Η ESET προειδοποιεί για scams που εκμεταλλεύονται το κλίμα ανησυχίας για τον κορωνοϊό

ΚΕΙΜΕΝΟ: FORTUNEGREECE.COM
16/03/2020 18:00






Οι ερευνητές της ESET συγκέντρωσαν μερικές από τις πιο συνηθισμένες μορφές απάτης και τις αναλύει, εφιστώντας την προσοχή στους χρήστες.


Τις ιδιαίτερες συνθήκες που έχει προκαλέσει σε όλον τον πλανήτη η πανδημία του κοροναϊού εκμεταλλεύονται οι κυβερνοεγκληματίες, όπως προειδοποιεί σχετικά η ESET. Η παγκόσμια ανησυχία, οι ευπαθείς ομάδες που διατρέχουν τον υψηλότερο κίνδυνο, η υπερβολική ζήτηση για αγαθά που δεν είναι πλέον σε απόθεμα και η παραπληροφόρηση στα μέσα κοινωνικής δικτύωσης – όλα αυτά ισοδυναμούν με μια τεράστια ευκαιρία για τους απατεώνες του διαδικτύου. Οι ερευνητές της ESET συγκέντρωσαν μερικές από τις πιο συνηθισμένες μορφές απάτης και τις αναλύει, εφιστώντας την προσοχή στους χρήστες.

Κακόβουλα νέα

Οι απατεώνες προσποιούνται ότι στέλνουν σημαντικές πληροφορίες από έγκυρους φορείς, όπως τον Π.Ο.Υ. (Εικ.1) ή από αξιόπιστους δημοσιογραφικούς οργανισμούς, όπως τη Wall Street Journal (Εικ.2), με στόχο να ξεγελάσουν τα πιθανά θύματα να κάνουν κλικ σε κακόβουλα link. Συνήθως, τέτοιοι σύνδεσμοι μπορούν να εγκαταστήσουν κακόβουλο λογισμικό, να κλέψουν προσωπικές πληροφορίες ή να επιχειρήσουν να αποσπάσουν διαπιστευτήρια σύνδεσης και κωδικούς πρόσβασης.

Εκμετάλλευση της φιλανθρωπίας


Σε αυτή τη μορφή scam, οι κυβερνοεγκληματίες προσπαθούν να πείσουν το θύμα να βοηθήσει στη χρηματοδότηση εμβολίου για τα παιδιά στην Κίνα. Καθώς αυτή τη στιγμή εμβόλιο δεν υπάρχει, οι χρήστες τελικά καταλήγουν να στέλνουν bitcoin στα πορτοφόλια των απατεώνων. Η τεχνική είναι αποτελεσματική μόνο σε ένα πολύ μικρό ποσοστό χρηστών, αποκτά όμως σεβαστό μέγεθος αν αναλογιστεί κανείς ότι γίνεται σε παγκόσμια κλίμακα.

Μάσκες

Σε έναν άλλο τύπο απάτης, οι κυβερνοεγκληματίες στέλνουν spam email (Εικ.3) θέλοντας να ξεγελάσουν τα θύματα ότι μπορούν να παραγγείλουν μάσκες που θα τους κρατήσουν ασφαλείς από τον κοροναϊό. Στην πραγματικότητα, τα θύματα καταλήγουν να αποκαλύπτουν, χωρίς να το θέλουν, ευαίσθητα προσωπικά και οικονομικά δεδομένα. 

Σύμφωνα με το Sky News, οι απατεώνες πωλητές μασκών απέσπασαν 800.000 λίρες Αγγλίας (1 εκατομμύριο δολάρια) από χρήστες στο Ηνωμένο Βασίλειο, μόνο τον Φεβρουάριο.

Η ESET συμβουλεύει τους χρήστες να έχουν το νου τους σχετικά με αυτές και αντίστοιχες απάτες και να είναι ιδιαίτερα προσεκτικοί, εφαρμόζοντας τις παρακάτω οδηγίες:

Αποφύγετε να κάνετε κλικ σε συνδέσμους ή να κάνετε λήψη συνημμένων σε ανεπιθύμητα μηνύματα/κείμενα από άγνωστες πηγές ή ακόμα και από αξιόπιστες πηγές, παρά μόνο αν είστε απολύτως βέβαιοι ότι το μήνυμα είναι αυθεντικό.

