Cybercriminals imitating WHO to steal information, say Israeli experts
An average of 192,000 weekly coronavirus-related attacks have been identified during the past three weeks, representing a 30% increase compared to previous weeks, researchers said.
By EYTAN HALON
Cybercriminals are increasingly impersonating the World Health Organization (WHO) and popular video conferencing platforms to steal sensitive information from users, experts at Israeli cybersecurity giant Check Point have warned.In mid-April, Google said it had identified 18 million coronavirus-related malware and phishing emails being sent to Gmail users on a daily basis – in addition to 240 million daily spam emails related to the outbreak.Malicious actors often seek to collect sensitive data by turning to "phishing" emails and websites, which attempt to trick users by appearing to be from a legitimate source. A 2019 report by Verizon showed that almost a third (32%) of all corporate data breaches started with a phishing email.Check Point researchers identified recent malicious emails posing as the WHO, from a "who.int" domain, with the email subject: "Urgent letter from WHO: First human COVID-19 vaccine test/result update." Seeking to take advantage of increased curiosity in the outbreak, the emails contained a dangerous attachment containing AgentTesla malware.A further two examples of extortion emails purportedly from the WHO and the United Nations were also identified, requesting that recipients send donations to several known compromised bitcoin wallets.Researchers also warned that cyber-criminals have also used fake Zoom domains for phishing activity. During the past three weeks, nearly 2,500 new Zoom-related websites have been registered. Some 1.5% of domains were identified as malicious and another 13% as suspicious. Malicious URLs related to Microsoft Teams and Google Meet have also been identified in recent weeks as criminals seek to lure victims and encourage them to download malware.An average of 192,000 weekly coronavirus-related attacks have been identified during the past three weeks, representing a 30% increase compared to previous weeks, researchers said.Coronavirus-related attacks were defined as those involving websites with “corona” or “covid” in their domain name, files with coronavirus-related file names and files distributed in emails with coronavirus-related subject lines.As the pandemic and measures to contain it develop, so too has the registration of coronavirus-related domains worldwide. Domains related to live maps and symptoms were very common at the beginning of the outbreak, before mirroring the roll-out of relief packages and stimulus payments at the end of March. Recently, the registration of domains related to post-coronavirus life and a possible second wave has increased.During the past three weeks, almost 20,000 new coronavirus-related domains were registered. About 2% were identified as malicious and another 15% were considered suspicious.
To avoid being tricked by attempted phishing attacks, Check Point researchers suggest being suspicious of emails or communications from well-known brands or organizations requesting that users click on a link or open an attached document.Users should also beware of look-alike domains and unfamiliar email senders; be cautious with files received via email from unknown senders; only order goods from authentic sources; be cautious regarding "special offers"; and not reuse passwords for different applications and accounts.