Search This Blog

Showing posts with label COVID-19. Show all posts

Red Cross asks the Government to take Preventive Measures on Cyberattacks against Health Departments


Currently, while the whole world is struggling to fight against the coronavirus epidemic, cyberattacks have increased in numbers, targeting health departments like hospitals, research centers, and WHO. According to Reuters, "the Red Cross called for an end to cyberattacks on healthcare and medical research facilities during the coronavirus pandemic, in a letter published Tuesday and signed by a group of political and business figures."

Due to this, a group of 42 top world leaders have come together and requested the Government to take some immediate actions on the increasing attacks against the healthcare institutions. Among the members, there is Madeleine Albright, ex U.S Secretary of State and Brad Smith, president, Microsoft. Peter Maurer, President of International Red Cross Society, says the Government should take some swift measures and step-up to stop these attacks. He hopes that the Government is willing to commit to international obligations to prevent these attacks. He has asked for international cooperation from various health departments to combat this problem. It can be a severe problem for war-stricken countries where the conditions of healthcare departments are already deteriorating, and these cyberattacks will make things even worse.

The various leaders have asked the Government to work side by side with civil society. It comes after the news of cyberattacks on healthcare institutes came out. Ransomware was one of the attacks, that jammed the computers and infected the healthcare systems. It affected the healthcare institutes' functioning, like treating the patients, research, and various tests. Last month, incidents of the cyberattack on health institutes were reported by the Czech Republic government. Another event appeared where the DarkHotel hacking group attacked WHO.

News of various countries reporting attacks on healthcare systems also emerged, where the records of COVID-19 patients were stolen along with lab tests data. "Over the last several months, cybercriminals have targeted hospitals with computer viruses, usually in schemes to extort or hold their data ransom. More sophisticated hacking groups, such as those associated with governments, have also targeted medical research centers to steal valuable data about COVID-19 treatments," reports Reuters on its website.

Email Phishing Scam: Scammers Impersonate LogMeIn to Mine Users' Account Credentials


A Boston, Massachusetts based company, LogMeIn that provides software as a service and cloud-based remote connectivity services for collaboration, IT management and customer engagement has fallen prey to the scammers targeting companies' work from home schemes set up due to the ongoing pandemic, the campaign impersonates the remote access tool (RAT) LogMeIn and mines the unsuspecting users' account credentials.

As the number of people working from home increased rapidly, scammers saw it as a golden opportunity to carry out impersonations of remote tools such as Zoom and LogMeIn more blatantly than ever; the first incident being spotted in the month of May confirms the attributions made by the researchers in regard to COVID-19.

In this particular attack, the phishing email appears to be coming from LogMeIn, cautioning the user at the receiving end, of a zero-day exploit present in the LogMeIn Central and LogMeIn Pro- two of the company's products. It goes unsaid that in reality there exists no such vulnerability and victims' are made to follow a link that claims to be LogMein URL but takes the user to a phishing page where they would enter the credentials that would be obtained by the scammers behind the attack. Additionally, the threat actors are also exploiting the security issues that already existed in remote access platforms as a part of this phishing campaign.

While giving further insights, Abnormal Security said “Other collaboration platforms have been under scrutiny for their security as many have become dependent on them to continue their work given the current pandemic,”

“Because of this, frequent updates have become common as many platforms are attempting to remedy the situation. A recipient may be more inclined to update because they have a strong desire to secure their communications.”

In order to avoid being scammed by such phishing campaigns, Ken Liao, vice president of Cybersecurity Strategy at Abnormal, alerted users, "Many of the recent attacks have masqueraded as updates--even more specifically--security updates,"

"As always, users should default to updating applications via the application itself and not via links in emails to prevent not only credential loss but the potential introduction of malware onto their machines."

Cybercriminals Spreading Node.js Trojan Promising Relief from the Outbreak of COVID-19


A java downloader going by the extension “Company PLP_Tax relief due to Covid-19 outbreak CI+PL.jar” has been recently detected. Drawing inferences from its name, researchers suspected it to be associated with COVID-19 themed phishing attacks.

Running this file led to the download of an undetected malware sample that is written in Node.js; Node.js is an open-source, cross-platform, Javascript runtime environment that executes Javascript code outside of a browser and as it is primarily designed for web server development, there's a very less probability of it being already installed onto systems.

The trojan that is suspected of employing the unconventional platform for bypassing detection has been labeled as 'QNodeService'. The malware has been designed to perform a number of malicious functions including uploading, downloading, and executing files.

It is also configured to steal credentials stored in web browsers and perform file management etc. Currently, the malware appears to be targeting Windows systems only, however, the code signifies a potential for 'cross-platform compatibility', researchers concluded a possibility of the same being a 'future goal' for cybercriminals.

Cybercriminals are devising new methods all the time to design malware such as trojans to infect as many machines as possible without getting noticed.

To stay on a safer side, users are recommended to block malware from acquiring access via all the possible doorways like endpoints, networks, and emails.

The Dreambot Malware Botnet Appears To Have Gone Silent and Possibly Shut Down


Dreambot's backend servers as per a report published by the CSIS Security Group, a cyber-security firm situated in Copenhagen, seem to have gone quiet and potentially shut down completely.

