CYBER CORONA ? How Hackers are Using the Virus Scare to Steal Your Identity

15 MARCH 2020  

THE FOLLOWING IS A REPORT ON THE CYBER IMPACT

OF THE CORONAVIRUS SCARE

Please before you shut down and ignore everything that is to follow, this is NOT a re-hash of the garbage which has been spilling out of the mouths of talking heads on every media outlet. The information being provided here is vital for anyone who knows someone who may be more susceptible to SCAMMERS particularly when it comes to matters of health, healthcare and the worries over the virus.

Usually, when we think of persons susceptible to scams involving health-care, the seniors in our family circles are the first on our minds. This is certainly true now because of the fear-mongering being thrown upon them in daily news casts and their conversations with friends and family. It is not only, though, seniors who are at risk. New information available through intelligence sources indicates that cyber-criminals; those who hack systems for information, others who are phishing for identification information and even those who are spreading their own kinds of viruses are using  COVID-19 as a means to their criminal ends.

Anyone who finds in their e-mail something looking even vaguely official claiming specific information regarding the Coronavirus Disease will likely open it. The user is then susceptible to malware, spyware, trojans and even backdoor programs which can completely destory any confidentiality of the users’ information. Malware can infect a computer program with a worm, virus or trojan. The differentiation is the virus will introduce a malware which attaches itself to a program and mass reproduces itself throughout the system and through the contacts the user has on their system. A worm is similar in destructiveness without the replication and trojans are “programs that, enter computers appearing to be harmless programs, install themselves and carry out actions that affect user confidentiality.”[i] Spyware can infiltrate a system to monitor all activity on a device and obtain information which breaches security software, exposing confidential identification information. Sources report that internationally placed hackers are using the scare tactics easily contrived due to Coronavirus to plant such software and even use backdoor programs to open cameras and microphones remotely, obtaining all types of confidential information. Backdoor programs literally allow the hacker into your system to have free reign of it and all the information contained therein.

Phishing expeditions work similarly, introducing themselves to the user by claiming some connection to a government entity involved in healthcare or emergency measures due to the ‘outbreak.’ Not relying on just software to do their work, they seek to solicit private information from the user through e-mail or by telephone contact following up an email. They claim to need to confirm the users’ information and current status for healthcare reasons. They may claim to be from a government health insurance program designed to protect the person from hospital costs due to Coronavirus, etc. In so doing, they obtain as much confidential identification information as possible from the user. They may also solicit funds for caring for others sickened by the disease or for an insurance policy for the user or their family against the costs affiliated with contracting the disease.

HOW TO PROTECT YOURSELF and OTHERS comes back to the basics. Health officials are telling everyone it is all about limiting contact and avoid spreading germs. This is done by suppressing coughs and sneezes while being proactive. One way to be proactive is by thoroughly washing your hands. Such simple actions are key to battling the actual virus, the same is true in the cyber world.

LIMIT CONTACT Do Not Open any e-mail that comes from someone unknown to you and purports to be from a government or health entity about the Coronavirus. If you have already opened it and you become suspicious of its contents, DO NOT download any files. In fact, do not download any files that come from ANYONE other than someone you specifically know and trust.

AVOID SPREADING the virus. Run scans on your system daily, automatically scheduleds scans are good precautions any time. Also, scan your system immediately after you have opened something of which you are unsure. Make certain others in your on-line circles do the same and have them let you know if they receive anything from you that does not look right.

BE PROACTIVE  Running system scans and keeping malware protection up-to-date are like washing your computer’s hands. Keep up on the latest phishing and scam attempts which are prevelant.

COMMON SENSE is what will see us past the Coronavirus COV-19 scare, although, sadly there is little of it being displayed. Common sense will also help you prevent yourself or others you care for from being taken down by some virus hacker sitting in the dark in his mother’s basement somewhere in a suburb anywhere in the world.

