Over the past few weeks, we’ve covered a range of coronavirus related scams that have surfaced including phishing attempts, ransomware, and trojan horses. An example is of when we covered an app posing as a coronavirus tracker but in actuality was ransomware locking user devices.
Another incident involved malicious software posing to be from the World Health Organisation(WHO) for coronavirus related health advisories but again in actuality was a piece of malware. While some of these are complex attacks, others relatively hover near the borderline of stupidity making one wonder who’d fall for them in the first place. We’ve come across a few such examples just recently a day ago.
Highlighted by IntSights in their new report titled “The Cyber Threat Impact of COVID-19 to Global Business,” a person claiming to be infected with the coronavirus is offering his blood and saliva for sale for $1000 on a dark web marketplace named “Own Shop.”
The theoretical logic put forward by the seller is that their blood contains antibodies that will help the receiver to achieve immunity and hence be safe from the highly contractionary disease.
Secondly, it’s no secret that testing kits are facing a drastic shortage even in countries with rich resources at hand. This is due to the shortage of components such as test swabs and reagents that, in essence, make up these kits.
Since such a situation would invite masses desperate to cling on to any hope of obtaining such a test, scammers have started to exploit the situation. They’re doing so by offering fake rapid testing kits for sale on the dark web along with coronavirus detectors, a device that is supposed to instantly get you a “yes or no” answer.
These obviously are not your best bet if you’re looking for a legitimate test. Yet, the more absurd is yet to come. While scientists globally struggle to come up with a workable vaccine, we’re seeing fraudsters advertise their solutions shamelessly:
Nonetheless, while there are different attack vectors being employed revolving around the same theme of extorting money from vulnerable individuals, there is a more sinister campaign at play that hasn’t been talked much about – state-sponsored attacks.
Amidst all the turmoil, researchers have identified countries that are still using the virus to their advantage in setting traps for their enemies. These involve the likes of Russia and China, etc. Seeing the Hades hacking group backed by Russia as an example, it has been targeting Ukraine with a misinformation campaign through social media in order to create widespread panic.
Furthermore, a backdoor trojan is being dropped through phishing emails “appearing to be from the Center for Public Health of the Ministry of Health of Ukraine and containing a bait document with fake information about COVID-19.” This lets the attackers gain remote access to the victim’s machine.
To conclude, different types of attacks will continue to occur in the near future with no nearby stop. However, we can take precautions to guard against them. These include only seeking information from legitimate sources such as the original website of the WHO instead of trusting a third party referrer, steering clear of emails from unknown senders, using strong passwords in conjunction with 2FA and using a good antivirus program.
Additionally, it is the responsibility of the media to highlight the malicious role governments are playing in these times in order to exert pressure on them to cease such activities.