It started in March around the same time when the cybersecurity community likewise stopped seeing the new Dreambot samples disseminated in the wild. 

Benoit Ancel, the malware analyst at the CSIS Security Group, says, “The lack of new features? The multiplication of new Gozi variants? The huge rise of Zloader? COVID-19? We can't be sure exactly what was the cause of death, but more and more indicators point at the end of Dreambot." 

The Dreambot malware's apparent demise put an end to a six-year-old "career" on the cybercrime landscape. First spotted in 2014, it was created on the leaked source code of the more seasoned Gozi ISFB banking trojan, one of the most reused bits of malware today. 

With time, Dreambot received new highlights, like the Tor-hosted command and control servers, a keylogging capacity, the capacity to steal browser cookies and information from email clients, a screenshot feature, the capacity to record a victim's screen, a bootkit module, and a VNC remote access feature - just to name the most significant.

Typical Dreambot Control Panel

Besides, Dreambot likewise evolved from a private malware botnet into what's known as a Cybercrime-as-a-Service (CaaS). 

 As a CaaS, the Dreambot creators would publicize access to their botnet on hacking and malware forums. Various crooks could gain access to a part of Dreambot's infrastructure and an adaptation of the Dreambot malware, which they'd be answerable for distributing to victims. 

Dreambot "customers" would infect victims, steal funds, and pay the Dreambot gang a week after week, month to month, or at a yearly expense. CSIS says this model seems to have been fruitful. "We counted more than a million [Dreambot] infections worldwide just for 2019," Ancel said. 

In any case, the CSIS researcher additionally said that as of late, Dreambot developed from being only a banking trojan. All the more explicitly, it evolved from a specific banking trojan into a generic trojan. 

Criminals would lease access to the Dreambot cybercrime machine, yet not use it to steal money from bank accounts. Instead, they'd taint countless computers, and afterward review each target, searching for explicit computers. 

Nonetheless, Dreambot operators have not been 'publicly identified' and stay on the loose. The explanation behind this whole cybercrime platform's current disappearance likewise stays a mystery. Be that as it may, with the operators everywhere, Dreambot's return 'remains a possibility'.


The UK Government Vs Apple & Google API on the New COVID-19 App That Tells Who Near You is Infected!



Reportedly, the United Kingdom declared that their coronavirus tracing application is being run via centralized British servers and that’s how they are planning to take things forward and not via the usual “Apple-Google approach” which is a preferred one for most.

Per sources, the CEO of the Tech unit of the National Health Service mentioned that their new smartphone app will have its launching in the upcoming weeks, with the hopes of helping the country return to normalcy by beating coronavirus.

According to reports, the UK government believes that the contact-tracing protocol created by Apple and Google protects user privacy “under advertisement only”. Hence the British health service supports a system that would send the data of who may have the virus to a centralized server giving all the controls in the hand of the NHS.

The way of the NHS and that of Apple and Google, work via Bluetooth by putting a cell-phone on the wireless network, having it emit an electronic ID that could be intercepted by other phones in the vicinity. If a person tests positive for COVID-19 their ID would be used to warn the others near them.

Meaning, if you were near an affected person, your phone would show flags about their being infected, you’d be notified about it and if you may have caught the novel coronavirus you’d be alerted about that too, mention sources.

Per reports, Google and Apple especially had created an opt-in pro-privacy API for Android and iOS. The feature allows the user’s phone to change its ID on other phones near them and store it across different intervals of time.

Per sources, if a person is discovered to have COVID-19 they can allow the release of their phone’s ID to a decentralized set of databases looked over by healthcare providers and the nearby users would be notified about it.

The above-mentioned approach works best to help ensure that the users aren’t tracked by exploiting the above information. Google and Apple say that their protocol would make it next to impossible for them, the governments, and mal-actors to track people. The data wouldn’t leave the user’s phone unless they want it to, that too anonymously if and when.


A person, to declare themselves infected must enter a specific code from a healthcare provider after being tested positive which is a great way to curb fraudulent announcements about being infected.

The NHS, on the other hand, thought of proposing a centralized approach that makes the government, the party that has the coronavirus related details of all the users on their database for further analysis.

Per sources, for this application to be successful 60% of a population would have to download it and opt for it. Trust plays a major role here, if the users don’t trust the app it would be of no use to others either.

Reports mention that most countries prefer the Google and Apple method better, including Switzerland, Austria, and Estonia. Germany too is in strong support of a decentralized line whereas France had to face criticism for its inclination towards the centralized approach.

Nevertheless, the NHS is hell-bent on going forward with the centralized approach and is adamant that it will safeguard the privacy of people no matter what. In the centralized way of things, the NHS would capture all the IDs of phones with the app active on them and store the details on their database. Later on, if a user is found to be infected the NHS would make the call about all the hows, whens, and ifs of the warning procedure on the other phones.

