By Emma Okonji
Following the outbreak of the COVID-19 currently ravaging the world, SophosLabs said it is tracking how the use of ‘COVID-19’ in domain names, spam, phishing attacks, and malware has skyrocketed, thereby creating threat to cybersecurity.
According to SophosLabs, its current tracking showed that the volume of “COVID-19” email scams have nearly tripled in the past week.
It said attackers were also increasingly impersonating the World Health Organisation (WHO), Centers for Disease Control and Prevention (CDC) of North America and the United Nations (UN), as evidenced in the scams it tracked recently.
Speaking on the development, Sophos Principal Research Scientist, Chester Wisniewski, said: “Cybercriminals are wasting no time in shifting their dirty, tried and true attack campaigns toward advantageous lures that prey on mounting virus fears. It’s easy to see that the attackers behind a new Chloroquine scam are the same as those behind a recent herbal Viagra scam”.
Wisniewski, emphasised that, “With global spam volumes estimated to be in the hundreds of billions, for 2-3 per cent of those to be COVID-19 themed is significant.
“Similar to recent testing of advertisements and web pages, criminals often dip a toe in the water when there is a new or sensational topic in the news. If the new topic proves a more effective lure than the previous scam bait they begin switching to new lures.
“In one of the spam campaigns we tracked last week, there was evidence of exactly that. These particular criminals had been using fake shipping and delivery emails to convince unsuspecting victims into opening attachments and infecting their computers with the Kryptik Trojan. Now the main body of the email pretends to come from erecruit@who.int with ‘health advice’ in the attachment, but when we carefully inspect the plain text body, we see it matches a previous spam campaign from this same criminal using a lure pretending to be about invoices and deliveries.
“The increases we are seeing are likely due to two important factors. First, as time passes more and more criminal groups are joining the party on using all this interest in COVID-19 to steal money from people. Secondly, it takes time. “Any given criminal group has to handcraft the spams to convince the recipient to take an action. In the research community we call this the call to action.”
