PREDICTIVE INTELLIGENCE
�
Skilled attackers are
good at leveraging
emotions to elicit
response to their
phishing attempts.
this trend towards more sophisticated
attacks continue.
Goals of the attackers ranged from
distributing malware to stealing
credentials and financial gain. One
new type of ransomware Barracuda
systems detected had even taken on
the COVID-19 namesake and dubbed
itself CoronaVirus.
Skilled attackers are good at leveraging
emotions to elicit response to their
phishing attempts, such as the ongoing
sextortion campaigns, which rely on
embarrassment and fear to scam people
out of money. With fear, uncertainty
and even sympathy stemming from
the Coronavirus COVID-19 situation,
attackers have found some key emotions
to leverage.
For example, one blackmail attack
claimed to have access to personal
information about the victim, knew their
whereabouts and threatened to infect the
victim and their family with Coronavirus
unless a ransom was paid. Barracuda
Sentinel detected this particular attack
1,008 times over the span of two days.
Scams
Many of the scams that Barracuda
Sentinel detected were looking to sell
Coronavirus cures or face masks or
asked for investment in fake companies
that claimed to be developing vaccines.
Scams in the form of donation requests
for fake charities were another popular
phishing method Barracuda researchers
have seen.
For example, one such scam caught
by the Barracuda systems claimed to
be from the World Health Community
(which doesn’t exist but may be trying
to take advantage of the similarity to
the World Health Organisation) and
asked for donations to a Bitcoin wallet
provided in the email.
Malware
A variety of common malware are
being distributed through Coronavirusrelated
phishing, especially modular
variants that allow attackers to deploy
different payload modules through
the same malware. The first malware
reported utilising Coronavirus was
Emotet, a popular banking Trojan, which
went modular last year. IBM X-Force
discovered Emotet being distributed in
Japanese emails, claiming to be from a
disability welfare provider. The phishing
emails contained a document which
downloaded and installed Emotet when
macros were enabled, a common practice
for malware
distribution
these days.
LokiBot is another
modular malware,
which often aims
to steal login
credentials and
data, and has been
distributed in at
least two different
Coronavirusrelated
phishing
campaigns that
Comodo has
tracked. One
campaign used
the premise of
attached invoices,
which contained
LokiBot, but added
an apology for the
delay in sending
the invoice due to
Coronavirus. The other campaign claimed
to be a news update and ‘one thing you
must do’ (a play on the common ‘one
weird trick’ hook common in spam),
which contained a link to the malware.
Barracuda systems have seen multiple
examples of emails using the invoice
premise, such as the one below, which
was detected more than 3,700 times.
Other notable information stealers
capitalising on COVID-19 include
34 Issue 26 | www.intelligentciso.com