Notice: The information in this report is a synopsis of the source articles.  For in depth information please refer to the source cited at the end of each article.


Date: 31 March 2021

Title: Pandemic threats: The common threads in COVID-19 scams and criminal schemes

A new Trend Micro report viewed by ZDNet, the team explored the increased dependence on online services prompted by the pandemic — and how threat actors are trying to cash in.  Due to physical business and office closures, lockdowns, and stay-at-home orders, companies trying to survive have needed to either ramp up their online services or create them from scratch — ranging from e-commerce shops to delivery services. 

As new platforms spring up to cater to consumer economic and medical needs, threat actors are pivoting to campaigns designed to impersonate legitimate sources in the hopes of malware deployment and data theft.  Cybercriminals usually impersonate known entities and create convincing replicas of email, website, or apps from legitimate sources, the researchers note. Due to this, users might have a harder time identifying legitimate platforms from malicious ones. This might be especially true for those who are using online systems heavily for the first time, such as many of the elderly.

According to recent Trend Micro data, over the past few months, there has been an uptick in spam campaigns using the coronavirus vaccine as a subject to spread Emotet, Fareit, Agent Tesla, and Remcos across the US, Italy, and Germany, alongside other countries.  An Emotet Trojan campaign, tracked across January, used a variety of email lures including Daily COVID reporting.doc, DAILY COVID-19 Information.doc, NQ29526013I_COVID-19_SARS-CoV-2.doc, and GJ-5679 Medical report Covid-19.doc

The email entices a user to confirm that they accept the invitation for vaccination,” the report notes. “Whether the “accept” or “disregard” button of the invitation is clicked, the email redirects to a landing page. This page displays a form requesting the user’s full name, birth date, address, and mobile number.  SMS messages are also being used as an attack vector, including messages ranging from vaccine ‘eligibility’ checks, registration, COVID-19 relief payments, appointment booking, and offers of health ‘supplements’ to fight the virus.

What to do?

Update your cybersecurity training to include Covid 19 types of phishing and cyber-attacks.

Ensure your anti-virus and anti-malware software is operational and current.

What can you do to when this happens to you?

If you find your network has been compromised immediately shut down and find the source of the breach.

Take steps to mitigate any virus or malware

If data has been compromised and/or exfiltrated notify all interested parties.

Rebuild the network from a known clean backup


Pandemic threats: The common threads in COVID-19 scams and criminal schemes | ZDNet

 Charlie Osborne for Zero Day | March 31, 2021