Given the recent success of deploying ransomware, in 2018 and 2019, using AZORult and Emotet, RiskIQ has predicted cybercriminals will return to this method leveraging the global anxiety of Coronavirus as an ideal opportunity.
Since the World Health Organization declared a public health emergency of international concern on Jan. 30, 2020, RiskIQ states it has “observed a malicious spam campaign seeking to capitalize on this worldwide interest in the spread and impact of the virus.” E-mails, with affected Microsoft Word documents attached, have been sent to targeted companies to install the AZORult malware.
More from WWD
- French President Pledges Economic Support, Orders School Closures
- Tod's Management Discusses Coronavirus Reporting 2019 Figures
- The Future Is Still Uncertain for Italian Retail Employees
The targeted businesses included those whose supply chain operations and revenue streams the outbreak could disrupt, including manufacturing, industrial, finance, transportation, pharmaceutical and cosmetics. The senders of this phishing campaign have not been identified.
Further, phishing scams, in Japan, have spread the Emotet Trojan through messages that claim to contain information about coronavirus. Similar to campaigns including the AZORult malware, Emotet was included in e-mails with attached Microsoft Word documents.
The company notes that in 2019, Emotet was made more dangerous by cybercriminals with an update that gave its attack method the ability to send victims e-mails from past messages, steal credentials from its victims to send outbound messages, and hijack e-mail accounts. These techniques make it harder for victims to decipher if the e-mail is legitimate.
Cybercriminals have also seen success in capitalizing on conspiracy theories that claim the existence of “unreleased cures” being withheld from the public. These attacks initially targeted those in the U.S. and Japan, though the company’s data suggests Australia and Italy may have been targeted as well. Unlike the other attacks, these e-mails contain a link to fake DocuSign pages which ask victims to share personal information.
RiskIQ has assessed a moderate-high level of confidence that cybercriminals will continue to follow these patterns.
For More WWD Business News: