{"id":244568,"date":"2020-02-11T07:28:11","date_gmt":"2020-02-11T12:28:11","guid":{"rendered":"https:\/\/canadianinquirer.net\/v1\/?p=244568"},"modified":"2020-02-11T07:28:11","modified_gmt":"2020-02-11T12:28:11","slug":"cybercriminals-using-coronavirus-themed-emails-to-deliver-malware-report","status":"publish","type":"post","link":"https:\/\/canadianinquirer.net\/v1\/2020\/02\/11\/cybercriminals-using-coronavirus-themed-emails-to-deliver-malware-report\/","title":{"rendered":"Cybercriminals using coronavirus themed emails to deliver malware: report"},"content":{"rendered":"<figure id=\"attachment_244569\" aria-describedby=\"caption-attachment-244569\" style=\"width: 334px\" class=\"wp-caption alignnone\"><a href=\"https:\/\/canadianinquirer.net\/v1\/wp-content\/uploads\/2020\/02\/photo-1527794892110-a9ecebbf4420.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-244569\" src=\"https:\/\/canadianinquirer.net\/v1\/wp-content\/uploads\/2020\/02\/photo-1527794892110-a9ecebbf4420.jpg\" alt=\"\" width=\"334\" height=\"501\" srcset=\"https:\/\/canadianinquirer.net\/v1\/wp-content\/uploads\/2020\/02\/photo-1527794892110-a9ecebbf4420.jpg 334w, https:\/\/canadianinquirer.net\/v1\/wp-content\/uploads\/2020\/02\/photo-1527794892110-a9ecebbf4420-200x300.jpg 200w\" sizes=\"auto, (max-width: 334px) 100vw, 334px\" \/><\/a><figcaption id=\"caption-attachment-244569\" class=\"wp-caption-text\">Proofpoint said the new campaign uses emails with bogus Microsoft Word attachments that are designed to install a type of malware known as AZORult. (Photo: KAL VISUALS\/Unsplash)<\/figcaption><\/figure>\n<p>TORONTO &#8212; Criminal groups are exploiting fears over the recent novel coronavirus outbreak in an email phishing campaign directed at the global shipping industry, according to a report issued Monday by a California-based cybersecurity firm.<\/p>\n<p>Proofpoint said the new campaign uses emails with bogus Microsoft Word attachments that are designed to install a type of malware known as AZORult.<\/p>\n<p>AZORult has been around since at least 2016 and can be used to install ransomware, which is designed to lock legitimate users out of their computer systems until a ransom is paid.<\/p>\n<p>\u201cIn these (coronavirus-related) attacks, we don&#8217;t see AZORult downloading ransomware currently,\u201d Proofpoint said.<\/p>\n<p>\u201cHowever, because of AZORult&#8217;s configurable nature and past use in conjunction with ransomware that remains a real threat.\u201d<\/p>\n<p>Proofpoint didn&#8217;t provide statistics on how many actual coronavirus-themed malicious emails have been detected or how much damage has been caused by coronavirus-themed malicious emails.<\/p>\n<p>The Canadian government&#8217;s Centre for Cyber Security said in an email that it was aware of both the AZORult malware and coronavirus-related phishing campaigns but didn&#8217;t comment specifically on the Proofpoint report.<\/p>\n<p>\u201cCyber actors tend to use social engineering and topical subjects to lure their targets to click on a malicious link,\u201d the centre said.<\/p>\n<p>Its website cyber.gc.ca provides alerts and advice for spotting and dealing with email scams, known as phishing, and more targeted campaigns known as spear-phishing that focus on personal characteristics, interests or lines of work.<\/p>\n<p>\u201cEmployees are privy to important and sensitive information, and as a result, often receive malicious emails that are intended to provide cyber intruders access to this information,\u201d the agency says.<\/p>\n<p>The RCMP said it is aware of this latest malware threat, but is not aware of any reported victims.<\/p>\n<p>\u201cWe always urge caution in handling unsolicited email and we suggest recipients avoid opening attachments or clicking links from unknown senders. If you are a victim of cybercrime, report it to your local police and the Canadian Anti-Fraud Centre,\u201d said spokeswoman Catherine Fortin.<\/p>\n<p>U.S. cybersecurity firm Sophos said last week that it had learned of a scam that used fake emails pretending to be safety instructions from the World Health Organization.<\/p>\n<p>\u201cFortunately, at least for fluent speakers of English, the criminals have made numerous spelling and grammatical mistakes that act as warning signs that this is not what it seems,\u201d Sophos said in a blog post dated Feb. 5.<\/p>\n<p>Proofpoint said in its posting that the narrowly focused campaign it detected seems to originate from Russia and Eastern Europe but there&#8217;s no evidence linking the actors to a known criminal group.<\/p>\n<p>However, it says the attackers seem to be sophisticated and have targeted industries that are susceptible to shipping disruptions including manufacturing, industrial, finance, transportation, pharmaceutical and cosmetic companies.<\/p>\n<p>\u201cA coronavirus-related shipping supply disruption would negatively impact each of the company types listed above and it&#8217;s clear these attackers are aware that a major event like coronavirus can have secondary impacts on industries.<\/p>\n<p>\u201cThis awareness demonstrates not just technical sophistication, but economic sophistication as well,\u201d Proofpoint said in its article.<\/p>\n<p>Proofpoint advised workers to exercise caution when presented with coronavirus-themed email messages and attachments, as well as links and websites that could be used by criminals as lures.<\/p>\n<p>Meanwhile, health officials in\u00a0Canada\u00a0have repeatedly stressed that the coronavirus currently poses a low risk to the public in this country. Seven cases have been identified in\u00a0Canada, while worldwide, the illness known as 2019-nCoV has sickened more than 37,000 people and killed more than 800, nearly all in China.<\/p>\n<p>Nevertheless, Canadians are being urged to remain vigilant against infection, with medical experts advising good hygiene practices such as washing hands frequently and coughing or sneezing into tissue.<\/p>\n<p>&#8212; with a file from Cassandra Szklarski in Toronto<\/p>\n<p>This report by The Canadian Press was first published Feb. 10, 2020.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>TORONTO &#8212; Criminal groups are exploiting fears over the recent novel coronavirus outbreak in an email phishing campaign directed at &hellip;<\/p>\n","protected":false},"author":33,"featured_media":244569,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[18,16],"tags":[],"class_list":["post-244568","post","type-post","status-publish","format-standard","has-post-thumbnail","category-news-ca","category-news","mauthors-the-canadian-press"],"_links":{"self":[{"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/posts\/244568","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/users\/33"}],"replies":[{"embeddable":true,"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/comments?post=244568"}],"version-history":[{"count":1,"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/posts\/244568\/revisions"}],"predecessor-version":[{"id":244570,"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/posts\/244568\/revisions\/244570"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/media\/244569"}],"wp:attachment":[{"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/media?parent=244568"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/categories?post=244568"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/tags?post=244568"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}