Hackers around the world are taking advantage of coronavirus fears by posing as organizations like the U.S. Centers for Disease Control and Prevention (CDC) and the World Health Organization (WHO) to maliciously advance espionage tactics and cause panic and confusion, according to a report by Bloomberg.
BAE Systems Applied Intelligence, a cybersecurity firm, said that in one example, hackers pretended to be from the CDC and sent an email to an electronics business in South Korea with a subject line that read “Re: nCoV: Coronavirus outbreak and safety measures in your city (Urgent).”
“It’s not surprising, we call it the lure de jure,” said Adrian Nish, head of threat intelligence at BAE. “I think a lot of these groups have identified coronavirus as something their targets would be desperate for information on.”
The email was changed so that it looked like it was sent from “CDC-Health-INFO,” and came from the email address of a diplomat from the United States. It was actually sent from a food company in South Korea, but it is not known whether the food company was hacked.
“Please kindly download the updated attachment for your knowledge,” the email read. “Please go through the cases to avoid potential hazards.”
If recipients downloaded any attachments, their computers would have probably been infected with a “remote access Trojan,” which would give hackers control of the computer and maybe even the network.
“Threat actors are savvy in terms of the social engineering side,” Nish said. He predicts that there will be many more attacks of this nature during the crisis.
Another email supposedly came from the WHO and the Ministry of Health in the Ukraine. The document falsely said there were five confirmed cases in the Ukraine, and that it had hidden malware that would record keystrokes.
On Wednesday, the Financial Conduct Authority (FCA) sent out a notice regarding malicious online activities that take advantage of the coronavirus.
“These scams take many forms and could be about insurance policies, pension transfers or high-return investment opportunities, including investments in cryptoassets,” the notice said. “Scammers are sophisticated, opportunistic and will try many things. They are also very likely to target the vulnerable. Beware of investments that appear to be too good (to) be true. If you decide to invest in something offering a high return or in a cryptoasset, you should be prepared to lose all your money.”