how hackers using phishing and website spoofing
Proofpoint researchers have detected a steep rise in spoofing attempts that leverage phishing attacks with COVID-19 themes and faux websites that mimic government agencies and non-governmental organizations (NGOs) to steal login credentials and valuable financial data throughout the pandemic.
Researchers observed and analyzed quite 300 COVID-19 phishing campaigns since January 2020, which revealed hackers are focused on credential theft. The sudden growth of those campaigns began in March 2020, when COVID-19 was declared a national emergency.
The insights join several recent reports detailing hackers’ efforts to require advantage of the Coronavirus pandemic for gain. From fraud attempts and phishing attacks to targeting Virtual Private Networks (VPNs) and DNS routers, threat actors are banking on an attribute to realize access to enterprise networks and to profit off of the crisis.
The latest COVID-19 research shows hackers are increasingly leveraging COVID-19-themed credential phishing website templates that mimic the planet Health Organization, the interior Revenue Service, the Centers for Disease Control, and other agencies.
The templates allow hackers to simply create high-quality malicious web domains for his or her COVID-19 phishing campaigns. Notably, Proofpoint found that a lot of the templates seen in these campaigns use multiple pages, which increase the standard of those deceptive campaigns.
For example, the template that spoofs WHO is meant to mimic the legitimate government login site, including the brand and color scheme. Proofpoint explained this model was the primary example of a phishing template specific to COVID-19.
Meanwhile, the CDC-spoofing template asks the user to input their email address and password to realize access to a “Vaccine ID.” The template includes Microsoft Outlook, Google Gmail, and other email logos, also as an immediate copy of the Coronavirus graphic hosted on the legitimate CDC website.
“Credential phishing attackers often tailor their email lures with themes they believe are going to be the foremost effective and use general websites for actual credential harvesting,” researchers wrote. “The recent move to make custom COVID-19 payment phishing templates indicates that buyers view them as effective enough to warrant custom tactics to reap credentials.”
The campaign began to drop off in April 2020, which Proofpoint noted: “likely reflects a mixture of saturation for COVID-19 payment theme phishing templates and a move towards other COVID-19 themes as many one-time payments were disbursed.”
The cyberattacks are tied to both well-known, established hacking groups to unknown individual hackers. The campaigns are primarily in English, but the researchers have also detected attacks using Spanish, French, Japanese, and other languages.
“It’s clear threat actors follow trends closely,” researches explained. “We’ve seen throughout the COVID-19 situation how threat actors have followed the news and adapted their themes to match the unfolding public narrative.”
“The movement by governments especially to supply support has caught the eye of threat actors who have moved not only to focus on those funds directly but to use them as themes for his or her malware and credential phishing attacks,” they added. “As the COVID-19 situation continues to unfold across the world, we will expect these sorts of COVID-19 themed attacks to continue and threat actors to supply additional tools which will make those attacks easier to hold out.”
Fortunately, several security researchers and government agencies are steadily working to supply resources and guidance designed to assist healthcare providers and other organizations prop up a number of the vulnerabilities that have emerged with the rise in telehealth and remote work during the pandemic.
Healthcare organizations should review telework guidance from the American Medical Association and therefore the American Hospital Association and cybersecurity guidance for telework from the National Security Agency. The Office for Civil Rights also released an inventory of COVID-19 security threat resources, as well.
Microsoft also provided insights into human-operated ransomware campaigns that have plagued the world in recent months. last, the Healthcare and Public Health Sector Coordinating Council released guidance for tackling healthcare’s security tactical response and protecting the sector’s trade secrets and research.