<img src="https://certify.alexametrics.com/atrk.gif?account=kla4t1zDGU20kU" style="display:none" height="1" width="1" alt="">
Contact us
Request demo →
Cybersprint Digital Risk Protection Platform

The Cybersprint Platform

We’ve developed a unique Digital Risk Protection SaaS-platform that works 24/7 as an automated ethical hacker, continuously in search of online vulnerabilities. Read more

Cybersprint provides realtime insights

Make the world more cyber-secure

Cybersprint protects organisations by providing real-time insights into their online footprint. Read more

close

Bad actors leveraging crises: 3 types of activities to watch out for

by Cybersprint Blog 16 Mar 2020

2020 is surely not starting out as we expected, as the horrible virus is disrupting and even ending the lives of many. We have mixed emotions writing this up, because there many people doing way more important work, like healthcare workers. Unfortunately, the bad guys have leveraged the crisis like clockwork. We looked at the three most common activities of bad actors.

Our thoughts go out to those who need it most; the sick and their families, those left behind, and everyone trying to keep things running on skeleton crews.

For the people running IT infrastructures, trying to keep remote access available and secure, this blog might contain some useful information. Thank you for doing your valuable work.

We looked at the three most common activities of bad actors. In some of the numbers, we see the same kind of exponential growth as in some of the medical numbers about the amount of infected people. 

Opportunists

Opportunists try to make a buck out of other people’s misery. Selling masks, offering “infected blood” on the dark web, and advertising Corona related gear. To try and get some supporting numbers, we’ve counted domain registrations related to the pandemic. There were 21888 domain registrations in 2020, and numbers double up per week. In the last week, 10104 new domain registrations were created.

Domain-registrations-matching-CORONA-and-COVID

Source: Cybersprint, 15 March 2020

Even though we weren’t able to definitively classify all of them as malicious, certainly “most of them” are, as we found out through sampling several dozen of them.

Fraudsters

Many of these domains support fraud schemes. Some engage in credential theft, others flat out go for infecting visitors with malware. Examples are fake official health care websites, like WHO, or national public health websites. Some of the “Corona worldmap” sites try to drop coin miners malware on the victim's computer.

In parallel efforts, spam campaigns aim to do the very same thing. Posing as public health officials, they try to draw people to malicious websites. For example, researchers found that some of these websites infect computers with the malware 'emotet'

Nation state activity

Researchers discovered a nation state sponsored campaign using the Corona scare to deliver a previous unknown malware targeting the Mongolian public sector.

There are several other types of threats: an increasing flow of misinformation surrounding the Coronavirus crisis, and charity frauds.

What you can do

The best thing to do is remain vigilant. All the usual rules apply - count to 20 before clicking a link, use 2fa, password managers, update your device and run endpoint protection. Remote workers should heed their IT department’s advice & policies, avoid “shadow it” (for example: use unvetted cloud platforms).

At the same time, any severe vulnerabilities like the recent SMBv3 ones, which can be used both for infecting and to further spread the malware (wormable), need to be addressed with even more diligence than usual. IT departments need to be extra alert on mitigating these.

On a final note, it’s important IT departments and the colleagues they support are patient with each other. These are unprecedented times and we’re in this together. 

More reading:

https://securityintelligence.com/posts/emotet-activity-rises-as-it-uses-coronavirus-scare-to-infect-targets-in-japan/

https://research.checkpoint.com/2020/vicious-panda-the-covid-campaign/

Hâck The Hague: From council questions to a unique hacking competition

The Hague Municipality’s Council, Monday 30th of September 2019 at 10:25 AM. On this location 3 years ago, the idea for the first edition of this event was established. Today, as chairman I have the pleasure to initiate its third edition, Hâck The Hague 2019. For the third year in a row, the municipality of The Hague and Cybersprint are working together to test the digital security of the city along with its inhabitants.

read more

Use case: Provincie Overijssel

For governmental organisations, it is important to have a clear overview of their digital footprint and risks. They need to ensure the right policies are in place when it comes to cybersecurity. To illustrate their challenges, and the benefits of digital footprint management, we've interviewed one of our customers from the governmental sector. Rick Verkade, Security and Privacy Specialist at Provincie Overijssel shares his experiences in this interview.

read more

How to prevent CEO-fraud with your digital footprint

CEO-fraud is the most common form of cyber-crime to target businesses worldwide. It’s now a 26-billion-dollar scam and continues to grow rapidly, with a 100% increase between 2018 and 2019. Creating awareness among employees is critical, but doesn’t offer full protection. What technical measures should you take to prevent a CEO-fraud attack at your organisation?

read more

Do you have a question?

Our experts have the answers

Contact us