As mentioned in previous articles, Securonix, has devoted an entire taskforce to outlining key threats that are appearing under the guise of COVID-19 themed domain names or emails. The threat research team has been observing malicious threat actors attempting to exploit an increasing number of the associated cyberattack vectors such as:
Ransomware using weaponized COVID-19/coronavirus-related documents disrupting critical healthcare and other businesses’ operations;
Custom COVID-19 themed phishing attacks involving malicious documents to steal remote workforce credentials and infiltrate various organizations;
Malware using fake live coronavirus maps/tailored monitoring applications for malicious purposes, DNS hijackers changing important records;
Malicious and trojaned applications/.apks related to coronavirus exploiting remote workforce’s BYOD/Android devices;
Attacks exploiting remote access/VPN servers taking advantage of the worldwide increase in the number of remote users.
Securonix’s Threat Research Team has been actively investigating and closely monitoring the cyberattacks and the current shift towards a remote workforce to help businesses improve the security of the remote users to increase the chances of detecting both current and future critical cyberattacks early in the changing environment. This is in order to minimise the likelihood of disruptions that will affect core business operations.
In order to help businesses, Securonix has compiled a series of relevant details and recommendations to help enterprises manage the monitoring of a remote workforce, including some details about the cyberattacks observed and examples of threats in the wild in order to help security operations/SOC, IT operations, Insider threat teams, and Human resources.
Most of the ransomware appearing seems to be a variant of the SNSLocker, propagated through a malicious COVID-19 situation report (sitrep) e-mail:
Figure 1: A fake C ..
Support the originator by clicking the read the rest link below.
