Cybercriminals taking advantage of virus fears
Criminal groups are exploiting fears over the recent novel coronavirus outbreak in an email phishing campaign directed at the global shipping industry, according to a report issued Monday by a California-based cybersecurity firm.
Proofpoint said the new campaign uses emails with bogus Microsoft Word attachments that are designed to install a type of malware known as AZORult. AZORult has been around since at least 2016 and can be used to install ransomware, which is designed to lock legitimate users out of their computer systems until a ransom is paid.
“In these (coronavirus-related) attacks, we don’t see AZORult downloading ransomware currently,” Proofpoint said. “However, because of AZORult’s configurable nature and past use in conjunction with ransomware that remains a real threat.”
Proofpoint didn’t provide statistics on how many actual coronavirus-themed malicious emails have been detected or how much damage has been caused by coronavirus-themed malicious emails. U.S. cybersecurity firm Sophos said last week that it had learned of a scam that used faked emails pretending to be safety instructions from the World Health Organization.
“Fortunately, at least for fluent speakers of English, the criminals have made numerous spelling and grammatical mistakes that act as warning signs that this is not what it seems,” Sophos said in a blog post.
Proofpoint said that the narrowly focused campaign it detected seems to originate from Russia and Eastern Europe, but there’s no evidence linked to a known criminal group.