Αγνοήστε τις επικοινωνίες που ζητούν τα προσωπικά σας στοιχεία. Αν κρίνετε ότι είναι απαραίτητο να τα δώσετε, φροντίστε πρώτα να ελέγξετε την αυθεντικότητα του αποστολέα, χρησιμοποιώντας ένα διαφορετικό μέσο από το ίδιο το email (π.χ. αναζήτηση στο διαδίκτυο).

Προσέξτε ιδιαίτερα τα email που έχουν σήμανση «επείγον» ή «προσοχή» και σας παροτρύνουν να λάβετε άμεσα μέτρα ή προσφέρουν εμβόλια ή θεραπείες για τον COVID-19.

Προσέξτε για φιλανθρωπικές καμπάνιες ή εκστρατείες crowdfunding που μπορεί να είναι απάτες.

Χρησιμοποιήστε αξιόπιστο λογισμικό με πολλαπλά επίπεδα ασφάλειας, που διαθέτει προστασία από το ηλεκτρονικό «ψάρεμα» (phising)

Ransomware Gangs to Stop Attacking Health Orgs During Pandemic

By Lawrence Abrams March 18, 2020 06:36 PM 0






Some Ransomware operators have stated that they will no longer target health and medical organizations during the Coronavirus (COVID-19) pandemic.

Last night, BleepingComputer reached out to the operators of the Maze, DoppelPaymer, Ryuk, Sodinokibi/REvil, PwndLocker, and Ako Ransomware infections to ask if they would continue targeting health and medical organizations during the outbreak.
DoppelPaymer Ransomware

DoppelPaymer was the first to respond and stated that they do not normally target hospitals or nursing homes and will continue this approach during the pandemic.


"We always try to avoid hospitals, nursing homes, if it's some local gov - we always do not touch 911 (only occasionally is possible or due to missconfig in their network) . Not only now.

If we do it by mistake - we'll decrypt for free. But some companies usually try to represent themselves as something other: we have development company that tried to be small real estate, had another company that tried to be dog shelter ) So if this happens we'll do double, triple check before releasing decrypt for free to such a things. But about pharma - they earns lot of extra on panic nowdays, we have no any wish to support them. While doctors do something, those guys earns."

When asked what happens if a medical organization gets encrypted, we were told that a victim should contact them on their email or Tor webpage to provide proof and get a decryptor.
Maze Ransomware

Today, the Maze operators responded to my questions by posting a "Press Release" that also states that they will stop all "activity" against all kinds of medical organizations until the end of the pandemic.


"We also stop all activity versus all kinds of medical organizations until the stabilization of the situation with virus."

We have not received a reply as to whether a free decryptor would be provided if a healthcare organization mistakenly gets encrypted.
Security companies offer free help

For now, if any organizations get encrypted, both Emsisoft and Coveware announced today that they would be offering their ransomware services for free to healthcare organizations during the pandemic.

This includes the following:
Technical analysis of the ransomware.
Development of a decryption tool whenever possible.
As a last resort ransom negotiation, transaction handling and recovery assistance, including replacement of the decryption tool supplied by the criminals with a custom tool that will recover data faster and with less chance of data loss.

While this help is greatly appreciated, I hope other ransomware operators will stop targeting healthcare organizations after reading this article so that it is not needed.

As this is a global epidemic, anyone could become sick with this virus, including the ransomware operator's loved ones.

Right now healthcare workers need to focus on helping people, not decrypting their files.

EMSISOFT Free ransomware help for healthcare providers during the Coronavirus outbreak

As hospitals around the world struggle to respond to the COVID-19 crisis, ransomware presents a serious risk to their ability to provide urgent care are to the critically ill. In 2019, at least 764 healthcare providers were impacted by ransomware. 

Without a global pandemic, a ransomware attack on a critical care facility can cause grave danger to patients. With COVID-19, a ransomware attack on an overwhelmed hospital could tip the balance and result in a significant loss of life.
We’re here to help

In partnership with incident response company Coveware, we will be offering completely free help to critical care hospitals and other healthcare providers that are on the front lines of COVID-19 and have been impacted by ransomware. Subject to our own capacity, we aim to provide this service for the duration of the crisis to healthcare providers anywhere in the world.

The services offered will include:
Technical analysis of the ransomware.
Development of a decryption tool whenever possible.
As a last resort ransom negotiation, transaction handling and recovery assistance, including replacement of the decryption tool supplied by the criminals with a custom tool that will recover data faster and with less chance of data loss.

Our aim? Get affected healthcare providers operational in the shortest time possible so they can minimize disruption to patient care.

