can conduct business just as securely from home.
Individuals should keep away from using unauthorized personal devices for work, and ensure "personal devices will need to have the same level of security as a company-owned device, and you will also need to consider the privacy implications of employee-owned devices connecting to a business network."
Watch out for emails and files received from unknown senders. Most importantly, check a sender's email address for authenticity, don't open unknown attachments or click on suspicious links, and avoid emails that ask them to share sensitive data such as account passwords or bank information.
Use trusted sources, such as legitimate government websites — for up-to-date, fact-based information about COVID-19.


THN
#osutayusuf
@osutayusuf

Comments

Popular posts from this blog

UGANDA ELECTORAL COMMISSION TO ELIMINATE NATIONAL IDENTIFICATION CARDS (IDs) FOR 2021 GENERAL ELECTIONS.

The elimination of using National IDs (Ndagamuntu) for the 2021 elections should not have come as a surprise. One would be very NAIVE to think that Bobi Wine has not prepared for this in his Business Plan under the RISK section. It is public knowledge that our EC is not independent.  It is also public knowledge that Military Dictator Yoweri Museveni will never lose an election. What stunned us this morning is when we noticed that on social media, people were mocking Bobi with his "get your Ndagamuntu".  We are on record for saying to all Our readers that the National ID is like Apartheid in South Africa. Students of History would know how those IDs were being used to arrest people, deny them jobs, deny them basic services. Consequently, Bobi was not wrong and will never be wrong on the Ndagamuntu. Except the ones attacking him and mocking him forget that in Uganda, now, no National ID (Ndagamuntu), no service.  If you have not been denied registering your child i...

Here is Why Our Utterances For Praying Jesus And God To Come Liberate Ugandans, May Be Misplaced. This Phrase is like inform of a Letter To Some Categorized Section Of Ugandans.

https://m.facebook.com/yusufosuta/photos/a.1896701010557789/2070383359856219/?type=3 OPEN LETTER TO NRM SUPPORTERS - NATIONAL ROBBERS MOVEMENT. .................................................................................. Last week of March, a friend told me to pray for Uganda.  I told him that he was an Idiot and we have prayed for too long and we are still hungry and sick and Jesus is not coming soon to liberate us. He then ignored the STUPID and sent me a picture we all now know.  It got me totally messed up.  This guy was telling me to pray then sends a picture of men bowing down in blood.  He might have meant guns but I blocked him because his utterances of praying for Uganda were misplaced. I unblocked him 3 weeks later and asked him about praying and assassinations.  His reply "eithrr prayers or guns or both". I hate violence with a passion.  So he is now blocked in like FOREVER. Do you feel safe?  Do not feel safe. Uganda regim...

The Full List of Permanent Secretaries Appointed by President Museveni.

By virtue of the Powers given to the President by Article 174 (2) of the 1995 Constitution of the Republic of Uganda, I hereby, appoint the following as Permanent Secretaries as indicated below: 1. Head of Public Service and Secretary to Cabinet- Lucy Nakyobe 2. Deputy Head of Public Service And Secretary to Cabinet - Deborah Katuramu 3. State House Comptroller - Jane Barekye 4. Principal Private Secretary to the President- Dr. Kenneth Omona 5. Principal Private Secretary to H.E. the Vice President - Alex Kakooza 6.  Office of the Prime Minister - Keith Muhakanizi 7.  Office of the President - Yunus Kakande 8.  Ministry of Agriculture, Animal - Industry and Fisheries David Kyomukama Kasura (Maj. Gen.) 9.  Ministry of Defence and Veteran Affairs- Rosette Byengoma 10. Ministry of Education and Sports -       Kate Lamaro  11. Ministry of Energy and Mineral Development -   Batebe Irene  12. Ministry of Foreign Affairs - Vincent Bag...