For hackers who target Windows, the coronavirus pandemic is like Christmas come early. But what’s good news for them is bad news for you, piled onto all the other bad news wrought by the pandemic. Undeterred by the crisis — indeed, spurred to new heights by it — hackers have been coming up with a host of devious ways to use your natural fears in order to infect your Windows PC with malware and ransomware.
How bad is it? The security company Malwarebytes calls the pandemic “a golden opportunity for threat actors to capitalize on fear, spread misinformation, and generate mass hysteria — all while compromising victims with scams or malware campaigns.”
The hackers bent on doing this range from individuals looking to make as much fast money as possible to governments targeting their adversaries. Malwarebytes notes that government-sponsored hackers from China, North Korea, Russia and Pakistan are exploiting coronavirus fears in order to spy on their enemies. The group APT36, believed to be sponsored by Pakistan, uses spearphishing to trick people worried about the health of their loved ones into downloading a malicious Microsoft Office document that then infects a Windows machine with a remote administration tool (RAT) that lets hackers take control of the computer. The email purports to be an important health advisory about the novel coronavirus, and the downloaded document claims to be an advisory as well. The documents are almost laughably illiterate, containing sentences such as, “The outbreak of CORONA VIRUS is cause of concern especially where forign personal have recently arrived or will be arriving at various Intt in near future.”
But while the hackers’ grasp of English may be weak, their hacking bona fides are strong. The document drops a RAT on the victim’s machine, which can then steal private information, capture live screenshots and send it all back to hackers.
It’s not just government-sponsored hackers who are using coronavirus fears to hack into Windows machines. Forbes notes that millions of people in the U.S. and beyond have been getting similar coronavirus emails. The United Kingdom’s National Cyber Security Centre, part of the U.K.’s spy agency, warns that “criminals are exploiting coronavirus online—as cyber criminals seek to exploit COVID-19.” The World Health Organization cautions that cybercriminals have been sending emails purporting to be from it — emails that can infect people’s machines if their links are clicked upon or their attachments downloaded. Similar emails claim to be from the U.S. Centers for Disease Control and Prevention.
Entire industries are under attack from hackers using these types of Windows-based coronavirus scams and hacks. The security company Proofpoint found that coronavirus-themed ransomware and Trojan cyber-campaigns have targeted U.S. healthcare, manufacturing and pharmaceuticals industries. Proofpoint warns, “To date, the cumulative volume of coronavirus-related email lures now represents the greatest collection of attack types united by a single theme that our team has seen in years, if not ever. We’ve observed credential phishing, malicious attachments, malicious links, business email compromise (BEC), fake landing pages, downloaders, spam, and malware, among others, all leveraging coronavirus lures.”
As millions of people have started working from home for the first time because of the need to minimize time spent out in the world, hackers are directly exploiting that as well. Many businesses allow their at-home workers to remotely access enterprise data and resources using Microsoft’s Windows Remote Desktop Protocol (RDP), which has proved to be notoriously insecure. The security company Radware warns, “While RDP can be a very effective tool to let users quickly connect to a remote desktop and perform their daily tasks from home, threat actors have been known to leverage RDP as an attack vector for ransomware campaigns. It gained traction in 2018 and by Q1 of 2019, it was by far the most preferred infection vector for ransomware.” As a result, the company warns, RDP is one of the most dangerous Windows attack vectors being used by coronavirus hackers.
If all this weren’t bad enough news for Windows users, coronavirus hackers have come up with a particularly insidious attack using phony coronavirus maps that claim to show the extent of the virus’s spread across the world. The Next Web reports that “hackers have found a way to use these dashboards to inject malware into computers.” They design websites that look like maps and dashboards tracking the coronavirus, and prompt people to download an app that will track it. That download, though, contains Windows malware used to steal private data.
Microsoft is well aware of all these hacks and is doing what it can to protect against them. It recently announced that, starting in May, it would halt all normal monthly Windows updates so it can focus instead on security updates. Microsoft explained its decision this way: “We have been evaluating the public health situation, and we understand this is impacting our customers. In response to these challenges we are prioritizing our focus on security updates.”
In addition to that, Microsoft has extended support for Windows 10 Enterprise 1709 and Windows 10 Education 1709 by six months, to Oct. 13, from its original end date of April 14. That means it will continue to issue security patches for it.
But by itself, Microsoft can’t protect you and your company from coronavirus scams. Just as you need to follow health protocols such as social distancing and rigorous hand washing to protect you and others from the coronavirus, you need to follow cybersecurity protocols for protecting your machine, and the machines of others, from coronavirus malware. That means updating all of your software with the latest security patches, particularly for Windows and Office. It means not clicking on email links or downloading files unless you are absolutely sure not only that you know who sent it, but also that the sender is reliable and has a machine that hasn’t been infected. It means making sure your company has the latest security patches installed and trains all employees in cybersecurity.
Do those things, and you’ll be able to fight coronavirus hackers, much as you are fighting the coronavirus itself.
This story, “We need to social-distance from the scammers” was originally published by