If you are a healthcare service provider that has experienced an attack, get in touch.
Ransomware attacks are likely to spike in the coming weeks

Ransomware has a seasonal aspect with the number of incidents spiking during the spring and the summer months.


Chart based on our data plus data from EPSRC EMPHASIS Ransomware Project

Whether these spikes are due to increases in the number of attacks or organizations being more susceptible to attacks at certain times of year is not clear. However, in either case, it is likely that there will be an increase in the number of healthcare providers impacted by ransomware in the coming months and, unfortunately, this increase may coincide with the peak of the COVID-19 outbreak. Further, the spikes may be more pronounced than in previous years due to security weaknesses resulting from hastily introduced work-from-home arrangements, personal device usage and staffing shortages.

In short, we may be looking at a near-perfect storm in which healthcare providers are disrupted at the very time they are needed the most.
A note to ransomware groups

While we will never condone criminal behavior, we understand why financially motivated cybercrime exists. We also know you are humans, and that your own family and loved ones may find themselves in need of urgent medical care. Make no mistake, an attack on a healthcare organization will have negative outcomes and may result in the loss of life. We ask for your empathy and cooperation. Please do not target healthcare providers during the coming months and, if you target one unintentionally, please provide them with the decryption key at no cost as soon as you possibly can. We’re all in this together, right?
A note to security companies and professionals

Got expertise? Got some free time? Willing to assist with this initiative? Shoot us an email at volunteer@emsisoft.com. We’d love your help.
A note to other organizations that may be affected by ransomware during these trying times

It breaks our hearts not to be able to extend a helping hand to everyone. We are all in the same boat together. Our priority at this time is to ensure we have the capacity to assist the healthcare organizations helping save the lives of COVID-19 patients. If we find the capacity to extend this offer to other industries, we will update this post and provide further guidance. Until then, please hunker down and stay safe.

COVID-19 Security Resource Library A compilation of tips and recommendations from NCSA and its partners on ways to stay safe online

The National Cyber Security Alliance, our board member companies, federal partners and non-profit collaborators have worked swiftly to provide organizations and individuals with relevant and helpful information to address security and privacy concerns surrounding the global COVID-19 outbreak.

To help individuals and organizations find resources they can use and share, NCSA has launched the COVID-19 Security Resource Library. This library features free and updated information on current scams, cyber threats, remote working, disaster relief, and more. NCSA will work diligently to update this page regularly as resources become available.

Looking for a specific type of resource that you don’t see here? Let us know: info@staysafeonline.org
NCSA Encourages Vigilance Against Coronavirus Scams, Best Cybersecurity Practices for Remote Workers
NCSA’s Security Tips for Remote Workers

Avoiding Cyber Threats and Scams


CISA: Defending Against COVID-19 Cyber Scams
CISA: CISA Alerts and Recommendations
CISA: Recommendations on VPN Security
Cofense: Coronavirus Phishing Infocenter
ESET: Beware Scams Exploiting Coronavirus Fears
FTC: Tips for Avoiding Coronavirus Scams
NCSA: NCSA Statement on Coronavirus
NortonLifeLock: Coronavirus Phishing Emails: How to Protect Against COVID-19 Scams
Wells Fargo: Beware of Coronavirus Phishing Scams

Security Tips for Working Remotely


Cyber Readiness Institute: Securing A Remote Workforce
EDUCAUSE: Resources for Business Continuity and Alternative Education Delivery
EDUCAUSE: Corporate Resources for COVID-19
ESET: COVID‑19 and the Forced Workplace Exodus
Facebook: Business Resource Hub
Facebook: Small Business Resilience Toolkit
LogMeIn: Remote Work Toolkit
MediaPRO: Coronavirus Sucks: Working From Home Doesn’t Have To
NCSA: NCSA Tipsheet – Best Practices for Remote Workers
NIST: Preventing Eavesdropping and Protecting Privacy on Virtual Meetings
NortonLifeLock: Seven Tips to Help Keep Your Connections Secure

Government Assistance and Resources


CDC: What You Need to Know About COVID-19
IRS: Coronavirus Tax Relief
SBA: SBA Disaster Assistance in Response to Coronavirus
WHO: Coronavirus Disease (COVID-19) Outbreak

Hackers Created Thousands of Coronavirus (COVID-19) Related Sites As Bait

Hackers Created Thousands of Coronavirus (COVID-19) Related Sites As Bait



March 18, 2020Ravie Lakshmanan
As the world comes to grips with the coronavirus pandemic, the situation has proven to be a blessing in disguise for threat actors, who've taken advantage of the opportunity to target victims with scams or malware campaigns.

