Advertisement

Coronavirus-themed emails used by cybercriminals to spread malware, report says

Click to play video: 'Coronavirus outbreak: China returns to work as government eases restrictions'
Coronavirus outbreak: China returns to work as government eases restrictions
WATCH ABOVE: Coronavirus outbreak: China returns to work as government eases restrictions – Feb 10, 2020

Criminal groups are exploiting fears over the recent novel coronavirus outbreak in an email phishing campaign directed at the global shipping industry, according to a report issued Monday by a California-based cybersecurity firm.

Proofpoint said the new campaign uses emails with bogus Microsoft Word attachments that are designed to install a type of malware known as AZORult.

AZORult has been around since at least 2016 and can be used to install ransomware, which is designed to lock legitimate users out of their computer systems until a ransom is paid.

“In these (coronavirus-related) attacks, we don’t see AZORult downloading ransomware currently,” Proofpoint said.

Click to play video: 'Coronavirus outbreak: Hong Kong residents evacuated from residential block where two virus patients live'
Coronavirus outbreak: Hong Kong residents evacuated from residential block where two virus patients live

“However, because of AZORult’s configurable nature and past use in conjunction with ransomware that remains a real threat.”

Story continues below advertisement

Proofpoint didn’t provide statistics on how many actual coronavirus-themed malicious emails have been detected or how much damage has been caused by coronavirus-themed malicious emails.

The Canadian government’s Centre for Cyber Security said in an email that it was aware of both the AZORult malware and coronavirus-related phishing campaigns but didn’t comment specifically on the Proofpoint report.

LISTEN: Massive increase in Covid-19-related phishing emails

“Cyber actors tend to use social engineering and topical subjects to lure their targets to click on a malicious link,” the centre said.

Its website cyber.gc.ca provides alerts and advice for spotting and dealing with email scams, known as phishing, and more targeted campaigns known as spear-phishing that focus on personal characteristics, interests or lines of work.

Story continues below advertisement

“Employees are privy to important and sensitive information, and as a result, often receive malicious emails that are intended to provide cyber intruders access to this information,” the agency says.

Receive the latest medical news and health information delivered to you every Sunday.

Get weekly health news

Receive the latest medical news and health information delivered to you every Sunday.
By providing your email address, you have read and agree to Global News' Terms and Conditions and Privacy Policy.

The RCMP said it is aware of this latest malware threat, but is not aware of any reported victims.

“We always urge caution in handling unsolicited email and we suggest recipients avoid opening attachments or clicking links from unknown senders. If you are a victim of cybercrime, report it to your local police and the Canadian Anti-Fraud Centre,” said spokeswoman Catherine Fortin.

U.S. cybersecurity firm Sophos said last week that it had learned of a scam that used fake emails pretending to be safety instructions from the World Health Organization.

“Fortunately, at least for fluent speakers of English, the criminals have made numerous spelling and grammatical mistakes that act as warning signs that this is not what it seems,” Sophos said in a blog post dated Feb. 5.

Story continues below advertisement

Proofpoint said in its posting that the narrowly focused campaign it detected seems to originate from Russia and Eastern Europe but there’s no evidence linking the actors to a known criminal group.

Click to play video: 'Coronavirus outbreak: Trump says he expects virus to ‘go away’ in April as ‘heat comes in’'
Coronavirus outbreak: Trump says he expects virus to ‘go away’ in April as ‘heat comes in’

However, it says the attackers seem to be sophisticated and have targeted industries that are susceptible to shipping disruptions including manufacturing, industrial, finance, transportation, pharmaceutical and cosmetic companies.

“A coronavirus-related shipping supply disruption would negatively impact each of the company types listed above and it’s clear these attackers are aware that a major event like coronavirus can have secondary impacts on industries.

“This awareness demonstrates not just technical sophistication, but economic sophistication as well,” Proofpoint said in its article.

Story continues below advertisement
Click to play video: 'Coronavirus outbreak: WHO says China team looking to understand origins, severity'
Coronavirus outbreak: WHO says China team looking to understand origins, severity

Proofpoint advised workers to exercise caution when presented with coronavirus-themed email messages and attachments, as well as links and websites that could be used by criminals as lures.

Meanwhile, health officials in Canada have repeatedly stressed that the coronavirus currently poses a low risk to the public in this country. Seven cases have been identified in Canada, while worldwide, the illness known as 2019-nCoV has sickened more than 37,000 people and killed more than 800, nearly all in China.

Nevertheless, Canadians are being urged to remain vigilant against infection, with medical experts advising good hygiene practices such as washing hands frequently and coughing or sneezing into tissue.

with a file from Cassandra Szklarski in Toronto

Advertisement

Sponsored content

AdChoices