The SARS-CoV-2 coronavirus outbreak and the COVID-19 illness are instrumental for cybercriminals. Both businesses and private users are a major cyberattack target due to chaos and panic that surrounds the coronavirus pandemic. Here is what we believe that organizations should do to maintain a high level of cybersecurity in this situation.

Scams, Phishing, and Malware in the COVID-19 Crisis

Most cybercriminal attacks during the COVID-19 pandemic focus on individual users. However, since most businesses switched to working remotely, employees effectively become such individual users, often missing the protection offered by their colleagues versed in cybersecurity. Therefore, it is very important that businesses fight this with education and good organization, not software.

Coronavirus Scams and Fighting Them with Education

Most coronavirus scams follow the same pattern. The cybercriminal does the following steps:

  1. Registers a legitimate-sounding domain
  2. Fills it with legitimate-sounding content related to COVID-19
  3. Attempts to extort money directly or provide malware to download
  4. Uses social engineering via social media and phishing emails to promote their fake site and get visitors

We’re sorry to break it to you but no software will be able to defend you against such scams. While domain-blocking lists in anti-malware software exist, they won’t be able to keep up with the number of new domains. The cybercriminals realize that their scams are going to be taken down quickly so they simply create new ones and aim for the “zero-day” effect. While cybercrime units are doing their best to take down fake websites as soon as possible, it’s never soon enough.

Therefore, the only efficient way to combat such scams is through education. You must make it very clear to all your remote employees on lockdown that they are to refrain from visiting any websites that relate to the virus unless these are provided by well-known authorities such as the World Health Organization, Google, Microsoft, etc. This simple rule will eliminate all scams that follow the pattern described above.

The Rise of COVID-19-Themed Malware and How to Spot It

The latest news report that security researchers are finding more and more cases of malware designed especially to take advantage of the coronavirus outbreak. This includes both desktop malware and Android/IOS malware. This malware almost exclusively follows one pattern: pretending to provide information or help with COVID-19. For example:

In general, themes are very similar to the ones used for scam websites. The real goal of these apps is to get the user to directly pay the cybercriminal for a service that does not exist or to act as typical malware: trojan horse, ransomware, etc. Ransomware attacks now often begin with the user downloading and installing a COVID-19-themed app, which then spreads dangerous malware to other systems, even via virtual private network connections.

Again, just like in the case of scams, there is no effective software that will be able to find new threats soon enough. Typical endpoint anti-malware solutions are important because they eliminate already known malware that has been tailored to take advantage of the coronavirus pandemic. However, anti-malware software will not be able to eliminate apps written from scratch such as the ones that extort money directly.

Phishing Attacks and the Security of Your Business

Owners of renowned websites and web applications, especially those in any way helpful at the time of the COVID-19 outbreak, are in even more danger now. Their web assets may become instrumental in phishing campaigns. All that is needed for a black hat hacker is a simple Cross-site Scripting (XSS) vulnerability.

An XSS vulnerability is one of several web vulnerabilities that let a black hat hacker use your domain as a phishing trap. They may send a phishing email with a link that seems to originate from your renowned domain but in reality, they are the ones who get control of the user who clicks the link: they may extract their session data or get them to download malware (of the type mentioned above).

In such a case, it’s your domain that gets blamed for this, which can have a huge impact on your reputation. And the problem is that you cannot stop such phishing attacks in any other way but by fixing the vulnerability as soon as possible. That is why we believe that web security at this time should be treated with paramount importance.

Black Hat Hackers Now Target the Healthcare Industry

Before the COVID-19 outbreak, we have already written about why malicious hackers set their sights on hospitals and other healthcare providers. However, the outbreak made the situation even worse. Healthcare is the primary target now for the following reasons:

  • All resources are being redirected to fighting the disease. This means that there are often not enough resources for security research teams to focus on threat intelligence or risk management – they are now often burdened with non-security-related tasks.
  • Due to a heavy load on the healthcare industry, mistakes are more likely to be made. Information security is always at its lowest when in chaos and there is a strong chance of chaos in the current situation.
  • Healthcare institutions are now more prone to quickly resolve ransomware situations by paying the ransom just to continue working against COVID-19. There is often no time for other types of incident response in such situations during the pandemic.
  • Data from healthcare institutions that fight COVID-19 is more sought after by third parties on the dark web because it can be believed to be useful for fighting the virus on their own – this is especially the case for totalitarian regimes that do not want to directly work together with the rest of the world.

Healthcare institutions are prone to all the attacks mentioned above (scams, phishing attacks, etc.) but also to direct attacks that aim to cause a data breach. This is where the importance of web security comes in. Unlike in the case of anti-malware software which is not too useful during this pandemic, web security software is just as effective as in any other situation and helps healthcare providers avoid web attacks.

Therefore, we firmly believe that in addition to education, security experts working for healthcare should now strongly focus on web security. And we’re helping them do that by providing complimentary Acunetix licenses to agencies fighting COVID-19 (announced last week).

Stay Safe, Stay At Home, Protect Your Websites and Web Applications

While we fully understand that security teams have a lot on their minds right now, we would again like to stress two facts:

  • Web security right now is even more important than ever and not only for the healthcare industry. We believe it is more important than network security and malware protection.
  • Anti-malware toolkits and other end-point protection tools are helpless against new malware and scams. Web vulnerability scanners still protect you just as well against web-related security risks, no matter how fresh the attack is.

We would like to again strongly encourage you to contact us for a quick demo (or for a complimentary license if you are a COVID-19 responder) and make sure that this situation does not affect your business even more adversely than it does already.

Tomasz Andrzej Nidecki
Principal Cybersecurity Writer
Tomasz Andrzej Nidecki (also known as tonid) is a Primary Cybersecurity Writer at Invicti, focusing on Acunetix. A journalist, translator, and technical writer with 25 years of IT experience, Tomasz has been the Managing Editor of the hakin9 IT Security magazine in its early years and used to run a major technical blog dedicated to email security.