If things were to work out the way NHS wants it to, the application would advise users to take steps to help them save themselves against the virus, like self-isolating if need be. The advice notified would be customized per the situation. They would also build a better database and help people with first-hand updates. People could also voluntarily provide detailed information about themselves to make the app’s experience more comprehensive.

Moreover, the centralized system would be way easier for conducting audits and analysis of the data that has been stored in the databases for further research about users that are at most risk.

But regardless of all the superficial advantages, the NHS would still be creating a database bursting with people’s personal information like their health statuses, their movements, and that too with the government having complete control of it.

The success of the entire operation dwells on the people’s trust in the NHS, the UK government, and the governments of all the countries for that matter who have opted for the centralized system.

Residents in China under Surveillance amid the Coronavirus Pandemic


According to recent reports, China is alleged for surveilling its residents' homes among the coronavirus epidemic. However, there is no official rule that says China can keep quarantined residents under watch. The incident has been happening since February in China, where few residents have reported cases of security camera equipped right in front of their homes. Three people have already informed of this incident, whereas other similar cases have appeared on social media.


Currently, China doesn't have any national law that allows it to watch its people through surveillance cameras, but still, the cameras are equipped in various public areas in China. According to sources, the authorities are continually keeping a watch on people, whether they are in malls, eating in a restaurant, boarding transport, or even in schools and colleges. According to data by CNN, around 20 Million cameras were installed across china in the year 2020, and this is only a rough estimate. According to some other sources, the numbers can go even higher. As per the reports of IHS Markit Technology, which currently works under Informa Tech, China had around 350 Million surveillance cameras installed in the year 2018, which is five times than of the USA.

What will happen by 2021? 

According to the data, the projection suggests that by the year 2021, China will have equipped six times more surveillance cameras than the US. According to Comparitech, a UK based research organization, "Estimates vary on the number of CCTV cameras in China, but reports range from 200 million up to 626 million in use by 2020. Based on the country's current population of 1.4 billion people, that would mean nearly one camera for every two people. Although this projection might seem vast, it may be a fraction of the actual number."

In the present times, however, the COVID-19 pandemic has triggered the Chinese authorities to keep a watch on its residents' private life. According to these residents, it is a complete breach of privacy. Knowing that this issue might appear, the Joint Civil Society issued a statement earlier this month that said, "the COVID-19 pandemic is a global public health emergency that requires a coordinated and large-scale response by governments worldwide. However, States' efforts to contain the virus must not be used as a cover to usher in a new era of greatly expanded systems of invasive digital surveillance."

Around 25,000 Email Addresses and Passwords Belonging to NIH, WHO, World Bank and Others Posted Online


The SITE Intelligence Group, a non-governmental US-based consultancy group that monitors online activities of international terrorist groups and tracks global extremism, recently discovered around 25,000 email addresses and passwords being posted online by unidentified activists. Reportedly, these credentials belong to the World Health Organisation, National Institutes of Health, the Gates Foundation, and various other organizations united in the global battle against COVID-19 – working to contain the spread of the Coronavirus.

The data of unidentified origins was exposed on Sunday and Monday and straight away used by cybercriminals to make attempts at hacking and take advantage of the posted information by causing incidents of harassment led by far-right extremists. The information made its first appearance on 4chan, an imageboard website where people anonymously post their opinions on subjects ranging from politics, anime, music, video games to sports and literature. It then subsequently appeared on Pastebin, Twitter, and Telegram groups belonging to far-right extremists.

However, the authenticity of the email addresses and passwords is still in question as the SITE said it was unable to verify the data. As per Robert Potter, an Australian cybersecurity expert, the 2,732 emails and passwords belonging to WHO were found to be authentic.

The biggest victim of the incident was NIH with a total of 9,938 emails and passwords being exposed, following NIH was the Centers for Disease Control and Prevention with the second largest number i.e., 6,857 and the World Bank with a total of 5,120, according to the report by SITE. All three organizations were quick to decline the requests of making any comment on the matter.

While providing insights, SITE's executive director, Rita Katz said, “Neo-Nazis and white supremacists capitalized on the lists and published them aggressively across their venues.”

“Using the data, far-right extremists were calling for a harassment campaign while sharing conspiracy theories about the coronavirus pandemic. The distribution of these alleged email credentials was just another part of a months-long initiative across the far right to weaponize the covid-19 pandemic.” She further added.

Meanwhile giving assurance, Twitter spokeswoman Katie Rosborough said, “We’re aware of this account activity and are taking widespread enforcement action under our rules, specifically our policy on private information. We’re also taking bulk removal action on the URL that links to the site in question.”

Facebook Makes Its Largest Bet on the Developing Market; Invests $5.7 Billion in Indian Internet Giant Jio


“The country is in the middle of a major digital transformation, and organizations like Jio have played a big part in getting hundreds of millions of Indian people and small businesses online. With communities around the world in lockdown, many of these entrepreneurs need digital tools they can rely on to find and communicate with customers and grow their businesses.”

This is what Mark Zuckerberg, the CEO of Facebook, said in a post to his Facebook page on the occasion of the social media giant making its biggest single investment by putting $5.7 billion into Jio Platforms of India on Tuesday.

