Hackers are once again taking advantage of concerns of COVID-19 by using fake coronavirus maps to infect visitors with malware.
Detailed Monday by cybersecurity researcher Shai Alfasi from Reason Cybersecurity Ltd., the fake maps were found to be attempting to infect unsuspecting visitors with the AZORult malware.
The malware, first discovered in 2016, is an information stealer that makes off with browsing history, cookies, ID/passwords, cryptocurrency and more. An AZORult variant, designed to create a new, hidden administrator account on the infected machine in order to allow Remote Desktop Protocol connections, was also detected.
Sold on Russian underground forums, AZORult was last in the news Feb. 5 when it was found to be one of several forms of malware that was being spread by the Atlassian Corp. Plc-owned git code hosting service Bitbucket.
Using coronavirus as an attack vector to target potential victims isn’t restricted to coronavirus-related maps alone. A report March 8 noted that scammers were taking advantage of the news through targeted phishing campaigns and scam websites. In one example, a Russian website was found to be offering “the best and fastest test for Coronavirus detection at the fantastic price of 19,000 Russian rubles (about US$300).” “Attackers are looking for a vulnerability to deliver their attack,” Chris Rothe, co-founder and chief product officer at security operators provider Red Canary Inc., told SiliconANGLE. “In this case, people’s fear over the virus is the vulnerability attackers will look to capitalize on.”
He added that “if an individual is concerned or stressed about the virus they are less likely to remember their security training and will be more likely to, for example, click a link in a phishing email or give their credentials to a malicious web site.”
Colin Bastable, chief executive officer of security awareness training company Lucy Security AG, noted that the virus will affect a lot of organizations through cybercrime, as well as more general economic losses.
“People not used to working from home are more likely to have their guard down and will naturally be attracted to phishing sites such as this infection map,” Bastable explained. “While security teams focus on technology, bad actors focus on hacking people’s emotional responses with social engineering techniques that are closely aligned to marketing methods.”
What’s more, he added, remote workers may inadvertently introduce major threats as a result of the disruptions from the virus outbreak. “Patching people through heightened security awareness training will address up to 97% of the risk from cybercrime during this period of enhanced risk,” he said. “We should anticipate major losses from CEO fraud, ransomware attacks and credential harvesting over the next few months.”
For those looking for coronavirus maps, the safest option is to use the map provided by Johns Hopkins University.
AAA Corporate Travel is dedicated to assisting our clients and business travelers during this difficult time through re-accommodations and industry travel updates. We continue to monitor the situation and keep in regular contact with our travel partners. Here is information on travel safety and industry updates to help travelers stay informed and make educated decisions about future travel.
While the majority of major hotel groups are limiting policy changes only to travelers coming from or traveling to affected countries in Asia or Italy, some hotel groups have softened their cancellation policies to include properties here at home. Most notably, several the largest hotel groups including Hilton, Marriott and InterContinental Hotels Group and Omni Hotels & Resorts.
As the new coronavirus outbreak continues to grow, airlines are doing their part by taking precautions to sanitize and prevent the virus from spreading. Airlines usually clean plane cabins to varying degrees when turning around the aircraft between each flight. Here are some of the advanced measures U.S. airlines are taking to keep their cabins as germ-free as possible.