Document 1: Information about the prevalence of new Coronavirus infections/ Check Point Research
"This specific campaign leverages the COVID-19 pandemic to lure victims to trigger the infection chain," CPR concluded.
Additionally, state-sponsored hackers from China, Russia and North Korea have also been discovered deploying COVID-19-themed cybercrime attacks, ZDNet reported last week.
Chinese cybersecurity firm QiAnXin Technology discovered phishing emails disguised as official notices from the World Health Organization and the Center for Public Health of the Ministry of Health of Ukraine.
One such fraudulent email went viral, spreading misinformation about the virus and creating mass chaos in Ukraine, according to a Feb. 20 BuzzFeed report.
The WHO recently sent out a statement regarding these cyberattacks that are disguised as official WHO notices, saying, "Criminals are disguising themselves as WHO to steal money or sensitive information. If you are contacted by a person or organization that appears to be from WHO, verify their authenticity before responding."
The statement added that the WHO will never ask people for usernames or passwords, send unrequested email attachments, ask people to visit a link outside www.who.int, charge money to those who want to apply for a job, ask people to register for conferences or conduct prize-winning lotteries and games via email.
South Korean cyber-security firm IssueMakersLab similarly discovered a North Korean state-sponsored email attack disguised as an official COVID-19 information email that contained malware-infected, downloadable files.
In one last example reported by ZDNet, Vietnamese cyber-security firm VinCSS discovered a phishing email from a Chinese state-sponsored hacking group that appeared to come from the Vietnamese Prime Minister.
Hackers often seize trending online topics like COVID-19 in scam emails, texts and phone calls as a way to get potential victims' attention and install malware on their devices or gain access to sensitive information.
To avoid falling victim to these kinds of realistic-looking scams, Alfasi shared two tips.
WHAT IS 'PHISHING'?
"First of all, there is no need to download anything because the map is online," Aflasi said. "Second of all, they need to have some AV [anti-virus] protection, because there is no protection for these kinds of vulnerabilities."
Users should avoid getting any kind of COVID-19 related information via email and instead go directly to the source like the websites for WHO and the Centers for Disease Control and Prevention.
In terms of anti-virus protection, while it is necessary for workplaces to have this in place, one way users can prevent malware from infecting their devices without paying for AV protection is simply by keeping devices and applications up to date. So, next time you get a notification on your phone or computer that says, "Your device is ready for an [X] update," make sure to allow the update to happen rather than dismiss the notification.
Additionally, Alfasi said being aware that these kinds of fraudulent graphics and emails exist in the first place is "the key to solving this issue." If users are aware that their information is at stake by clicking on something that does not come from a trusted source, they can easily avoid falling victim to malware.
Victims of cyberattacks and phishing emails can report their experiences to the FBI, the Cybersecurity and Infrastructure Security Agency and the Federal Trade Commission, as well as their own email providers like Google and Microsoft.
CLICK HERE TO READ MORE ON FOX BUSINESS
Read Full Article