<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=116645602292181&amp;ev=PageView&amp;noscript=1">

Threat Alert:

COVID-19 MALWARE

threat-alert-badge-yellow

Threat Overview

cr-icon-threat-type
Threat Type
Phishing Attacks
Target Industries
Target Industries
Everyone
cr-icon-attack-goal
Attack Goal
RANSOM
cr-icon-impacted-geo
Impacted GEO
TARGETED TO COVID-19 REGIONS

What's Happening?

The Cybereason Nocturnus team is investigating multiple types of campaigns that specifically target regions most heavily impacted by the coronavirus with coronavirus-themed files and domains.

Attackers are abusing the pandemic for their benefit by manipulating people’s anxiety over the virus to trick them into downloading malware.

Read The Full Research

KEY OBSERVATIONS & TTPS


  • Taking Advantage of Remote Workers: Attackers are taking advantage of the shift to remote work by promoting malware masquerading as VPN installers. This is particularly dangerous as businesses make the transition to remote work and suggest best practices to employees, including the use of VPNs.
  • Using Mobile Malware: Attackers are creating malicious mobile applications posing as legitimate apps developed by the World Health Organization to help individuals recover from coronavirus. Instead, the application downloads the Cerberus banking trojan to steal sensitive data.
  • Targeting Healthcare Organizations: Attackers are using ransomware to target healthcare organizations, arguably the most vital and overworked among us at this time.

Remediation Steps

cr-icon-remediate-disable

Consider social engineering awareness and training, which are key in preventing such attacks.

cr-icon-block-executable

Disable macros and install an endpoint protection solution to help mitigate similar attacks.

Asset 3

Periodically proactively hunt in your environment for sensitive assets.

antivirus-01
Prevented & Detected by the Cybereason Defense Platform

CYBEREASON CUSTOMERS

We highly recommend every customer enable the following features:

  • If you do not have Cybereason NGAV activated, consider doing so to prevent against threats like these.
  • For Cybereason MDR customers, the Cybereason team will monitor and triage as well as assist in the mitigation of potential infections.

Download This Threat Alert

SUFFERED A BREACH?
TALK TO A SPECIALIST