The preceding SECURITY BRIEFING was written by Dr. Ross Riggs, President of Security Consulting Investigations, LLC (SCI). SCI is licensed by the State of Ohio Department of Public Safety/Homeland Security. Dr. Riggs is a Certified Police Executive, retired Chief of Police and owner of SCI since 2006. He has traveled, teaching and consulting globally for fifteen years. He is the author of many published professional articles and of a book, Stretching the Thin Blue Line: Policing America in Time of Heightened Threat. Published by Motivational Press, it is available through Dr. Riggs’ company site, www.DefenderLtd.com Dr. Riggs and staff can be reached for consulting, private investigations or for providing infrastructure security at 1.888.719.5636  You may also reach them through the website’s contact form on the main page or by email at: admin@defenderltd.com


[i] Panda Security https://www.pandasecurity.com/en-us/security-info/

Safety on the WEB

spiderman Not every threat on the web will be obvious to you. Very few will look like this evil looking ‘Spidey’ knock-off. Most will be very much more like your sweet old uncle or a really amazing looking young, beautiful co-ed that for some reason thinks you are her only reason for living! A look at some recent data will be helpgrandfather-and-granddaughter-family-lifestyleful in understanding the nature of stalkers and other criminal ‘entrepreneurs.’ Beside the typical identity theft issues, persons like this young female may be attempting to use what is called legally as ‘undue influence’ where they step into a typically elderly person’s life who is lonely, less capable of decision making and they guide the decisions to their own benefit, often taking all the life savings and having the Last Will and Testament rewritten to their own advantage. SCI is going to review just a few one the issues currently hitting internet users which is called a new type of downloader.

The following report by Dr. Brett Stone-Gross and Russell Dickerson of the Dell Secure Works Threat Unit outlines a downloader threat that is currently loose within the cyber-world:

The Gameover ZeuS trojan, also known as Peer-to-Peer (P2P) ZeuS, is one of the largest and most sophisticated botnets involved in online banking fraud. The botnet operators are very well connected in the underground community, and they rely upon a variety of tools and services provided by other cybercriminals to run their operation. In particular, the group regularly uses the Cutwail spam botnet to lure new victims and the Pony Loader malware to steal credentials and download additional malware, including Gameover ZeuS. In August 2013, the Dell SecureWorks Counter Threat Unit™ (CTU) research team discovered that in addition to the Pony Loader, the group is using a new downloader known as Upatre to distribute its malware. The downloader has a small file size and is extremely simple, implementing its functionality entirely in a single function. It downloads and executes a file from a hard-coded URL over an encrypted Secure Sockets Layer (SSL) connection from a compromised web server and then exits. Figure 1 diagrams the malware distribution process.

The Gameover ZeuS botnet operators distribute both Pony Loader and the Upatre downloader through spam emails sent by the Cutwail botnet. Many lures have used social engineering techniques by impersonating financial institutions and government agencies to trick a victim into executing the malware. The spam emails have an embedded malware executable in a ZIP attachment, so user interaction is required to infect the system. Figure 2 shows an example spam email containing the Upatre downloader as an attachment.

Technical information can be found at: URL: http://www.secureworks.com/cyber-threat-intelligence/threats/analyzing-upatre-downloader/

SCI and the CTU research team advises organizations to remain vigilant and to deploy a defense-in-depth strategy that includes the following components:

  • Educate employees about the dangers of clicking on links and attachments in emails.
  • Filter email / scan email file attachment contents and consider blocking executable file types (including those found in ZIP attachments).
  • Deploy advanced malware protection devices in-line with incoming email streams containing malicious file attachments as well as subsequent file downloads.
  • Implement end-point controls on users’ computers to help limit opening of malicious file attachments and to catch malware installation / execution.
  • Apply post-infection controls such as firewall policies, web proxies, file downloads over HTTPS, and associated log monitoring to identify anomalies.
  • Keep antivirus, operating system, and browser software up to date.

This cyber-report is courtesy of Dell Secure Works at www.secureworks.com and is simply one of the threats that are currently out in the cyber-world preying on those who are browsing the web without the appropriate protecting software and without using some common sense in not opening emails with attachments that are suspicious.

Security Consulting Investigations, LLC is pleased to introduce SecCom 360 –  a video/audio communications system that is web based yet 100 per cent safe, not only protected by what we have dubbed ‘above military grade’ secure encryption but also with Cyber Agents that guard each com-meeting to prevent hackers and other cyber interlopers.

 

Watch for further information from SCI as Sec Com 360 is launched for 2014!

SCI – Building for Tomorrow – Today!

Follow SCI at www.security-consulting.us under NEWS for recent cyber-world updates and current threats. InSCIghts also on www.security-consulting.us provides current issues in law enforcement, security concerns, and cyber-world threats as well as comment on international terrorism.

You can also reach SCI at 330-956-9561 or at inquiry@security-consulting.us