As people around the world are faced with fears and concerns over the COVID-19 pandemic in the first quarter of 2020, criminals are also taking note. And unfortunately, they are using this as an opportunity to try and steal money and personal information by generating social engineering scams via email, text, and phone calls.
The results of Fortinet Threat Intelligence Insider Latin America for the first quarter of 2020 reveal an increase in attempts to lure unsuspecting victims into going to malicious sites, clicking on malicious links, or providing personal information over the phone under the auspices of COVID-19. Many of these scams attempt to impersonate legitimate organizations by offering fake informational updates and even promises of access to vaccines..
An unprecedented number of unprotected users and devices are now all online at the same time. In any home, right now, there are likely one or two people connecting remotely to work through the home internet connection. There may also be kids at home engaged in remote learning part of the time and connected to their friends the rest. And the entire family is engaged in multi-player games, talking with their friends in online chat rooms and over social media, as well as streaming music and video.
It’s a perfect storm of opportunity for cybercriminals.
Fortinet reported an average of about 600 new phishing campaigns per day in March 2020.
The Fortinet Threat Intelligence Insider Latin America reported a significant rise in viruses, many of which are included in these malicious phishing attachments. During the first quarter of 2020, we have documented a 17% increase in viruses for January, a 52% increase for February, and an alarming 131% increase for March compared to the same months in 2019.
In the first quarter of the year, Latin America and the Caribbean region suffered approx. 3 million attempts of virus attacks.
It is essential that organizations take measures to protect their remote workers and help them secure their devices and home networks. Here are a few critical steps to consider:
Is classified as a trojan. Its activities commonly include establishing remote access connections, capturing keyboard input, collecting system information, downloading/uploading files, dropping other malware into the infected system, performing denial-of-service (DoS) attacks, and running/terminating processes.
Is classified as a trojan. Its activities commonly include establishing remote access connections, capturing keyboard input, collecting system information, downloading/uploading files, dropping other malware into the infected system, performing denial-of-service (DoS) attacks
Is classified as an Internet worm. Internet worm has the functionality to spread to other systems using NetBIOS/SMB, SMTP, MSN Messenger, P2P applications, or Mobile network.
This indicates detection of DoublePulsar Backdoor. Backdoor trojans have the capability to connect remote hosts and perform actions against the compromised system. The DoublePulsar Backdoor was revealed by the Shadow Brokers leaks in March 2017 and was used in the WannaCry ransomware attack in May 2017.
It indicates detection of anonymous SSL ciphers negotiation.
Is a network diagnostic tool for displaying transit path and time delays of packets as they cross an internet protocol network to their destinations.
Andromeda is a botnet that is used to distribute malware with different capabilities, depending on the command given by its command-and-control (C&C) server. The toolkit for this botnet can be obtained on the Internet underground and is constantly being updated.
This indicates that a system might be infected by njRAT Botnet. System Compromise: Remote attackers can gain control of vulnerable systems.
This indicates that a system might be infected by Emotet Botnet. Emotet is a Trojan that targets Windows This indicates that platform. It contacts C&C servers via HTTP or HTTPS requests. Emotet can download and install additional malware such as ransomware or infostealer. Emotet is a variant of Cridex malware.