Coronavirus now possibly largest-ever cyber security threat

Coronavirus now possibly largest-ever cyber security threat

Author: Alex Scroxton, Security Editor, Computer Weekly.

The total volume of phishing emails and other security threats relating to the Covid-19 coronavirus now represents the largest coalescing of cyber-attack types around a single theme that has been seen in a long time, and possibly ever, according to Sherrod DeGrippo, senior director of threat research and detection at Proofpoint.

To date, Proofpoint has observed attacks ranging from credential phishing, malicious attachments and links, business email compromise (BEC), fake landing pages, downloaders, spam, and malware and ransomware strains, all being tied to the rapidly spreading coronavirus.

“For more than five weeks, our threat research team has observed numerous Covid-19 malicious email campaigns, with many using fear to try to convince potential victims to click,” said DeGrippo.

“Criminals have sent waves of emails that have ranged from a dozen to over 200,000 at a time, and the number of campaigns is trending upwards. Initially, we were seeing about one campaign a day worldwide; we’re now observing three to four a day. This increase underscores just how appealing global news can be for cyber criminals.”

In the past week alone, a number of deeply concerning campaigns have emerged that appear to be targeting the critical healthcare, manufacturing and pharmaceutical industries. DeGrippo said she had observed a campaign originating from advanced persistent threat (APT) group TA505 – which was behind the Locky ransomware strain and the Dridex banking trojan – using coronavirus loads in a downloader campaign.

Downloaders are particularly dangerous threats because once they have been delivered and installed, they can download additional types of malware. The TA505 group is considered to be one of the more significant financially motivated threat actors currently operating.

Other campaigns targeting the healthcare sector include emails offering coronavirus cures or vaccines in exchange for bitcoin payment. Needless to say, this is a cover for a downloader, and once it is installed, victims will open themselves up for second-stage ransomware payloads…

To read the full article visit -

___________________________________________________________________________________________________________________________________________________ Why not subscribe for the DTX newsletter which is sent out every 2 weeks. ___________________________________________________________________________________________________________________________________________________

View more articles here