phishing and ransomware campaigns which exploits and spread disinformation about the health crisis

I. Overview
• The health crisis: Fertile ground for disinformation
• Phishing as a primary delivery method for the ransomware. By including
the ransomware as part of an attachment or directing victims to malicious
websites that exploit their browsers or browser plug-ins (such as Adobe
Flash), these ransomware groups were able to quickly spread their
malware. The lures used in these phishing emails are still commonly used
today.
• During the COVID-19 crisis the industry and in particular educational
institutions have become targets of numerous cyber-attacks. Phishing
attempts exploiting user’s curiosity for up-to-date and new information
have been on the rise.
• Ransomware is a type of malicious software (malware) designed to extort
money from victims by restricting access to a computer, mobile device, or
digital files. There has been a circulation of malicious websites pretending
to be credible sources for more information on the Coronavirus-19. Threat
actors are using COVID-19-themed phishing emails to serve malware and
phish landing pages.
• The Covid crisis has provided the perfect cover for malicious actors to
continue with their nefarious activities. Phishing attempts have become
more sophisticated today as threat actors have started employing more
complicated and advanced methods to target victims. The advancements
include Machine Learning techniques to lure victims into disclosing their PII
(Personally Identifiable Information) or crucial financial details.
• Several factors contribute to the popularity of phishing and ransomware
attacks. Many companies use email security systems to mitigate the scale
and potency of phishing by, for example, scanning suspicious links and
removing attachments. But corporate email systems still remain an easy
"attack vector," tech jargon for the means by which a hacker can gain
unauthorized access to a computer network or server to launch a
cyberattack. This year, 36% of successful corporate cyberattacks involved
phishing, an increase of 11% over last year.
• Ransomware, malicious software that threatens to publish private data
unless a bounty is paid, has become increasingly popular among criminals
because it offers a quick way to make a buck. Many ransomware hacking
tools have been commercialized and simplified. And while programming
skills are a bonus, they're no longer required to execute a successful
ransomware attack. As a result, so-called ransomware-as-a-service is on
the rise. Prior to the pandemic, criminals were forced to invest time and
resources into investigating targets. Now cybercriminals can simply hire
ransomware services on the dark web or buy the software to attack using
email.
• Meanwhile, the massive shift to remote employment during the pandemic
has created a fat new target for cyber criminals because many employees
working from home were using insecure personal smartphones and
computers.
• COVID-19, an unknown disease till 2020, has caused an unprecedented
global health crisis. Many questions about this new virus still remain
unanswered by scientists – including the nature of immunity of those who
 have been infected, the seasonality of the virus, and its capacity to
mutate. Our lack of knowledge about this disease and its evolution have
fuelled a thirst for information, in Africa and elsewhere. It has also led to
the proliferation of rumours, fake news and disinformation – with social
media networks serving as sounding-boards.

II. Relevant Examples

Fake Donation Drives
Numerous donation websites have come up in the recent past. These sites ask for
a donation to help the downtrodden or the recently unemployed. They may also
advertise for money to help the ones struck by the pandemic. Malicious actors
divert the funds received to their accounts. It is also quite challenging to track
such transactions. By the time the victim realizes what happened, the threat
actor will have deleted all possible communication channels and vanished into
thin air!

The Non-existent Vaccine

Even while the vaccine was still some time away, the malicious actors started
false campaigns stating the shortfall in availability. Large sums of money can be
collected, playing on the fears and anxiety of people. Phishing criminals may also
resort to asking for personal details while impersonating themselves as
Government employees or health workers. They use this information for identity
thefts and other such activities.

The Fake Website

It is the most common method of phishing. Malicious actors create websites
resembling the original ones, including government departments to
pharmaceutical organizations providing various services related to Covid-19. They
then send emails to people seeking to engage them. The idea behind creating
these websites is to give the entire charade a facade of authenticity. The modus
operandi of most of these websites include asking the user for their personal
information, which the unsuspecting ones give away, thinking it is going to the
right hands.

Bogus Refunds
With the travel and tourism industry coming to a halt this year, it is evident that
most people having travel plans must have had to let go of their dreams. It turns
into an even more significant issue when the money spent on bookings and
tickets is lost forever. Threat actors see this as an opportunity to siphon off
information from the victims by offering bogus refunds. They go to the extent of
asking for their credit card or banking details, stating that the refund would be
directly credited to the account. The collected information could be later put up
on the dark web for sale.

Fake Covid-19 Statistics Emails

Malicious actors often send emails with headers indicating various Covid-19
statistics. Those curious to get the latest trends and numbers click on the
attachment, which downloads malware into their system. Such fake emails
impersonate prestigious organizations, including the WHO.
 ‘Covid Test Result’ Phishing
Another phishing email that emerged during the pandemic was the fake Covid-19
test result message. Those who have undergone tests and awaiting the outcome
could think it is an email containing their results. Those who open the email could
trigger a malware installation into the system.

III. Policy/Strategy
To fill the void,
COVID-19 undoubtedly has wreaked havoc worldwide. To make the matter worse,
numerous threat actors have emerged with newer and sophisticated methods,
especially phishing emails in various forms, designed specifically to suit the
pandemic times to take advantage of frustrated victims. The easiest and yet the
most effective way to keep these malicious actors at bay is to stay abreast of
their latest modus operandi and remain vigilant with all digital activities.
To combat this infodemic, digital platforms must be made more accountable, fake
news tracked and called out, and media literacy developed.

Real-Time Link Click Protection

Most anti phishing solutions check emails for malicious links before they hit your
inbox. But today, that’s just not good enough. Because attackers can send
seemingly safe emails that later turn malicious, links in emails must be checked
in real-time. Advanced Threat Defense checks links in emails when they’re
clicked. Every time they’re clicked. So, you’re protected from time-delayed
phishing techniques—one of the most sophisticated approaches employed by
attackers today. With it you get total phishing prevention.

Malicious Attachment Blocking

There’s no reason for anyone at your company to ever receive an email with an
executable file attached, which is why Advanced Threat Defense blocks them all.
So, you never have to worry about someone accidentally double clicking one.
Advanced Threat Defense also scans non-executable files for embedded macros
and scripts, as well zips files up to nine levels deep. Blocked attachments are
quarantined and the sender is notified the attachment has been blocked.

IV. Impact