As people around the world are faced with fears and concerns over the COVID-19 pandemic in the first quarter of 2020, criminals are also taking note. And unfortunately, they are using this as an opportunity to try and steal money and personal information by generating social engineering scams via email, text, and phone calls.
The results of Fortinet Threat Intelligence Insider Latin America for the first quarter of 2020 reveal an increase in attempts to lure unsuspecting victims into going to malicious sites, clicking on malicious links, or providing personal information over the phone under the auspices of COVID-19. Many of these scams attempt to impersonate legitimate organizations by offering fake informational updates and even promises of access to vaccines..
An unprecedented number of unprotected users and devices are now all online at the same time. In any home, right now, there are likely one or two people connecting remotely to work through the home internet connection. There may also be kids at home engaged in remote learning part of the time and connected to their friends the rest. And the entire family is engaged in multi-player games, talking with their friends in online chat rooms and over social media, as well as streaming music and video.
It’s a perfect storm of opportunity for cybercriminals.
Fortinet reported an average of about 600 new phishing campaigns per day in March 2020.
The Fortinet Threat Intelligence Insider Latin America reported a significant rise in viruses, many of which are included in these malicious phishing attachments. During the first quarter of 2020, we have documented a 17% increase in viruses for January, a 52% increase for February, and an alarming 131% increase for March compared to the same months in 2019.
In the first quarter of the year, Latin America and the Caribbean region suffered approx. 3 million attempts of virus attacks.
It is essential that organizations take measures to protect their remote workers and help them secure their devices and home networks. Here are a few critical steps to consider:
Is classified as a trojan. A trojan is a type of malware that performs activities without the user’s knowledge. These activities commonly include establishing remote access connections, capturing keyboard input, collecting system information, downloading/uploading files, dropping other malware into the infected system, performing denial-of-service (DoS) attacks, and running/terminating processes.
Is classified as a type of Riskware. Riskware is any potentially unwanted application that is not classified as malware, but may utilize system resources in an undesirable or annoying manner, and/or may pose a security risk.
Is classified as a downloader trojan. A downloader trojan is a type of malware that has the capability to download other malicious files or an updated version of itself.
Is a network diagnostic tool for displaying transit path and time delays of packets as they cross an internet protocol network to their destinations.
This indicates a NTP protocol anomaly. It indicates detection of a Network Time Protocol (NTP) packet with an zero transmit timestamp field.
This indicates the detection of overlapping TCP fragments.
This indicates that a system might be infected by Emotet Botnet. Emotet is a Trojan that targets Windows platform. It contacts C&C servers via HTTP or HTTPS requests. Emotet can download and install additional malware such as ransomware or infostealer. Emotet is a variant of Cridex malware.
This indicates that a system might be infected by a Sora Botnet. Sora is an IoT malware which targets embedded systems.
This indicates detection of network traffic outbound originating from a computer infected with the W32/Conficker worm, also known as W32.Downadup and W32.Conficker. To spread, this worm exploits the Server Service Vulnerability (CVE-2008-4250), as written in the Microsoft Security Bulletin MS08-067.