COVID-19 Cyber Threats Continue to Evolve

Almost every day, new cyber threats are revealed that exploit public concern over COVID-19, from malicious emails and compromised sites to various scams. This week, two websites promoted a fake anti-virus software that, when downloaded, installed the BlackNET remote access trojan and added the compromised system to a botnet. Additionally, threat actors are accessing D-Link and Linksys router domain name system (DNS) settings in order to have web browsers display alerts for a fraudulent COVID-19 World Health Organization information app. The app actually downloads the Vidar information-stealing trojan. Furthermore, a subdomain of the US Department of Health & Human Services’ website, hhs.gov, is being used by threat actors to redirect users to a document that will download and execute the Raccoon information-stealing trojan. Lastly, while some threat actors have halted operations aimed at healthcare facilities during this time, a medical facility testing COVID-19 vaccines was impacted with ransomware and exposed patient data to encourage the victim to pay. A variation on extortion emails we’ve seen since the summer of 2018 is also circulating, demanding recipients to pay a ransom or the perpetrator will infect them and their family with COVID-19. The NJCCIC has noted an increase in COVID-19 cyber threats aimed at NJ state employees and the Garden State Network. Eight of the ten top phishing campaigns directed at NJ state employees over the last two weeks had COVID-19 themes and lures. These emails attempt to deliver malware or steal user credentials. Some of the emails include the following tactics: a sender claiming to be terminally ill with COVID-19 and requesting money via bitcoin, an attachment containing a COVID-19 Bulletin for Business Partners, and an attachment containing information on COVID-19 actions, an attachment that provides information on how to obtain in-demand personal protective equipment (in above image). 

The NJCCIC reminds users to remain especially vigilant during this time and exercise caution with COVID-19-themed emails, social media posts, and websites. Additionally, only use trusted sources – such as official government websites – for information on COVID-19. New Jersey provides updates on COVID-19 at covid-19.nj.gov and NJOHSP provides rumor control and disinformation updates at njohsp.gov/covid19.