TechGuard Blog | TechGuard Security

Protect Yourself From Coronavirus Scams

Written by Elizabeth Dasenbrock | Mar 30, 2020 4:12:20 PM

Amid the CoronaVirus outbreak, we are looking at workforces around the globe, shift into a remote setting. A remote userbase means more stress and anxiety for security teams because with all their users so far apart, there's more room for vulnerabilities and errors. Businesses will have to rely on VPNs to maintain security, and they may not be prepared to do that. Also, employees who are trying to adapt to the new work-from-home routine may be more easily fooled into clicking on phishing emails, thus potentially endangering their entire organization.

 

Unfortunately, it is no small feat to get everyone on the same page when it comes to working remotely, let alone with a VPN. Time, money, labor, and training are all costs associated with creating a remote workforce. Then there's the issue of each employee having enough bandwidth in their homes to support their workload. It's also important to remember that when employees work from home, they're not alone. Their families are there too, and employees may have to compete with them for the internet. Perhaps their spouse is also working from home, or their children are trying to keep up with online classes. It then becomes up to the personal responsibility of each employee to manage their household so they can get their work done.

 

When implementing a VPN, your IT team must not only double-check but triple-check everything to make sure it is as secure as possible. Just one error could have disastrous results for your network. Hackers are crafty and will try just about anything to accomplish their malicious objectives. They'll even go so far as to impersonate the World Health Organization (WHO). What would they have to gain by doing that, you may wonder?  Well, for starters, there are a lot of folks desperately seeking information on the CoronaVirus. Hackers are betting that those people would be very likely to click on an email seemingly from WHO.

 

If this seems unbelievable, here's our proof: the anti-malware software, Malwarebytes, discovered hackers doing just what we described. Phishing is the most common form of cyberattack, so it comes as no surprise to those in the cyber community that cybercriminals would use the current pandemic for their latest campaign. This email is especially heinous because it makes victims think they are about to get useful information on the CoronaVirus and how to keep their children and businesses safe in the form of an innocent-looking e-book. Little do they know they are only going to get malware on their system.

 

 

The email is not all that suspicious to the untrained eye, but if you know what to look for, you’ll find several errors that reveal the illegitimacy of it. Spelling errors, odd capitalization, and poor grammar all point to a phishing scam. Even the hyphenation of CoronaVirus is inaccurate, but since the general public knows WHO to be a trustworthy source, they may look past these errors. The email’s intention is for the recipient to download the “e-book” only to start the download for GuLoader, which in turn brings in the infostealing trojan FormBook.

“Formbook is one of the most popular info-stealers, thanks to its simplicity and its wide range of capabilities, including swiping content from the Windows clipboard, keylogging, and stealing browser data. Stolen data is sent back to a command and control server maintained by the threat actors,” Malwarebytes reported.

With the large number of workers transitioning to a work from home setting, we must be more cautious than ever about scams like these. Human error is one of the major causes of successful cyberattacks. Inform others who may be less aware and maybe we can limit the number of victims who fall for these malicious attacks.