Hackers using Coronavirus chaos to trick people into downloading malware

The coronavirus (COVID-19) outbreak has cast a shadow on cyberspace as well. Subex, a Bengaluru-based firm that provides analytics to telecom service providers, said hackers are using the panic and confusion to trick employees and other stakeholders into downloading infected payloads or malware.
 
In a situation where many employees work from home or access wi-fi networks that operate at enterprise-level security, devices such as routers can be hacked to plant a range of malware into handheld devices used by employees.
 
“Such devices could be turned into zombies or bots and added to botnets or used to launch attacks on systems and networks it connects once the employee is back in the office,” said Prayukth K V, chief marketing officer, Internet of things (IoT), Subex.

Subex said this indicates a high level of adaptability as far as hackers are concerned. It said there were concerns that the outbreak could be used to breach networks and infrastructure components to either attack them immediately or leave a trojan (malware that misleads users of its true intent) or backdoor behind to use in the future.

 
Subex, through its honeypot network (a decoy computer system for trapping hackers) spread across 62 cities, has been tracking cyber attack trends and malware activity that can be correlated with the outbreak.
 
Its studies have shown that the number of cyberattacks in all sectors except healthcare and manufacturing have come down globally in the past 28 days. In addition, the unit price of malware and associated bot farms has also registered a 3 per cent decline over this period. However, the number of phishing attacks using emails, social media links and forwards on instant messaging platforms has shown a 39 per cent increase in India alone, according to the firm’s research team.

 
“There are emails containing subject lines such as ‘coronavirus emergency declared,’  ‘1,000 coronavirus deaths in last 16 hours’, and ‘this drug could save your life from corona’,” said Prayukth. “Emails seeking donations in the name of WHO (World Health Organization) have also been found.”
 
Subex said that in the last 4 months of 2019, hackers and APT (advanced persistent threat) groups had invested heavily in procuring malware. Subex said it had seen the introduction of some of these malware beginning December and January. From early February, the number of new malware detected including new variants showed a clear decline.

 
Also, about 23 common file extensions (including rar, zip, mp3, mp4, xlsx, docx, EPS) have been released by hackers in the last 26 days. These files have a malicious payload that could encrypt files, steal/exfiltrate data, and drop backdoors. These file types include, “corona_health_update.pdf (attributed to centres for disease control), origin-of-corona_cnn.mp4, covid19_mandatory_work_from_measures.pdf, corona_safety_alert.docx and secondary_corona_infections.pdf.”
 
Subex said the in-bound volumes of the infected files vary with healthcare announcements by governments.