As people around the world are faced with fears and concerns over the COVID-19 pandemic in the first quarter of 2020, criminals are also taking note. And unfortunately, they are using this as an opportunity to try and steal money and personal information by generating social engineering scams via email, text, and phone calls.
The results of Fortinet Threat Intelligence Insider Latin America for the first quarter of 2020 reveal an increase in attempts to lure unsuspecting victims into going to malicious sites, clicking on malicious links, or providing personal information over the phone under the auspices of COVID-19. Many of these scams attempt to impersonate legitimate organizations by offering fake informational updates and even promises of access to vaccines..
An unprecedented number of unprotected users and devices are now all online at the same time. In any home, right now, there are likely one or two people connecting remotely to work through the home internet connection. There may also be kids at home engaged in remote learning part of the time and connected to their friends the rest. And the entire family is engaged in multi-player games, talking with their friends in online chat rooms and over social media, as well as streaming music and video.
It’s a perfect storm of opportunity for cybercriminals.
Fortinet reported an average of about 600 new phishing campaigns per day in March 2020.
The Fortinet Threat Intelligence Insider Latin America reported a significant rise in viruses, many of which are included in these malicious phishing attachments. During the first quarter of 2020, we have documented a 17% increase in viruses for January, a 52% increase for February, and an alarming 131% increase for March compared to the same months in 2019.
In the first quarter of the year, Latin America and the Caribbean region suffered approx. 3 million attempts of virus attacks.
It is essential that organizations take measures to protect their remote workers and help them secure their devices and home networks. Here are a few critical steps to consider:
Is classified as a trojan. Its activities commonly include establishing remote access connections, capturing keyboard input, collecting system information, downloading/uploading files, dropping other malware into the infected system, performing denial-of-service (DoS) attacks, and running/terminating processes
Is classified as a trojan. A trojan is a type of malware that performs activities without the user’s knowledge. These activities commonly include establishing remote access connections, capturing keyboard input, collecting system information, downloading/uploading files, dropping other malware into the infected system, performing denial-of-service (DoS) attacks, and running/terminating processes.
Is classified as Trojan with backdoor properties. Backdoor Trojan has the capability to receive a remote connection from a malicious hacker and perform actions against the compromised system.
This indicates detection of an attempted brute force login from SIPVicious svcrack. SIPVicious is a SIP scanner. Remote attackers can gain access to the service provided by the vulnerable systems.
This indicates detection of DoublePulsar Backdoor. Backdoor trojans have the capability to connect remote hosts and perform actions against the compromised system. The DoublePulsar Backdoor was revealed by the Shadow Brokers leaks in March 2017 and was used in the WannaCry ransomware attack in May 2017.
This indicates an attack attempt against an Information Disclosure vulnerability in Microsoft Windows SMB server. A remote attacker can exploit this to gain unauthorized access to sensitive information via the crafted SMB request. This vulnerability has been incorporated into various tools and is used for scanning vulnerable targets that might be affected by the vulnerabilities related to Shadow Brokers leak.
Andromeda is a botnet that is used to distribute malware with different capabilities, depending on the command given by its command-and-control (C&C) server. The toolkit for this botnet can be obtained on the Internet underground and is constantly being updated.
This indicates that a system might be infected by XorDDOS Botnet. XorDDOS is a trojan that performs DDOS attacks on a specified IP and port.
This botnet is a type of malware bot that may perform many malicious tasks, such as downloading and executing additional malware, receiving commands from a control server and relaying specific information and telemetry back to the control server, updating or deleting itself, stealing login and password information, logging keystrokes, participating in a Distributed Denial of Service (DDoS) attack, or locking and encrypting the contents of your computer and demanding payment for its safe return.