Shulou(Shulou.com)06/01 Report--

By hypernerve

Abstract: on the one hand, novel coronavirus is raging all over the world, but on the other hand, computer viruses are taking advantage of the chaos to do evil. For ordinary people, the COVID-19 epidemic is a disaster, but for hackers, it is an once-in-a-lifetime opportunity to spread the virus.

Key words: hacker network attack to steal data

Novel coronavirus spread around the world is worrying, but the hackers secretly rejoice, began a "carnival".

They are taking advantage of people's fear of novel coronavirus to commit crimes frantically. For example, email, App, spread malware to defraud money and information.

Countries with serious epidemics, such as Italy and the United States, have become the number one targets for hackers to take advantage of the opportunity to attack.

WHO and CDC suffered twice as many cyber attacks as usual.

In the past few days, a number of network attacks and malware with the theme of COVID-19 have swept the world.

During this period, authoritative health organizations such as the World Health Organization (WHO) and the Centers for Disease Control and Prevention (CDC) of the United States have borne the brunt and become the focus of attacks by hackers.

The World Health Organization (WHO official website) has been hacked many times in recent years.

Earlier this month, hackers tried to hack into WHO, Reuters reported. Although the intrusion was unsuccessful, WHO said it had suffered twice as many cyber attacks as in the past, including attempts to mimic WHO's internal email system to obtain employee passwords.

Tencent Security threat Intelligence Center also recently detected that hackers forged CDC as the sender and delivered the document with a vulnerability in Office formula editor to the target user's mailbox, and the recipient opened the document on a computer with a vulnerability in Office formula editor (CVE-2017-11882), which may trigger the vulnerability to download commercial remote control Trojan Warzone RAT.

Focus: guard against three types of network attack routines

At present, network attacks using COVID-19 can be divided into the following three categories:

1. Phishing email

Phishing is one of the most common attack techniques. After COVID-19 's confirmed cases began to increase in January this year, email phishing activities using COVID-19-related inductive headlines appeared almost at the same time.

Health organizations such as WHO and CDC have become prime targets, observing attackers using important security files or infection maps as bait to trick users into clicking on URL or downloading files.

In February this year, a user launched a theme on XSS, a famous Russian cybercrime forum, to promote a new phishing routine with COVID-19 as the theme.

The subjects of these emails include industry-specific analysis reports and details of official government health recommendations, as well as sellers who provide masks or other operational and logistics information during this period.

XSS publishes phishing fraud scheme related to COVID-19

Claims to send malware disguised as a virus heat map

The phishing scheme spreads malware through email attachments disguised as a map of virus outbreaks, which contain real-time data from WHO. The map itself is an imitation of a legitimate map created by the Johns Hopkins University Center for Systems Science and Engineering (CSSE).

The scheme is priced at $200 or $700 if the buyer also needs an Java CodeSign certificate.

Another phishing scam is an official email pretending to be WHO.

The email contains a link to a file said to be about preventing the spread of the virus, but when clicked by the victim, it goes to a malicious domain name that is trying to obtain a certificate.

Phishing scam impersonating the World Health Organization

Such messages usually contain several syntax and format errors that attackers can use to narrow the scope of victims and bypass spam filters.

two。 Malicious application

Although Apple has restricted COVID-19-related apps in its App Store and Google has removed some of them from the Play store, malicious applications are still unstoppable.

The US domain name hosting website DomainTools has found a website that urges users to download an Android application that provides tracking and statistical information about COVID-19, including infection heat maps. However, the application is actually equipped with blackmail software aimed at Android, now called COVIDLock.

COVIDLock targets Android devices

Lock the screen and blackmail in exchange for unlocking. The picture shows the ransom notice of the software.

The software's ransom notice requires $100 in bitcoin within 48 hours and threatens to delete the victim's contacts, pictures and videos, as well as the phone's memory.

DomainTools reports that COVIDLock-related domains have previously been used to distribute porn-related malware.

3. Insecure terminal

Because a large number of employees are currently working remotely, there is an increased risk around endpoints and people who use endpoints.

If employees do not update their systems regularly, devices that employees use at home may become more vulnerable.

Working from home for long hours may also encourage users to download shadow applications to their devices or ignore the security policies they usually follow in the office.

Some people who choose to work in cafes may still be vulnerable to theft, lost equipment or man-in-the-middle attacks.

WHO strategy: how to prevent phishing?

For all kinds of network attack methods, WHO has issued relevant prevention methods to the majority of users in time.

WHO warns that online fraud can trick people into clicking on malicious links or opening attachments through WhatsApp.

The only donation appeal currently issued by World Health Organization (WHO) is the COVID-19 Solidarity Emergency response Fund (COVID-19 Solidarity Response Fund), with the following link:

Https://www.who.int/emergencies/diseases/novel-coronavirus-2019/donate .

Therefore, any other funds or donations from World Health Organization (WHO) is a hoax!

In addition, WHO also gives detailed precautions against e-mails sent by online anglers in case of COVID-19 emergencies:

Be careful to provide sensitive information, such as user name or password

Carefully review the domain name before clicking the link

Carefully review the sender's mailbox before opening the email attachment.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.