Blog > Cybersecurity Knowledge Newsjacking and Ransomware

How ransomware takes advantage of major events in the news, like the Coronavirus and the elections, and leverages it for phishing attempts to spread ransom.

Wednesday, Mar 11, 2020

BY: Josh Smith

By Josh Smith, Nuspire Security Analyst

Cybercriminals Target Newsworthy Topics

Any time there is a newsworthy event, cybercriminals take advantage of it to improve the quality and effectiveness of their phishing emails. They use the current newsworthy topic to grab attention of the end user and use it as bait to get them to open the malicious email. With the Coronavirus and the elections taking over the news, a rush of malicious emails are sent out that prey on the heightened emotions that these types of events create.

Coronavirus

The outbreak of the coronavirus, also known as COVID-19, provided cybercriminals with the perfect pretext for their phishing emails. This illness, and the fear and uncertainty that it has produced, increases the probability that people will click on or open any email that claims to provide useful information about the outbreak.

These emails use a variety of different pretexts to drag in unsuspecting targets. Nuspire has seen Coronavirus themed phishing attempts within our sample mailbox that appear to come from the CDC and health advice emails that attempted to steal user credentials that includes a link or an attachment that downloads malicious malware on your software. There are a couple common Coronavirus-related phishing emails that are being sent to users.

CDC Alerts: One example is CDC Alerts. The email acts as if it was coming from CDC, but it shows the email address coming from “cdc-gov.org” instead of the “cdc.gov” e-mail domain. In these emails, it includes a false link to information for Coronavirus cases in your area, where people are quick to click the link, and are unknowingly downloading malware.

Health advice: Other phishing emails may promise access to a (nonexistent) coronavirus vaccine, a “too good to be true” deal on surgical masks or other medical equipment, or a chance for unique investment opportunities related to the outbreak. Some of these are also asking the end user to download a link for how to stay healthy from the Coronavirus.

Map Software: Another malware campaign offers software for Coronavirus case tracking software as a Windows executable called “Corona-virus-map.com.exe.” Once executed, the program opens a window with a map very similar to the one hosted by Johns Hopkins University, which is the legitimate source to track cases. While running, the software looks for common account login information and feeds it back to the attackers.

Elections 

At the other extreme from the fear and uncertainty associated with the coronavirus is the excitement elicited by the elections. Throughout election season, people avidly follow news regarding the politicians, their campaigns, etc. However, election spear phishing is nothing new to us. As we saw in 2018, we saw spear phishing incidents where Russian hackers sent emails impersonating an e-voting vendor to access the voting officials’ computers before the 2016 elections. Once opened, the documents include malware packages that provided the attacker with remote control over the target’s computer. With hackers getting more creative with their tactics, not all phishing attacks are going to be disguised as the same.

Impersonation Attacks: Attackers can create emails like political candidates or appear to be representing a candidate. These e-mails can contain malicious documents or links encouraging voters to interact with them and become infected.

Donation Scams: Scam PACs, similar to charity scams, may solicit voters to “help contribute” to a political candidate while collecting the money for themselves and while collecting personal information like social security numbers and date of birth.

Pollster Scams: Another tactic is for attackers to email out stating they are a pollster for an organization, and they need your input. This may be to harvest personal information, or they may offer a reward for helping with a gift card or something else. In the circumstances of a reward, they’ll often ask for your credit card information to cover the taxes or shipping while instead stealing the information.

How to identify a phishing email 

Many phishing attacks are based upon taking advantage of a sense of urgency. By convincing the target that they need to act right away, they decrease the probability that the victim will perform due diligence to check if the email is legitimate. Before trusting a phishing email:

  • Consider whether you would expect to receive this email from this person
  • Hover over, don’t click, a link in an email to see if it points to the website that you expect
  • Check the sender’s email address to see if it looks legitimate
  • Look for misspellings or poor grammar in domain names, email addresses, and the bodies of email
  • Pay attention on mobile, since phishing can be performed via email, text, or social media
  • Check out suspicious emails on a computer, rather than mobile, since it is harder to inspect a suspicious link on a mobile device

If an email raises any red flags, do not click on a link, open an attachment, or respond to the email. Instead, forward the email to your IT department and delete it from your device. By doing so, you not only protect yourself but enable your IT department to take action to protect coworkers who might not have been as careful!

For more information on phishing scams and how to identify phishing threats, take a look at our Phishing Overview webinar.