Cyber lure is a key social engineering tactic employed by state-sponsored and financially motivated cybercriminals.
CrowdStrike Intelligence has seen both cybercriminals (what it calls eCrime actors) and nation-state threat actors using social engineering tactics to target people’s fear and disinformation surrounding the global COVID-19 outbreak.
In a statement, the cybersecurity company said: “We have observed this quite often as cyber adversaries take advantage of large events or issues, such as the coronavirus outbreak, to benefit themselves – whether it’d be financially motivated or they are targeting people’s critical data or assets.
“Recently, we observed MUMMY SPIDER (an eCrime actor we track), capitalizing on the ongoing coronavirus outbreak by using the epidemic as a spam email theme. The emails were sent using an email thread-hijacking technique and ultimately led victims to download Emotet malware samples. Thus far, the identified emails have predominantly used Japanese language and spoofed the Kyoto Prefectural Yamashiro Minami Public Health Centre. This targeting was not limited to only Japanese targets.”
More on COVID-19 cyber-threats:
- Going a-phishing with COVID-19
- Coronavirus “safety measure” email a phishing scam
- Cybercrooks helping to do Covid-19 contact tracing?
- The corona virus fallout has reached the Web
The other threat actor CrowdStrike found taking advantage of the coronavirus epidemic recently was from a Chinese-based adversary group, tracked under the name PANDA.
The group used ‘lure and decoy’ content to distribute a Remote Access Tool. PANDA is known to primarily target government and political entities.
“While technology is clearly critical in the fight to detect and stop intrusions, the end-user remains a critical link in the chain to stop breaches,” said CrowdStrike. “User awareness programs should be initiated to combat the continued threat of phishing and related social engineering techniques, especially during this period.”
So how could we avoid falling victim to these scam attempts? Evan Dumas, Regional Director, Southeast Asia, Check Point Software Technologies, offer these recommendations for safe online behavior:
- Ensure you are ordering goods from an authentic source. One way to do this is NOT to click on promotional links in emails, and instead Google your desired retailer and click the link from the Google results page.
- Beware of “special” offers. An 80% discount on a new iPhone or “an exclusive cure for Coronavirus for $150” is usually not a reliable or trustworthy purchase opportunity.
- Beware of lookalike domains, spelling errors in emails or websites, and unfamiliar email senders.
- Protect your organization with a holistic, end to end cyber architecture, to prevent zero-day attacks.