Adding later on that the move indicates its 'commitment' to India, as approximately more than 388 million people in India have been in a solid connection with the internet service over the past four years via Jio.

While numerous businesses have been harmed by the aftermath from the Covid-19 pandemic, huge technology companies are positioned to profit over the long haul as more people resort to their services while keeping indoors.

Facebook is thusly making preparations to move ahead with vital and strategic investments at a very 'fragile' time in the global economy.

David Fischer, Facebook's chief revenue official, and Ajit Mohan, Facebook's managing director in India, in a blog-entry by-lined by the former said that “One focus of our collaboration with Jio will be creating new ways for people and businesses to operate more effectively in the growing digital economy. For instance, by bringing together JioMart, Jio’s small business initiative, with the power of WhatsApp, we can enable people to connect with businesses, shop, and ultimately purchase products in a seamless mobile experience.”

With more than 400 million Indian citizens utilizing WhatsApp and more than 300 million people utilizing the company's core social network, therefore Facebook sees a lot of chance with Jio.

Apart from this, last week India's Economic Times revealed that Facebook and Reliance were intending to use WhatsApp and Jio administrations to make a WeChat-style "super-app" for India.

Tencent's WeChat has enormous penetration in China, with in excess of a billion users and numerous independent businesses utilizing it for payments, promotion, and communication. Yet, it is to be noticed this isn't Facebook's first swoop into the Indian market.

Quite a long while ago, it attempted to offer free internet connectivity to Indian users in a program called Free Basics. Yet, that initiative hit a lot of obstacles until it was ultimately banned in the nation by the telecom regulator TRAI, in 2016.

What's more, is that the regulators concluded that businesses couldn't offer free internet services that supported only a few companies over the others. Facebook has been at a disagreement with the Indian government over WhatsApp for quite some time recently.

The government had demanded that WhatsApp change its encryption to trace messages back to their source, which WhatsApp refused to comply with. Simultaneously, regulators have over and over again thwarted WhatsApp's request to offer a payments service to its Indian users.

Here are some of the reaction tweets by people on the Jio-Facebook collab.







Google Is All Set To Fight The Coronavirus Themed Phishing Attacks and Scams


These days of lock-down have left cyber-criminals feeling pretty antsy about “working from home”. Not that it has mattered because apparently, that is why the number of cyber-crime cases has only hiked especially the Phishing attacks.

This has gotten Google working on its machine-learning models to bolster the security of Gmail to create a stronger security front against cyber-criminals.

Given the current conditions, the attackers seem to have a morbid sense when it comes to the themes of the Phishing attacks, i.e. COVID-19. Reportedly, 18 Million such attacks were blocked in a single week. Which amount up to 2.5% of the 100 Million phishing attacks it allegedly dodges every day.

Google, per sources, is also occupied with jamming around 240 Million spam messages on a daily basis. These phishing attacks and spams at such a worrisome time have impelled Google and Microsoft to modify their products’ mechanisms for creating a better security structure.

Reportedly, the number of phishing attacks, in general, hasn’t risen but in the already existing number of attacks, the use of COVID-19 or Coronavirus seems to have been used a lot.

Malware and phishing attacks, especially the ones related to COVID-19 are being pre-emptively monitored. Because being resourceful as the cyber-criminals are the existing campaigns are now being employed with little upgradations to fit the current situation.


A few of the annoying phishing emails include, ones pretending to be from the World Health Organization (WHO) to fool victims into making donations for VICTIMS to a falsified account.

Per the intelligence teams of Microsoft, the Coronavirus themed phishing attacks and scams are just the remodeled versions of the previous attacks.

The attackers are extremely adaptive to the things and issues that their victims might easily get attracted to. Hence a wide variety of baits could be noticed from time to time.

During the lock-down period of the pandemic, health-related and humanitarian organizations have been extensively mentioned in the scams and phishing emails.

Per sources, the Advanced Protection Program (APP) lately acquired new malware protections by enabling Google Play Protect On Android devices to some specifically enrolled accounts.

Allegedly, users trying to join the program with default security keys were suspended, while the ones with physical security keys were still allowed to be enrolled.

All the bettered security provisions of Google shall be turned on by default so that the users can continue to live a safe and secure life amidst the pandemic.

COVID 19 Contact Tracing: Is your Privacy at Risk?


Apple and Google's latest team up together to build a technology that will help trace the spread of coronavirus is a much-appreciated move, that will surely help the society to fight coronavirus. Still, one must also be aware of the privacy concerns, as the users will be sharing their data with these companies. The announcement came last Friday that the two companies are currently working together to build an application that will help in fining the COVID-19 trace. This process is called 'contact tracing,' and it will be carried with the help of Bluetooth technology that will benefit informing people as soon as they come in contact with an infected person.


Both the technology giants have assured that user privacy and security will be their utmost concern. According to cybersecurity experts, these companies who will be using user data such as- contacts, location; wouldn't be used for any other purposes. Even the companies won't have access to this information, and that is why these companies are prioritizing user privacy.

