<img src="https://certify.alexametrics.com/atrk.gif?account=kla4t1zDGU20kU" style="display:none" height="1" width="1" alt="">
Contact us
Free Quickscan →
Cybersprint Digital Risk Protection Platform

The Cybersprint Platform

We’ve developed a unique Digital Risk Protection SaaS-platform that works 24/7 as an automated ethical hacker, continuously in search of online vulnerabilities. Read more

Cybersprint provides realtime insights

Make the world more cyber-secure

Cybersprint protects organisations by providing real-time insights into their online footprint. Read more

close

Bad actors leveraging crises: 3 types of activities to watch out for

by Cybersprint Blog 16 Mar 2020

2020 is surely not starting out as we expected, as the horrible virus is disrupting and even ending the lives of many. We have mixed emotions writing this up, because there many people doing way more important work, like healthcare workers. Unfortunately, the bad guys have leveraged the crisis like clockwork. We looked at the three most common activities of bad actors.

Our thoughts go out to those who need it most; the sick and their families, those left behind, and everyone trying to keep things running on skeleton crews.

For the people running IT infrastructures, trying to keep remote access available and secure, this blog might contain some useful information. Thank you for doing your valuable work.

We looked at the three most common activities of bad actors. In some of the numbers, we see the same kind of exponential growth as in some of the medical numbers about the amount of infected people. 

Opportunists

Opportunists try to make a buck out of other people’s misery. Selling masks, offering “infected blood” on the dark web, and advertising Corona related gear. To try and get some supporting numbers, we’ve counted domain registrations related to the pandemic. There were 21888 domain registrations in 2020, and numbers double up per week. In the last week, 10104 new domain registrations were created.

Domain-registrations-matching-CORONA-and-COVID

Source: Cybersprint, 15 March 2020

Even though we weren’t able to definitively classify all of them as malicious, certainly “most of them” are, as we found out through sampling several dozen of them.

Fraudsters

Many of these domains support fraud schemes. Some engage in credential theft, others flat out go for infecting visitors with malware. Examples are fake official health care websites, like WHO, or national public health websites. Some of the “Corona worldmap” sites try to drop coin miners malware on the victim's computer.

In parallel efforts, spam campaigns aim to do the very same thing. Posing as public health officials, they try to draw people to malicious websites. For example, researchers found that some of these websites infect computers with the malware 'emotet'

Nation state activity

Researchers discovered a nation state sponsored campaign using the Corona scare to deliver a previous unknown malware targeting the Mongolian public sector.

There are several other types of threats: an increasing flow of misinformation surrounding the Coronavirus crisis, and charity frauds.

What you can do

The best thing to do is remain vigilant. All the usual rules apply - count to 20 before clicking a link, use 2fa, password managers, update your device and run endpoint protection. Remote workers should heed their IT department’s advice & policies, avoid “shadow it” (for example: use unvetted cloud platforms).

At the same time, any severe vulnerabilities like the recent SMBv3 ones, which can be used both for infecting and to further spread the malware (wormable), need to be addressed with even more diligence than usual. IT departments need to be extra alert on mitigating these.

On a final note, it’s important IT departments and the colleagues they support are patient with each other. These are unprecedented times and we’re in this together. 

More reading:

https://securityintelligence.com/posts/emotet-activity-rises-as-it-uses-coronavirus-scare-to-infect-targets-in-japan/

https://research.checkpoint.com/2020/vicious-panda-the-covid-campaign/

Use case: footprint mapping at ifm electronics

Interview with Kevin Kampeter, IT Security Specialist at ifm electronic gmbh.

read more

Pandemic-related domains list

- The information in this article will be updated frequently -  The 2020 pandemic has forced us all to adapt the way we work and communicate. Cybercriminals are leveraging the situation at the expense of others. At Cybersprint, we aim to keep these digital risks to a minimum. Therefore, we're sharing our research, containing a list of dodgy Corona-related domains you can use for blacklisting purposes.

read more

Control over third-party risk

Most organisations outsource parts of their IT infrastructure. This brings different opportunities for the services they deliver, such as cloud accessibility or faster web traffic through external web hosting. But there is a downside. As more parts of the online footprint are in the hands of third parties, the digital attack surface of your organisation grows. Even though you cannot directly control those assets, your brand can be held accountable when data is leaked. So, does an increased complexity of the digital infrastructure also mean more risks to an organisation’s online footprint? And how can you find out?

read more

Do you have a question?

Our experts have the answers

Contact us