Coronavirus-themed spam surged 14,000% in two weeks says IBM

Since February, spam exploiting the novel coronavirus has jumped by 4,300% and 14,000% in the past 14 days, according to IBM X-Force, IBM's threat intelligence group.

Coronavirus-themed spam surged 14,000% in two weeks says IBM
7:31

Cybercriminals have been taking advantage of the novel coronavirus pandemic to bombard people with phishing emails, spam, and malware since the disease was first reported around the beginning of the year. The goal is to try to ensnare unsuspecting victims curious or concerned about the virus. A new report from IBM X-Force reveals just how much COVID-19 spam has been generated and how it's been manifesting itself.

SEE: Coronavirus and its impact on the enterprise (TechRepublic Premium)

Since the outbreak went global in February, coronavirus-theme spam has increased by 4,300%. And in just the last 14 days, such spam has skyrocketed by 14,000%. The spammers are employing a variety of tactics to catch people, according to IBM X-Force. Some campaigns target small businesses looking for government relief. Some use ransomware by threatening the health and safety of users if they don't pay. And others impersonate such groups as the World Health organization by promising information on COVID-19 but instead delivering malware.

Small Business Relief Spam: In this instance, spammers send emails claiming to be from the U.S. Small Business Administration with an attachment purporting to be an application for disaster assistance in light of the coronavirus. If someone takes the bait, the malicious file attachment executes the Remcos malware that then installs a Remote Access Trojan (RAT).

Extortion: Over the past few days, two high-volume spam attacks have arisen, both threatening to infect the recipient and family with COVID-19 if they fail to pay a ransom. The first campaign comes from a known spammer who usually specializes in sextortion. With the coronavirus now a worldwide fear, this criminal has switched gears to demand $500 in bitcoin or risk being infected in 72 hours.

In the first campaign, the emails are spoofed to make them appear as if they're coming from the victim's account and are largely being sent from the US. In the second campaign, most of the emails are sent from IP addresses in East Asia, particularly Vietnam.

extortion-scam-ibm-xforce.jpg

IBM X-Force

A Cure from the WHO: Cybercriminals have been targeting health agencies such as the World Health Organization with both direct attacks and spoofs for phishing emails. In this campaign, the emails claim to be from the WHO's Director-General, Dr. Tedros Adhanom Ghebreyesus, with details on drugs to take to prevent and cure the virus. In one instance, an attached document installs a variant of the Agent Tesla malware variant that serves as a keylogger and info-stealer. In another instance, the emails offer information on a virus vaccine but deliver the Agent Tesla malware.

Local Relief Funding: A new spam campaign described by IBM X-Force is being deployed across the US, Canada and Australia where some of the highest numbers of COVID-19 cases have appeared. In this one, cybercriminals send spam allegedly with information on how to get relief funds during the virus outbreak. If the user opens the attached document, Zeus Sphinx malware infects the machine to steal online banking credentials.

How to protect yourself against coronavirus spam

To protect yourself against these types of spam attacks, IBM X-Force offers the following recommendations:

  • Do not click or open links in emails directly. Instead type in the main URL in your browser or search the brand/company via your preferred search engine.
  • Ensure your anti-virus software and associated files are up to date.
  • Search for existing signs of the Indicators of Compromise (IOCs) in your environment.
  • Block all URL and IP-based IOCs at the firewall, intrusion detection system, web gateways, routers, and other perimeter-based devices to remediate this threat.
  • Keep applications and operating systems running at the current released patch level.

Also see