Malicious actors continue to craft ruthlessly aggressive email attacks tailored to leverage mounting fears and anxieties surrounding the COVID-19 outbreak, bad guys try to exploit the very worst fear among email recipients: the fear of infection.

Late Friday night March 27, 2020, experts started to see a new phishing email warning the recipients that they have been exposed to the Coronavirus through personal contact with a “colleague/ friend/ family member” and directing them to download a malicious attachment and proceed immediately to the hospital.

This email spoofs a hospital which lends additional credibility to this particular social engineering scheme, which is clearly designed to elicit a panicked response from readers and override any form of rational, measured thought.

The email has a supposed Excel file attached and is billed as a “pre-filled” form that victims should bring with them to the hospital. In fact, that form is a malicious, macro-laden Office document that serves as a trojan downloader and is currently detected by only a handful of major anti-virus applications.

Users who make the mistake of following the directions provided in that Excel file and enable macros will be kicking off a download process for a sophisticated and dangerous backdoor trojan.

This nasty piece of malware (first reported Mar. 27, 2020) sports a number of advanced functions that allow it to evade detection by security applications, worm its way deep into an infested system, and serve as a platform for a variety of criminal activities.

Conclusion: Five High-Priority Recommendations

Many organisations are in the process of enabling their users to work from home securely. Apart from having and enforcing a remote work security policy, we strongly recommend deploying the following high-priority elements of these urgent projects:

  1. A VPN
  2. Single Sign On (SSO) fortified by
  3. Multi Factor Authentication (MFA)
  4. An immediate security training campaign with Consulting IT
  5. Fully patched machines in the cloud, the office and at the house

The COVID-19 outbreak has provided malicious actors with an unprecedented opportunity to spread widespread fears and concerns among the general public for the purposes of social engineering schemes prosecuted through malicious emails. For the bad guys, this is the ultimate in target-rich environments.

Our experience in crisis management, disaster recovery and time critical project work has proven to be the major point of difference as has our open and transparent communication.

To discuss successful partnerships and how engaging Consulting IT to maintain your IT infrastructure will:

  • Reduce your Staff downtime/ Expenditure/ Stress/ Exposure and Risk
  • Increase your Awareness/ Business Continuity Plans/ Backup and Disaster Recovery Systems/ Auditing and Compliance

Simply contact Corey Hill ([email protected]), National Sales and Marketing Manager.

#consultingit #flatteningthecurve #informationsecuritymanagement #scams #scammers #emailsecurity #socialengineering #informationtechnology #antivirusandmalwares #phishingattacks #informationsecurityawareness #scam #ransomwareattack #computersecurity #phishingattack #phishingemail #scamalert #cybersecuritythreats #cybercriminals #backupsolutions #cyberattack #cybersecurity #malware #trojan