While organised crime volumes remain broadly constant, there has been a shift to Covid-19 themed phishing campaigns and fraudulent websites as organised crime groups seek to monetise the fear, uncertainty and doubt many people feel during the pandemic.

Financial Scams

A wide range of COVID-19 related financial scams are in progress.

— 130 Twitter accounts have been compromised out of which 45 high  profile accounts were used to promote a cryptocurrency scam that yielded  more than $120k, ZDNet reports. Investigators believe attackers acquired  credentials for a Twitter backend tool using social engineering.

— Mac users are being targeted by trojanized cryptocurrency apps which  once downloaded drain victim’s cryptocurrency wallets, Threat Post  reports. The four fake apps are rebranded copies of actual cryptocurrency  trade application called Kattana.

— A phishing campaign impersonating the Bill and Melinda Gates Foundation  is being spread to promote a Bitcoin scam with an attractive quick rich  scam — promising to double the amount of Bitcoin sent to an address,  Hack Read reports.

Infrastructure

Organised crime groups have been building out attack  infrastructure to affect corporate infrastructure.

— RiskIQ reports they have observed 115,274  new domain names containing COVID-19  keywords in them on July 20, 2020.

Conferencing Platforms

While attacks still involve phishing linked to malware delivery, a range of  other exploitation techniques are targeting the use of conferencing  platforms.

— A previously undisclosed bug in a conferencing platform’s customizable URL feature has been addressed, Checkpoint reports. The bug could  have allowed a hacker to pose as a company employee, invite  customers and partners to meetings and extract sensitive information  using social engineering.

Phishing & Malware

Extensive COVID-19 themed phishing  campaigns are underway with cyber  criminals exploiting health organisations,  academic institutions, enterprises and  their IT infrastructure.

— A new phishing campaign that’s  pretending to come from a help desk  named “servicedesk.com” is  mimicing wording used by real IT  help desk domains used in corporate  environments, Bleeping Computer  reports. These emails use  enterprise cloud service notifications  to steal login credentials.

— A phishing campaign leveraging  Amazon, is stealing credentials by  using a purported Amazon delivery  order failure notice, Armorblox  reports. This is linked to a voice  phishing attempt informing  customers their order would be  cancelled if they fail to update their  payment details within three days  and asking them to do so using a  malicious link.

— A phishing campaign with attackers  impersonating an email from  Microsoft is asking recipients to  renew their Microsoft Office  subscription through the links  provided in order to steal sensitive  user information and money,  Abnormal Security reports.

— Bleeping Computer reports a French  telecommunications company has  confirmed it suffered a ransomware  attack on its business services  division, with the Nefilim  ransomware group claiming  responsibility and publishing stolen  client data.

— A spear phishing campaign in which  attackers spoof an internal notification  email from the recipient’s company’s  HR team, is asking recipients to verify  their W2 file document five days  before the IRS tax filing deadline, in  order to steal user account  credentials, Abnormal Security  reports.

— The family-owned nursing home for  elders in Maryland has announced that  it was the victim of a Netwalker ransomware incident, with the  operators leaking sensitive information  such as names, social security  numbers and health information of  nearly 50,000 individuals, Bleeping Computer reports.

Mobile Malware

Mobile devices are not immune from COVID-19 themed attacks.

— Threat Fabric reports a new Android malware named BlackRock,  designed to steal passwords and credit card data has been distributed  as a fake Google update package on third-party sites. The malware  uses Accessibility permissions to steal information from 330 apps  including Instagram, TikTok and more.

— Experts in Spain have warned that the robots being used to disinfect  hospitals with ultraviolet light during the COVID-19 pandemic are  vulnerable to cyber attacks and can be remotely taken over to shine their  harmful rays on exposed patients or staff, The Telegraph reports.

Vulnerabilities

— A critical, 17 year old wormable RCE vulnerability (CVE-2020-1350) in  Windows DNS known as SIGRed has received a patch from Microsoft.  SIGRed can allow an attacker to gain Domain Administrator privileges  and compromise the entire corporate infrastructure, receiving a severity  score of 10/10, Bleeping Computer reports.

— Microsoft has fixed a total of 123 vulnerabilities in July’s Patch Tuesday  update, including 18 critical bugs affecting Windows Server, Office and  Outlook, Threat Post reports.

— Adobe has released patches for four critical vulnerabilities across five  different platforms in its July patch update which include products like  Creative Cloud Desktop and Media Encoder with the most important  flaws involving privilege escalation, Threat Post reports.

— Cisco has released a fix to 33 flaws in a variety of its devices, the most  severe of which can be exploited to conduct RCE and privilege  escalation attacks on Cisco’s Small Business Wireless VPN Firewall  routers.

Government

— Cybersecurity and Infrastructure Agency (CISA) issued an emergency directive to all federal executive branch offices to apply the patch for  the wormable Windows DNS Server bug CVE-2020-1350 within 24 hours  to prevent a high potential for compromise of agency information  systems. A further advisory urges immediate action to reduce the  exposure of operational technology and control systems to cyber attack.

— The U.K’s NCSC, the U.S. Department of Homeland Security (DHS) and  Canada’s Communications Security Establishment (CSE) issued an alert on the APT group known as APT29 attempting to pilfer COVID-19  vaccine research from academic and pharmaceutical research  institutions in various countries around the world.