What about government surveillance? 
South Korea, while using technology to find the traces of infected people, is using CCTV footage, user location, credit card records, and even the conversation between individuals. This type of technological surveillance raises concerns about the privacy of individuals. According to cybersecurity experts, the South Korean government is releasing alerts that tell an individual's age, his neighborhood, his workplace, and also his location. None of such details are necessary as over sharing of these personal details can create a panic among the public. Some researchers have even gone to an extent, saying that this surveillance is expected to last even after the coronavirus pandemic ends.

According to experts, the government should tell the public about the reasons for data collection, so the public doesn't panic and even gets a better understanding of the situation. In the present time, it is evident that these surveillances used for health purposes, but another concern is that this data can be used for other purposes such as law enforcement. The important fact is to know about the limits of this surveillance and to keep an eye if it becomes a tool for mass surveillance.

COVID-19: Google and Apple Team up on Contact Trace Technology


Around the world, the governments and health departments are fighting together against the Coronavirus pandemic, coming up with solutions to reduce its effect, so the society and the people can recover from it at the earliest. Keeping this in mind, various software companies and enthusiasts, too, are continually working to build technologies to aware the people to stay safe. Apple and Google together have come forward to contact trace Coronavirus patients. They are working together in developing a technology that will let people know whether they have come in contact with any Coronavirus infected person.


"To further this cause, Apple and Google will be launching a comprehensive solution that includes application programming interfaces (APIs) and operating system-level technology to assist in enabling contact tracing," says Apple and Google. The initial aim is to help third party contact tracing applications work accurately. But the primary objective is to get rid of downloading dedicated apps while supporting the work. The approach by Apple and Google will keep in mind that- the users participating are voluntary and would stay anonymous. At the same time, their privacy will remain the utmost concern for both companies.

The contact tracing method will somewhat work like this- with the help device's Bluetooth connection signals; the user will know whether he/she has been in contact with an infected person long enough to catch the virus. If either of the people is tested positive for COVID-19 in the future, an immediate warning will be issued to the original handset owner, informing him about the situation. The companies, while addressing the privacy concern, say that neither GPS nor personal information of the user will be collected.

"All of us at Apple and Google believe there has never been a more important moment to work together to solve one of the world's most pressing problems. Through close cooperation and collaboration with developers, governments, and public health providers, we hope to harness the power of technology to help countries around the world slow the spread of COVID-19 and accelerate the return of everyday life," said the two companies in a joint statement.

Bitcoin Prices Are Off The Charts!


Bitcoin, our favorite digital currency has experienced a certain kind of unbelievable hike, all of a sudden. It has profited across several markets with a spike of 12% in its price solely in the last week, mention sources.

Word has it that the Bitcoin price has risen around 6% in the last 24-hour trading duration, overtaking next to all main indices, even the stocks throughout Asia and Europe.

Bitcoin and other forms of digital currency including cryptocurrency have escalated around the globe owing it to the Coronavirus lockdowns.

Per sources, The Bitcoin price has outgrown the $7,000/Bitcoin level and is ascending to “$7,170 on the Luxembourg-based Bitstamp exchange”.

As if they knew things were going to go south, the Bitcoin investors were up and about right from the start of this year. In fact, surveys indicate that the Bitcoin price has a high probability of rocketing up to $20,000/Bitcoin in 2020.

The basic foundational facets for a better Bitcoin system exist today owing to various developmental projects in the crypto industry. An in case of such massively unprecedented crisis investors would want to fall back upon digital currency

Asian and European markets furthered their reserves by 3% and 2-4%. Researchers mention that Bitcoin purchases could have a positive effect on the stock markets.

History has it that the Bitcoin price has seen a major upswing before from a low $1,000 to a high $20,000 in a matter of a year.

Investors are in genuine awe with this ascent in the prices of Bitcoin and see this as a new opportunity for cryptocurrency in general because of the fresh interest the market has shown for it.

Per analysts, this year investors may need to rethink their current cryptocurrency store and even pile up more of it in case of increased demand because of risk assets.

Everyone understands that if the things were to stay the way they are there is a strong chance for a longer period of intense recession.

This has given birth to questions regarding the effect of COVID-19 on the economy and the part Bitcoin could play in it.



E-Commerce Attacks Didn't Increase During Coronavirus Quarantine


Due to the COVID-19 pandemic, people across the globe to stay at home. The quarantine has increased online shopping figures. Even though a majority of the people are shopping online for everything, from food to groceries to daily essentials, the web skimming attacks didn't increase and are supposedly expected not to in the near time, due to it, say cybersecurity experts. Web skimming or Magekart attacks or e-skimming is a kind of cyberattack where the attacker inserts malicious codes in the online stores' website. When the users make any payment in the checkout process while entering the data, the hackers steal their credit card credentials.


Web skimming attacks were famous amid the hackers during 2017-18 and had been rising since then. Various cybersecurity experts and agencies, when asked about 'the impact of large scale online shopping on the web skimming incidents,' they all agree that web skimming attacks will not rise just because more people are shopping now, spending most of their time online, while staying at home. It is because, for a very long time, hackers have tried to breach prominent e-commerce websites but have failed to do so, while the web skimming incidents have remained constant through the years.

