Check Point experts warned about a new trend among cybercriminals: now hackers are exploiting the topic of the coronavirus vaccine. The main vector of attacks is email, which accounted for 82% of such attacks in the last 30 days.
Almost every such letter contains malicious links. After clicking on such a link, victims download a malicious file, usually in the .exe, .xls or .doc format.
Check Point researchers share two examples of such malicious emails. In the first example, malicious spam was spread through emails with the subject "URGENT INFORMATION LETTER: COVID-19 NEW APPROVED VACCINES". Such emails contain malicious .EXE files named "Download_Covid 19 Newly Approved Vaccines 07.23.2020.exe", which ultimately installs an info-stealer capable of stealing victim information, including credentials.
In the second example, emails are sent with the subject line “UK coronavirus vaccine effort is progressing badly appropriate, recruiting consequence and elder adults”. Such messages contain a malicious link – surgicaltoll .com / vy2g4b .html, which currently appears to be inactive. The investigation revealed that the link was used to redirect traffic to the medical-themed phishing site thelifestillgoeson (.) Su, which was trying to mimic a Canadian pharmacy.
However, experts note that overall, the number of coronavirus-related attacks dropped significantly in July. For example, in July, researchers detected about 61,000 COVID-19 attacks every week, which is 50% less than the weekly average in June (about 130,000 attacks).
At the same time, the number of new domains associated with coronavirus and vaccines against it doubled in June and July 2020. Analysts estimate that every 25 pages on malicious COVID-19 websites are now associated with vaccines.
“Lately, we've seen hackers exploit people's fear and interest in COVID-19 vaccines,” says Check Point specialist Omer Dembinski. –– Victim mail is used in most campaigns. 80% of attacks on organizations start with a malicious email. These attacks use the weakest factor — the human factor. This means that employee mailboxes are the weakest link in organizations. I urge everyone to carefully read the subject line of incoming emails. If they have the word "vaccine" in them, think twice. Most likely, they want to get the most important information from you. "