Reports indicate that hackers are still using domains related to popular remote, collaborative working platforms to target users working from home with phishing scams during the lockdown.
Domains
Almost as soon as the lockdown started, there were reports at the beginning of April by Cybersecurity company ‘Check Point’ that there had been a major increase in new domains registered that included the word ‘Zoom’ and other suspicious characteristics. It was also reported at the time that the official classroom.google.com website had been impersonated by googloclassroom.com and googieclassroom.com.
Zoom, Teams, and Meet
The most recent Check Point Research shows that scammers have widened their attack strategy by registered domains not just to pose as Zoom, but also as Microsoft Teams, and Google Meet-related URLs.
Check Point Research reports that, in just the last 3 weeks, 2,449 Zoom-related domains have been registered, 32 of which are malicious and 320 categorised as “suspicious”
WHO Impersonated
Check Point Research also shows that scammers have been sending phishing emails posing as the World Health Organisation with malware attachments and asking for donations to the WHO where any payments made go into known, compromised bitcoin wallets.
The WHO now has a page warning about the risk of being targeted with fraudulent email and WhatsApp messages by scammers taking advantage of the COVID-19 pandemic and claiming to be from the WHO. The page gives advice about how to verify authenticity before responding and how to spot and prevent phishing. See https://www.who.int/about/communications/cyber-security
Nation-State Cyber Espionage To Steal COVID-19 Research
In a more sinister turn, the UK’s National Cyber Security Centre (NCSC) has reported that UK universities and scientific institutes involved in COVID-19 research are being targeted with cyber espionage by nation state-sponsored actors e.g. Russia, Iran, and China, allegedly looking for information about studies conducted by UK organisations related to the COVID-19 pandemic.
Protection
Ways that users can protect their computers/devices, networks and businesses from these types of threats, as suggested by Check Point, include being extra cautious with emails and files from unfamiliar senders, not opening attachments or clicking on links in emails (phishing scams), and by paying close attention to the spelling of domains, email addresses and spelling errors in emails/on websites. Check Point also suggests Googling the company you are looking for to find their official website rather than just clicking on a link in an email, which could redirect to a fake (phishing) site.
What Does This Mean For Your Business?
Cybercriminals are quick to capitalise on situations where people have been adversely affected by unusual events and where they know people are in unfamiliar territory. At the moment, people are also divided geographically and are trying to cope with many situations at the same time, may be a little distracted, and may be less vigilant than normal. As long as the pandemic continues, these types of scams also look set to continue and evolve. It is also shocking (but perhaps not surprising) to see how nation states appear to be sponsoring attacks on each other’s research institutions to get an advantage in defeating COVID-19.
The message to businesses, however, is that extra vigilance is still needed and that all employees need to be very careful, particularly in how they deal with emails from unknown sources, or from apparently known sources offering convincing reasons and incentives to click on links or download files.