Understanding Trends in Coronavirus Related Scams

Coronavirus themed phishing campaigns are up by 667% as attackers continue to prey on the underlying anxiety surrounding the pandemic    

As the world grapples with the ongoing pandemic, threat actors have taken it upon themselves to leverage the worldwide “work from home” experience by running online scams to further their own ends. Starting from spreading malware via phony Covid-19 maps, and emails to selling duplicitous products claiming to help or cure patients afflicted with the virus, bad actors leave no stone unturned. Before we take a look at how to prevent falling for such crimes, let’s dig deeper into the kinds of scams and go over some recent trends in cybercrime in light of the pandemic.

The Types of COVID-19 Themed Attacks Launched by Cybercriminals

Online frauds are not a novelty, but there has been a massive increase in such cases as those looking to make a quick buck take advantage of the general public anxiety surrounding the pandemic. Aside from several companies attempting to sell fraudulent products like teas, essential oils, or alternate medicines alleging to alleviate or cure coronavirus, here’s a list of some other scams doing the rounds.

• Fake websites – The beginning of March saw a boom in the registration of coronavirus linked domains, many of which are malicious. With people searching the web for information and fake websites luring them with fraud cures, domain registries are under pressure to prevent these sites from going live and are trying to push back.
• Email phishing campaigns – Phishing emails that imply an association with WHO or in the form of CDC (US Centers for Disease Control and Prevention) alerts, informative content, donation scams, etc. attempting to get users to download a document or click on a link had peaked in April. Still, according to Lastline researchers, there were very few new campaigns. Nevertheless, attackers used the pandemic to push the existing campaigns harder than before.
• Financial scams – McAfee reports on how pandemic related keywords are utilized to bait users to click on anything from fake UPI-based payment links to attachments that download malware onto the device. Additionally, the SEC has also issued a warning about investing in any product or company that claims to prevent, detect, or cure coronavirus since the potential for fraud is extremely high. IRS has issued warnings against tax frauds and schemes that promise to rush payments under the federal CARES Act. Other coronavirus financial scams aim for small businesses offering bogus government aids, relief funds, or quick capital.
• Malware – Coronavirus-themed malware attacks such as overwriting the master boot record with the hacker leaving their Discord contact details behind, are gaining popularity. Phishing websites like the one where fraudsters have created a coronavirus map that steals sensitive information by infecting the site visitors with the AZORult trojan are also becoming a lot more common.

5 Disturbing Trends to Keep an Eye On

There’s a lot of data from losses incurred to Covid-19 related attacks that you can look into to better understand the impact of the pandemic. Here’s a list of five such trends:

• According to IBM’s threat intelligence group, IBM X-Force, there has been an increase of 6000% in Covid-19 themed scams since it was declared as a pandemic by the World Health Organization. According to this report, coronavirus-themed domains are 50% more likely to be malicious than other domains that have been registered during this time.
• According to a study conducted by the Ponemon Institute, 1 in 4 organizations don’t have an incident response plan.
• Gartner’s survey of 145 legal and compliance leaders revealed that 52% of them were concerned about third-party security risks since the pandemic. Since vendors are also relying on a remote workforce, it that might expose organizations to potential attacks and introduce compliance irregularities.
• Due to the economic impact of the pandemic, the cybersecurity market is expected to grow at a slower rate of 6.2% per year to 2023.
• Ransomware attacks increased by 148% in March, and spikes in attacks can be correlated with the COVID-19 news cycle.

Threats to Your SAP Systems from Online Scams

Phishing remains one of the most prominent ways in which malware is distributed – from links that will download code once you click on them to malicious attachments containing embedded malware that threatens to compromise the security of your system.

• Spear phishing attacks are those where the attackers make it personal by pretending to be someone you know and trust. These are successful because, against our best judgment, we don’t stop to inspect message headers or question the legitimacy of the message. When it comes to attachments, it is common practice to stop certain filetypes from executing. While SAP filters detect and block some file extensions, attackers may yet incorporate malicious content into seemingly innocuous files with extensions like .docx, .pdf, etc. to bypass SAP’s built-in filters. It is far more resilient to have the application server determine the MIME-type based upon the content of the file rather than its extension.
• Another favorite for attackers is the Polyglot file – a document with multiple formats at the same time. For instance, GIFRAR files are both GIF and RAR, and for an application that doesn’t allow uploading RAR files but has no such constraints against GIF, it can be used to bypass upload restrictions.
• SAPCAR (SAP’s proprietary tool for handling archive files) archives have been the target of directory traversal attacks since they use absolute pathnames. Combining this with other attacks like improper certificate validation can give rise to Man-in-the-Middle scenarios affecting older versions of the SAP Download Manager tool. SAP introduced secure mechanisms by enforcing the use of digital signature on archive files. Updating your infrastructure and SAPCAR to their latest version on all systems reduces the risks.

How to Safeguard Against Coronavirus Phishing Scams

Now that we’ve discussed the various types of attacks and some general trends, let’s look at what we can do to protect our personal data and secure our systems.

• Create Awareness among your employees – Keep your staff up to date about the latest ways in which phishing campaigns are being launched and how they can take advantage of the widespread fear of the pandemic.
• Share official informational resources – Sharing legitimate resources like government websites and official media pages that answer their queries and addresses their concerns can help to keep people away from malicious sites.
• Use the right security software – Secure your environment by investing in some basic security tools like anti-malware, anti-virus, IDS/IPS, etc. Consider creating third-party backups, regularly update your software, make use of email signing certificates, and be mindful of your security requirements based upon your network setup.
• Use whitelists to allow required file types – Restrict uploads and downloads to allow limited files and create exceptions on a need basis when required.

Wrapping Up

Though it can get confusing, if proper procedures are followed, and sources are verified before taking action (like downloading a file, transferring money, sharing sensitive information, etc.), it can safeguard you against falling victim to such crimes.

• Inspect message headers when you receive an email to verify its legitimacy.
• The same goes for phone calls and other sources where you can fall into the trap of social engineering attacks.
• Authenticate using code words or phrases before sharing sensitive or business information with your colleagues.
• Get your information from reliable sources, use sound judgment, and beware of offers that are too good to be true.