Check Point Research found a spike in coronavirus domain name registrations earlier this month as hackers increase malicious activity around the illness.
Check Point listed “vaccinecovid-19.com” as an example of a malicious site. It was created on February 11, 2020, registered in Russia, and offers a $300 cure for the coronavirus.
Hackers also are exploiting fears about the virus as a new way to distribute the Emotet trojan.
Check Point’s monthly report on malware found that the top three malware families in January are the same as December: Emotet retains first place, impacting 13% of organizations globally, followed by XMRig and Trickbot impacting 10% and 7% of organizations worldwide.
Emotet was originally a banking Trojan but recently has been used to distribute other malware or malicious campaigns. It also can spread through phishing spam emails containing malicious attachments or links.
SEE: Mobile device security: Tips for IT pros (free PDF)
The January report also identified a malicious Lokibot sample targeting Indonesia with a coronavirus message. Check Point expects coronavirus spam campaigns to increase over the coming days.
Check Point recommended that IT departments share these tips with users:
- Do not clink on promotional links in emails.
- Google the desired retailer, and click the link from a results page instead.
- Beware of “special” offers, such as an 80% discount on a new iPhone or an exclusive cure or treatment for coronavirus.
- Beware of lookalike domains, spelling errors in emails or websites, and unfamiliar email senders.
David Richarson, vice president for product management at Lookout, said that people also should be skeptical of emails that try to create a sense of urgency about taking advantage of a deal.
“They’re trying to get you to turn your brain off because if something sounds too good to be true, it is,” he said.
Richardson said training should include tips on how to spot a phishing site, including pixelated logos and URLs that look suspicious.
Michael Bruemmer, vice president of Data Breach Resolution and Consumer Protection at Experian, said he is seeing a spike in SMS-based phishing attacks as well. Bad actors send texts that look like they are from a trustworthy source, such as a credit card company, financial institution, or retailer. Clicking the link in a text can activate malware.
“I tell people not to click on any links from anybody unless you have talked to them in the last hour because people’s credentials can be compromised,” he said.