According to these cybersecurity experts, there's only one condition under which web skimming attacks can increase, and that is only when the number of online stores will increase can the hackers look for new sites to attack. Unless that happens, the rate of web skimming attacks will remain the same. According to the statistical analyses by Sanguine Security, the data shows that web skimming attacks have slightly fallen during the COVID-19 pandemic. However, not every cybersecurity agency agrees with this data.

But according to Jerome Segura, who is a web analyst at Malwarebytes, the web skimming attacks on online stores have not increased, therefore it confirms with Sanguine Security's data. It may be because the number of online stores increased before 2-3 months, but nobody observed these attacks during that time. Another reason might be that buyers prefer shopping from popular e-commerce websites, which are hard to breach through for hackers.

Coronavirus Themed Phishing Attacks Continue to Rise


New data by researchers has demonstrated that cybercriminals are preying on people's concerns regarding the COVID-19 pandemic and carrying out sophisticated phishing, malware and email attacks. The sudden upsurge in the related attacks imply that attackers were quick to adapt to the new global health crisis environment and exploit it in their favor.

As per Barracuda Networks, an American IT security company, the number of email attacks associated with the new Coronavirus has seen a steady surge since January, the type of attack has recorded a 667% spike by the end of February. As per the data, January recorded a total of 137 attacks only, while in the month of February the number spiked to a whopping 1,188 and between March 1st to 23rd, there were as many as 9,116 email attacks in the regard.

Another notable kind of attack is the one where victims are receiving malicious emails with the promises of offering financial relief during the COVID-19 pandemic, researchers warned. Users are being tricked into believing that they will be receiving payments from global institutions, businesses and governments working with a common objective of providing economic aid to common people during the ongoing pandemic, as soon as the user clicks on the links or proceed to download files, the attacker gets illicit access to his credentials, card data, and other sensitive information.

One such campaign is found to be specifically attacking U.S. healthcare, IT sector and higher-education organizations, the emails sent in relation to this campaign contain a message titled "General Payroll!"

"The Trump administration is considering sending most American adults a check for $1,000 as part of the efforts to stimulate the economy and help workers whose jobs have been disrupted by business closures because of the pandemic,” it says.

“All staff/faculty & employee include students are expected to verify their email account for new payroll directory and adjustment for the month of March benefit payment.” The message further reads.

Users receiving the email are asked to access a malicious link that will direct them to a phishing page in order to verify their email account, they will be required to enter their usernames, email addresses, and passwords linked with their employee benefits. By doing so, the user will provide his personal data to the page controlled by the attackers.

“The ongoing shift to coronavirus-themed messages and campaigns is truly social engineering at scale, and these recent payment-related lures underscore that threat actors are paying attention to new developments,” researchers told.

Zeus Sphinx Malware Reappears amid Coronavirus Phishing Scams


In this particular scam, the recipients receive phishing emails asking them to donate money by filling forms for coronavirus or COVID-19 relief fund. The scam works because people are constrained to stay at home as they can't work in the office because of the quarantine. Zeus Sphinx Banking Trojan is determined as it can replicate files and folders to expand while maintaining to generate the registry keys.


Amid the COVID-19 pandemic, the panic it has caused among the general public has proven to be an advantage for the hackers, as they see it as an opportunity to lure innocent victims in the name of relief funds for COVID-19. Cybercriminals are exploiting the COVID-19 theme by launching spams and phishing email campaigns on their targets. Joining this new stream of attacks, another malware has reappeared after a long time named Zeus Sphinx malware.

About Zeus Sphinx 

According to recent research conducted by a group of cybersecurity experts, the malware Zeus Sphinx, which is also famous as Terdot or Zloader, was used by Hackers to launch cyberattacks using the COVID-19 government relief funds as a bait to lure the victims.

  • Zeus Sphinx was first discovered in August last year, and it became famous as a banking trojan for commercial use, with Zeus v2 being the basis of its core elements. 
  • Zeus Sphinx was infamous for attacking banks over the US, UK, Brazil, and Australia. 
  • Zeus Sphinx has reappeared, but this time, it is using COVID-19 relief funds as a ploy while attacking the users of the corresponding banking institutions in the respected countries. 


How does it work?

The malware is spreading through COVID-19 relief funds files. Here's how it's being covered:

  • The recipients receive phishing emails asking them to donate money by filling forms for coronavirus or COVID-19 relief fund. 
  • The forms in.DOC or DOCX file formats are used to gain entry. 
  • When downloaded, the file asks the user for access to enable content. 
  • This activates the Zeus Sphinx, which hijacks the window and establishes a C2 (command-and-control) server for malware. 

Note: Zeus Sphinx has an integrated flaw, which is, the trojan can't attack an updated version of the browser, once it has already been attacked before the update.

A Rise in New Cyberspying by a Suspected Chinese Group Detected By a U.S Cybersecurity Firm


A surge in new cyberspying by a speculated Chinese group that dates as far back as to late January was recently being observed by a U.S. cybersecurity firm. 

