Malware in times of COVID

The health crisis that we are suffering due to COVID-19 is having a tremendous effect on the economies of countries and the health of their citizens, but it is also being devastating in the virtual world and in the cybersecurity of companies. We are at such a point that the International Criminal Police Organization (INTERPOL) has published a report called Cybercrime: COVID-19 Impact, which exposes that a large number of cyberattacks are being generated during COVID-19. From January to April, an INTERPOL private sector partner detected 907,000 spam messages, 737 malware-related incidents and 48,000 malicious URLs, all related to COVID-19.

Cybercriminals take advantage of the crisis to adapt their way of acting and participate in new criminal activities.

 As indicated by himself Jürgen Stock, Secretary General of INTERPOL: “Cybercriminals are developing and boosting their attacks at an alarming rate. In fact, they are exploiting the fear and uncertainty caused by the unstable social and economic situation created by COVID-19.”

The main conclusions on cybercrime in relation to the COVID-19 pandemic are:

Internet scams and phishing Threat authors have seen the pandemic as an opportunity to increase the chances of success of their attacks and have taken advantage of the opportunity to review their usual Internet scam and phishing systems. They are now sending their victims COVID-19 phishing emails, often posing as government and health authorities, encouraging them to provide their personal data and download malicious content.

Disruptive malware (ransomware and DDoS) Spurred on by the likelihood of causing serious disruption and making substantial profits, cybercriminals have increased the number of disruptive malware attacks against critical and healthcare infrastructure. Ransomware or DDoS attacks can cause frequent interruptions or complete interruption of business activity, as well as the temporary or permanent loss of essential information.

Data harvesting malware In the field of cybercrime, malware attacks to collect data are also on the rise, such as remote access Trojans, information thieves, spyware or banking Trojans, among others. Threat actors use COVID-19-related information as a decoy to infiltrate systems and infect networks, steal data, divert funds, and create botnets.

evil domains There has been a significant increase in the number of cybercriminals who, taking advantage of the increased demand for medical products and information about COVID-19, are registering domain names containing keywords related to the pandemic, such as “coronavirus” or “COVID.” . These are fraudulent websites that hide a wide variety of malicious activities, for example, C2 servers, malware spread, and phishing.

Disinformation We are witnessing an amplification of misinformation and fake news that spread rapidly among the population. Fueled by the uncertainty of the socioeconomic situation in the world, unverified information, poorly understood threats, and conspiracy theories have fostered citizen anxiety and, in some cases, facilitated the execution of cyberattacks.

We highlight some of the biggest cyberattacks, security and data breaches globally so far this year.

tesla

 In August 2020, it was published that a Tesla employee had received an offer from a cybercriminal group to install malware at the Nevada factory. Unfortunately for cybercriminals, the employee did not agree to the attempt and reported it to Tesla and the FBI.

Garmin

 On July 23, he received a “ransomware” type attack that had encrypted information on its internal network and some production systems, left its customers without service by going into maintenance mode after even registering problems in customer service, which could not answer calls or emails.

The virus responsible could have started in the Taiwan branch and was named WastedLocker. This type of “ransomware” is usually associated with Russian hackers called Evil Corp., said cybercriminals would have asked for a ransom of 10 million dollars.

New Zealand Stock Exchange 

 At the end of August, due to a cyber attack, the New Zealand Stock Exchange was left inoperable for several days due to a distributed denial of service (DDoS) attack.

Mapfre

 In mid-August, the insurance company Mapfre suffered a ransomware attack that, according to its CEO in Iberia José Manuel Inchausti, "some of our computer systems and slowed down our response capacity."

 Adif

 At the end of July 2020, Adif was attacked by the cybercriminal group REvil, it suffered blackmail from this group that had stolen 800GB of data from the Spanish public company and, if its demands were not met, it would be published.

EasyJet

 This company suffered a cyberattack in mid-May that exposed the data of 9 million customers. The most notable thing about this attack is that the cyberattackers spent more than 4 months in its systems.

Grubman Shire Meiselas & Sacks

 This law firm of celebrities, including Lady Gaga, Elton John and Robert de Niro, received a ransomware cyberattack in May, probably orchestrated by REvil or Sodinokibi, stealing 756GB of sensitive information about its clients.

The cyber attackers requested a ransom of 21 million euros so as not to reveal any of the stolen personal data.

Fresenius (Chiron)

 At the beginning of May, this group of private hospitals was the victim of a cyber attack that affected its systems, known as SNAKE or EKANS.

EPD

 EDP is a Portuguese energy company, in early April it was the victim of a ransomware attack that caused the theft of more than 10 terabytes of the company's private data, in addition to encrypting the computers using ransomware called “Ragnar Locker”. To recover the information and not publish the stolen data, they asked for a ransom of 10 million euros.