Evidently the COVID-19 pandemic isn’t slowing down cyberthieves. According to a report by Palo Alto Networks’ Unit 42 security team, phishing attacks are thriving during the coronavirus pandemic.
Cyberattackers are hitting government bodies and medical organizations using traditional phishing attacks, where thieves use emails to tempt people to click on links that can compromise their computers or mobile devices.
Unit 42 said it has observed growth of COVID-19 themed threats, particularly in the realm of phishing attacks. While the various COVID-19 themed phishing campaigns observed by Unit 42 are numerous, the report describes a ransomware variant (EDA2) observed in attacks on a Canadian government healthcare organization and a Canadian medical research university.
Unit 42 also observed an infostealer variant of a known threat (AgentTesla) in attacks against various other targets (i.e. a United States defense research entity, a Turkish government agency managing public works, several large technology and communications firms headquartered in Canada, Germany, and England, and medical organizations/medical research facilities located in Japan and Canada).
None of the malware samples mentioned in the report were successful in reaching their intended targets, according to the report by Unit 42’s Adrian McCabe, Vicky Ray, and Juan Cortes.
“It is clear from these cases that the threat actors who profit from cybercrime will go to any extent, including targeting organizations that are in the front lines and responding to the pandemic on a daily basis,” the report said. “This trend is likely going to continue for weeks to come.”