Coronavirus Pandemic: Beware of the Bait Sites

The menace of coronavirus pandemic is accelerating significantly and hackers are capitalizing the element of fear to collect shear currency. They are creating thousands of websites as baits.

According to the Check Point Research report, threat actors are registering phony COVID-19-related domains and selling them on discounted off-the-shelf malware on the dark web.

In this article, we will delve into some essential details regarding the coronavirus-related bait sites. Here is some help.

Coronavirus-related Discounts

In the dark web, threat actors are promoting their goods usually exploited tools or malicious malware. They sell these phony products under the special offers with a coronavirus or COVID-19 as discounted codes.

According to the Hacker News, some of the so-called security tools available at discounted price incorporate “Build to bypass email and chrome security,” and “Win Defender bypass.”

Below is the screenshot that shows the example of another corona-related offer:

malware attack

Corona-themed Malicious Domains

Since the outbreak of the virus, cybercriminals have been exploiting the global pandemic to propagate malicious activities with several spam campaigns.

According to the Check Point Threat Intelligence report, since January 2020, over 4,000 COVID-19-related domains have been registered. Of these, 3% of websites were malicious whereas the additional 5% were suspicious. However, COVID-19-related websites were 50% more likely to be malicious than other websites at the same time. This ratio was also higher than the fake domains that were created during Valentine’s day.

Source: Check Point

The malicious domains are mostly being used for phishing. In addition, these websites include content related to coronavirus precautions and cure. Scammers lure users to visit fake domains where they claim to sell home tests, vaccines, face masks, and hand sanitizers.

Since coronavirus infections are increasing tremendously in Italy, the country has gained the attention of hackers because the element of fear is to a great extent. Phishing campaigns are being launched on Italian organizations. Most organizations have raised their concerns about corona-related phishing attempts. Check Point reveals that 10% of all enterprises in Italy have exploited concerns over the growing menace of infections in the state.

Corona-themed Malicious Attacks

Since the outbreak of the COVID-19, a significant number of attacks have been launched against testing centers and hospitals. Furthermore, phishing campaigns are also distributing malware such as Nanocore RAT, Emotet, TrickBot, and AZORult through malicious attachments and links.

According to the security, Issue Makers Lab, North Korean hackers launched a malware campaign using the booby-trapped documents that detailed South Korea’s response to the coronavirus pandemic as a lure to deploy the BabyShark malware.

A phony COVID-19-related Android app was developed, namely “COVID19 Tracker.” The purpose of this app was to abuse user’s permissions to change the infected phone’s lock screen password and then install CovidLock ransomware in return for a $100 bitcoin as a ransom.

Conclusion (The Bottom Line)

Undoubtedly, hundreds of coronavirus-related bait websites have been created by hackers to offer face masks, hand sanitizers, and other related products. The purpose is to either compromise victim’s personal information directly or drop a malware into his or her machine.

To prevent corona-related attacks or avoid being fooled by bait sites, you must have an effective security suite in place. If you are an organization, then an effective SIEM solution should be your first bet. To this end, Logsign SIEM is offering a next-gen SIEM that can help you avoid cyber-attacks even those that are very fast and sophisticated.

References

https://blog.checkpoint.com/2020/03/05/update-coronavirus-themed-domains-50-more-likely-to-be-malicious-than-other-domains/

https://thehackernews.com/2020/03/covid-19-coronavirus-hacker-malware.html

Leave a Reply

Your email address will not be published. Required fields are marked *