Happening around the time when the worldwide pandemic COVID-19 began to spread outside the borders of the Chinese, a publicly-traded cybersecurity company, FireEye Inc. (FEYE.O) said in a report that it had detected a spike in movement from a hacking group it calls "APT41" that began on Jan. 20 and focused on more than 75 of its customers, from manufacturers and media companies to medicinal and healthcare services associations and non-profits. 

The report stated that it was “one of the broadest campaigns by a Chinese cyber espionage actor we have observed in recent years.”

In its report, FireEye said that APT41 abused the recently revealed defects and flaws in the software created by Cisco (CSCO.O), Citrix (CTXS.O) and others to attempt to break into scores of companies' networks in the US, Canada, Britain, Mexico, Saudi Arabia, Singapore and in excess of a dozen other nations. 

Despite the fact that it declined to identify the affected customers, the Chinese Foreign Ministry didn't directly address FireEye's charges yet said in a statement that China was “a victim of cybercrime and cyberattack.”

Matt Webster, an analyst with Secureworks – Dell Technologies' (DELL.N) cybersecurity arm – said in an email that his group had likewise observed proof of the said increased movement from Chinese hacking groups over the last few weeks. 

Specifically, he said his group had recently spotted new digital infrastructure related to APT41 – which Secureworks calls “Bronze Atlas." 

Even though relating hacking campaigns to a particular nation or entity is mostly loaded with ‘uncertainty’, however, FireEye said it had evaluated "with moderate confidence" that APT41 was made out of Chinese government contractors. 

John Hultquist, FireEye's head of analysis, said the said surge was astounding in light of the fact that hacking activity ascribed to China has commonly become increasingly focused and further added that “This broad action is a departure from that norm.”

This COVID-19 Website By Google Tells You All You Need To Know About Coronavirus!


The first step anyone took after hearing the first of the Coronavirus was ‘Googling’ it. Google has been a solution, for as long as we can remember, to most of our queries. Yet again it upholds its
reputation.

Amid all the mass confusion and chaos this virus has caused for the human race, every single one of us has wanted a ‘go-to’ for a little clarity between all of this bewilderment related to COVID-19.

Be it asking about the first symptoms, vaccine information or prevention strategies, in the middle of this bewilderment people have continued to look up to search engines for answers.

Google stepped in at the right moment and launched a website that encompasses next to every single bit of information about the Coronavirus.

Per sources, by way of collaborating with the US government, Google was has developed a website fully committed to educating people about COVID-19 including the probable symptoms, ways of prevention, treatment and all the other related information.

Reportedly, in the last week of January, Google had launched an SOS “alert” packed with resources and safety details from the WHO, plus the latest news. The alert, as of now, has spread across many countries in 25 languages. Per sources, people in over 50 countries have access to localized public health guidance from authorities.

The website mostly centers on providing health-related information along with safety and preventive practices, helpful resources, updated data and insights, relief assistance, the most recent of news, the early symptoms of the disease and how it spreads.

The website strongly endorses the “Do the Five” campaign to further wakefulness about basic things people can do to control the spread of COVID-19, per the WHO. According to sources, the website also has a map of the affected areas via the WHO and links to national health authority websites.

The website is loaded with informative videos from the Ministry of Health & Family Welfare, depicting the importance of washing hands regularly, responsible behavior and fighting together.

It is a massively lucrative initiative towards putting all the misunderstandings and confusion of people regarding COVID-19, to rest. The website shall be regularly updated and improved with more details and resources.

The link to the website:
https://www.google.com/covid19/

WhatsApp's Latest Feature will Let Users Verify Forwarded Messages on Google


Owing to the lockdown due to the outbreak of the global pandemic Covid-19, people are once again resorting to their go-to messaging app – WhatsApp to spread misinformation in the name of information. Notably, WhatsApp has continued to be the most favorite platform for the circulation of fake news which also caused a number of untoward incidents in India.

It's mainly because of the rampant forwarding of messages created to promote individuals' or organizations' vested interests. While, public fear, unawareness, and lack of knowledge have a huge role to play in the equation of fake news and the consequences it had on the society, WhatsApp has constantly stood up to the issue and ensured to eliminate the flaws in its software.

The app has a massive reach across the globe with more than 2 billion active users and in an attempt to curb this circulation of misinformation, WhatsApp is reportedly working on a new feature that would allow users to verify the forwarded messages, helping them separate authenticated news from the fake ones.

As per sources, the tool will appear as a magnifying glass icon placed beside the forwarded messages on a user's WhatsApp, when the user will tap on the icon, a pop-up will appear asking him if he would like to search the message on the web, it will enable the user to directly upload the forwarded message on Google and verify the authenticity of the news.

“We are working on new features to help empower users to find out more information about the messages they receive that have been forwarded many times. This featuring is currently in testing, and we look forward to rolling it out in the near future.” WhatsApp told.

In a previous update, WhatsApp introduced a 'forwarded' label at the top of forwarded texts to make identification easier for the users.

The new feature by WhatsApp has already been sent out for testing and will be made available shortly for all the Android users and subsequently for the iOS users.

