Corporates face ransomware threat as coronavirus phishing campaigns spread

If there's one group of people rubbing their hands with glee, rather than sanitiser, it's cybercriminals.

With people desperate for information on the coronavirus, phishing campaigns are proliferating across the internet much like the virus itself.

Security firm Proofpoint, for example, says that hackers have been emailing its clients claiming that the Chinese and British governments are covering up the existence of a vaccine. Those foolish enough to click on the attached document are taken to a fraudulent website that harvests their login details for future use.

Another similar scam email purports to come from the World Health Organisation, providing information on how to stop the spread of the disease - but instead infects victims' machines with the AgentTesla keylogging software.

And a “coronavirus map” doing the rounds activates the AZORult malware, says Reason Security, stealing browsing history, cookies, ID/passwords, cryptocurrency, and more. The firm warns that such activities are only going to increase over the coming months.

Corporates warned to be on alert

As a result of all this activity, says RiskIQ’s i3 Intelligence Group, major corporations should be bracing themselves for a spate of ransomware.

Following an analysis of previous ransomware attacks during global epidemics, the company warns that organisations are already being infected with AZORult and Emotet malware. Most targeted, it says, are large corporations that may rely on markets and supply chains originating in China and other coronavirus-affected regions, making their staff more susceptible to social engineering attacks. 

"Company executives, mid-level managers, administrators of local governments, and, of course, healthcare professionals all have a vested interest in following the latest developments around the spread of coronavirus," says Aaron Inness, RiskIQ protective intelligence analyst. 

"It only takes one tired or overworked individual to click on what they believe is a legitimate alert or update."

Working from home

The risk is all the greater as more and more organisations start encouraging their staff to work from home. Many will be using their own devices - security weaknesses and all - while others will find themselves more easily distracted and less conscientious about procedures than usual.

"We would encourage companies to be particularly vigilant at this time, and ensure employees who are working at home exercise caution," says David Emm, principal security researcher at Kaspersky.

"Businesses should communicate clearly with workers to ensure they are aware of the risks, and do everything they can to secure remote access for those self-isolating or working from home."

Kaspersky recommends providing a VPN for remote staff to connect securely, and making sure that all devices being used have the right security software and the latest updates to operating systems and apps. Staff should also be alerted to the dangers of responding to unsolicited messages.

It's worth remembering that we're all likely to be in this for the long haul. While companies probably won't enforce working from home long-term for all their staff, it's pretty clear that things are going to change.

This isn't just a blip lasting a couple of weeks, and many of those who self-isolate, especially those with children or other caring responsibilities, may need to do so more than once. It's worth putting in the effort to make sure that they can do so securely.