Now, according to a new report published by Check Point Research today and shared with The Hacker News, hackers are exploiting the COVID-19 outbreak to spread their own infections, including registering malicious Coronavirus-related domains and selling discounted off-the-shelf malware in the dark web.


"Special offers by different hackers promoting their 'goods' — usually malicious malware or exploit tools — are being sold over the darknet under special offers with 'COVID19' or 'coronavirus' as discount codes, targeting wannabe cyber-attackers," the cybersecurity firm said.


COVID-19 Discounts: Exploit Tools for Sale
The report comes following an uptick in the number of malicious coronavirus-related domains that have been registered since the start of January.



"In the past three weeks alone (since the end of February 2020), we have noticed a huge increase in the number of domains registered — the average number of new domains is almost 10 times more than the average number found in previous weeks," the researchers said. "0.8 percent of these domains were found to be malicious (93 websites), and another 19 percent were found to be suspicious (more than 2,200 websites)."

Some of the tools available for purchase at a discounted price include "WinDefender bypass" and "Build to bypass email and chrome security."



Another hacking group, which goes by the moniker "SSHacker," is offering the service of hacking into Facebook account for a 15 percent discount with "COVID-19" promo code.


What's more, a seller that goes by the name of "True Mac" is selling a 2019 MacBook Air model for a mere $390 as a "corona special offer." It goes without saying the offer is a scam.


A Long List of Coronavirus-Themed Attacks
The latest development adds to a long list of cyberattacks against hospitals and testing centers, distribute malware such as AZORuIt, Emotet, Nanocore RAT and TrickBot via phishing campaigns using malicious links and attachments, and execute malware and ransomware attacks that aim to profit off the global health concern.



APT36, a Pakistani state-sponsored threat actor that targets the defense, embassies, and the government of India, was found running a spear-phishing campaign using Coronavirus-themed document baits that masqueraded as health advisories to deploy the Crimson Remote Administration Tool (RAT) onto target systems.
Researchers from security firm IssueMakersLab uncovered a malware campaign launched by North Korean hackers that used boobytrapped documents detailing South Korea's response to the COVID-19 epidemic as a lure to drop BabyShark malware. Recorded Future observed, "at least three cases where reference to COVID-19 has been leveraged by possible nation-state actors."
A COVID-19-themed malspam campaign targeting the manufacturing, industrial, finance, transportation, pharmaceutical, and cosmetic industries via Microsoft Word documents that exploits a two-and-a-half-year-old Microsoft Office bug in Equation Editor to install AZORult malware. The AZORult info stealer has also been distributed using a fraudulent version of the Johns Hopkins Coronavirus Map in the form of a malicious executable.
A fake real-time coronavirus tracking Android app, called "COVID19 Tracker," was found to abuse user permissions to change the phone's lock screen password and install CovidLock ransomware in return for a $100 bitcoin ransom.
Another phishing attack, uncovered by Abnormal Security, targeted students and university staff with bogus emails in a bid to steal their Office 365 credentials by redirecting unsuspecting victims to a fake Office 365 login page.
Comment spamming attacks on websites that contained links to a seemingly innocuous coronavirus information website but redirected users to dubious drug-selling businesses.
Aside from malware-laden spam emails, F-Secure researchers have observed a new spam campaign that aims to capitalize on the widespread mask shortage to trick recipients into paying for masks, only to send them nothing.


Staying Secure in the Time of COVID-19
It's amply that these attacks exploit coronavirus fears and people's hunger for information about the outbreak. Given the impact on the security of businesses and individuals alike, it's essential to avoid falling victim to online scams and practice good digital hygiene:



Businesses should ensure that secure remote access technologies are in place and configured correctly, including the use of multi-factor authentication, so that employees can conduct business just as securely from home.
Individuals should keep away from using unauthorized personal devices for work, and ensure "personal devices will need to have the same level of security as a company-owned device, and you will also need to consider the privacy implications of employee-owned devices connecting to a business network."
Watch out for emails and files received from unknown senders. Most importantly, check a sender's email address for authenticity, don't open unknown attachments or click on suspicious links, and avoid emails that ask them to share sensitive data such as account passwords or bank information.
Use trusted sources, such as legitimate government websites — for up-to-date, fact-based information about COVID-19.