Home Routers Hijacked to Deliver Info-Stealing Malware 'Oski'


The spread of malware through apps being downloaded by users in the name of 'the latest information and instructions about COVID-19' is amongst one of the most prevalent threats that have been observed since the outbreak of the novel Coronavirus. As a result, users were forced to download apps such as COVID19Tracker or Covid Lock from a website, the app locked victims outside their smartphones and asked for a ransom of $100 in Bitcoin for the release of their data. Consequently, attackers threatened them to leak all their contacts, media, and social media accounts online in case they failed to pay the ransom in due time.

Users are being severely targeted amid the COVID-19 themed malware and data exploit attacks, another example resides in the discovery of a new type of attack that is targeting home routers. It redirects victims to an infected website after altering the DNS settings and then drops a file-encrypting malware 'Oski' that encrypts the important files on a victim's system. It employs a sophisticated algorithm to encrypt the files and append .Osk extension to each file. After successfully carrying out the encryption process, the malware leaves a ransom note in all the folders containing encrypted, reading, "HOW TO RECOVER ENCRYPTED FILES.TXT.'

"To make the file seem legitimate (as if the filename is any indication of legitimacy), attackers named it “runset.EXE”, “covid19informer.exe”, or “setup_who.exe”." states the Bitdefender's report on the subject.

Attackers with the malicious intent of compromising the routers go around the internet searching for the exposed home routers that are consequently subjected to 'password brute-forcing attack' with DNS IP settings being altered alongside.

DNS is an internet service that plays a crucial role in translating domain names to IP addresses and as it assists browsers in loading internet resources if the cybercriminals alter the DNS IP address from a vulnerable router they are meaning to attack, they resolve the victim's request to any website under their control. The targeted domains in this campaign include aws.amazon.com, tidd.ly, goo.gl, bit.ly, fiddler2.com, washington.edu, winimage.com, imageshack.us, ufl.edu, disney.com, cox.net, xhamster.com, pubads.g.doubleclick.net and redditblog.com. As per sources, most of the aforementioned routers that made to the attacker's target list are based in France, Germany, and the US.

"It’s recommended that, besides changing the router’s control panel access credentials (which are hopefully not the default ones), users should change their Linksys cloud account credentials, or any remote management account for their routers, to avoid any takeovers via brute-forcing or credential-stuffing attacks," Bitdefender warns.

Why Hackers are Taking Advantage of COVID-19?


Cybersecurity threats have seen a massive upsurge since the outbreak of the COVID-19 pandemic that forced a majority of people to work from home which now is leading to attacks on remote workforces. Amid the anxiety it created, hackers have devised multiple ways to take advantage of the coronavirus and continued to exploit the fear amongst people in a number of ways, one being the distribution malware in the facade of Covid-19 or Corona related emails.

The threat posed by the Coronavirus has been seen to be scaling beyond human health, job losses and the collapsing global economy as it also set the stage for hackers to scam people for monetary and other gains. The urgency revolving around the novel biological virus robbed tech vendors and corporate systems of their ability to effectively tackle the risks. Scammers are well aware of the overwhelmed state of cybersecurity groups that led to a dramatic rise in phishing attempts and cyberattacks. Notably, hackers are exploiting the Covid-19 charged environment in various ways such as malicious infiltration of organizations, voice phishing, WhatsApp phishing, email phishing, social media, fake apps, and websites. As per the warnings given by WHO, criminals are also acting as WHO officials in order to scam people for financial gains or sensitive data.

Problems Arising with Security Operation Centers (SOC)? 

Security Operation Center is a centralized function set up across a company's IT infrastructure. The objective of the security operation team here is to detect and then respond to cybersecurity risks in order to safeguard important assets such as business systems, employee data, and intellectual property. Upon detecting a confirm threat, the SOC immediately isolates endpoints in an attempt to terminate harmful actions such as execution or deletion. It does do while ensuring no disruption is faced by the business continuity or lessening the impact to the best of its ability.

However, as the process of strengthening an organization's security requires sophisticated infrastructure (SIEM system), coordinated efforts and continuous monitoring by people and technology-with limited staff and people made to work from home, it has become difficult to prevent, detect, analyze and respond to cybersecurity incidents.

The SOC relies upon cybersecurity tools whose operations require complete understanding and expertise making the overall workflow complex, therefore the prevention and security can not take place whilst being at home.

Adverse Impact on IT Sector

IT sector is the lifeline of almost every global economy, it plays a vital role in the functioning of nearly every other major sector including human resources, manufacturing, finance, security, and health care. It's a well-known fact how heavily IT organizations rely on manpower to function, however, due to the lockdowns, quarantine periods and stringent curbs in the movement of people, many businesses are being shut down as the global supply chains of manufacturing are being heavily disrupted. IT professionals are not able to deliver on the projects, as a result of which production dropped by a significant margin and is expected to drop even further.

The coronavirus situation worsens with the security vendors not being paid timely and as a result of halted work, gates are being left unmanned providing potential hackers with an opening. Companies are advised to stay prepared for security breaches and individuals should consider sticking to strong passwords and keeping their systems updated as the number of scams is expected to rise amid the tremendous uncertainty of the crisis.