Riding on the wave of Covid-19 (Coronavirus) scares, exploiting infection concerns, cyber-criminals have added the use of fake HIV test results to target insurance, healthcare, and pharmaceutical companies globally.
Cyber-criminals have used fake certificates bearing the name of Vanderbilt University Medical Center to send purported HIV test result emails, luring the recipients of the mails to open the malicious content embedded on the message, found Proofpoint researchers.
“This low volume campaign had top targeted industries: global insurance, healthcare, and pharmaceutical organisations, but others were targeted as well. This attack leveraged Koadic RAT (random access trojan). If successful and Koadic is installed, attackers can run programs and access victims’ data, including sensitive personal and financial information,” said the Proofpoint report.
This attack remains a smaller attempt when compared to the avalanche of cyber-crime campaigns that capitalise the Coronavirus panic. Apart from phishing emails, criminals have started stocking their arsenal with fraudulent domains too.
“Since January 2020, there have been over 4,000 coronavirus-related domains registered globally. Out of these websites, three percent were found to be malicious and an additional five percent are suspicious,” said a Check Point Threat Intelligence report.
“Coronavirus-related domains are 50 percent more likely to be malicious than other domains registered at the same period, and also higher than recent seasonal themes such as Valentine’s day.”
It is a well-documented fact that healthcare is a pot of gold for cyber-criminals. Here, many of the Covid-19-themed phishing instances show that financial institutions are the largest targets, commented Will LaSala, security evangelist at OneSpan. However, most of these campaigns can be countered, he added.
“Banks and other financial institutions should adjust the rules engines on their fraud detection and prevention systems, monitor user behavior throughout the entire online banking session, and leverage machine learning and advanced risk analytics to identify abnormal user behavior in real time,” he explained.
“But be warned that not all anti-fraud systems are equal – dynamic fraud solutions that are capable of automatically operating at a lower level of trust during times of increased risk are best suited to helping banks respond to the fast-paced nature of fraud during events like the Coronavirus outbreak.”
“This latest campaign serves as a reminder that health-related lures didn’t start and won’t stop with the recent Coronavirus-themed lures we observed. They are a constant tactic as attackers recognise the utility of the health-related scare factor,” said the Proofpoint report.
“If you receive an email that claims to have sensitive health-related information, don’t open the attachments. Instead, visit your medical provider’s patient portal directly, call your doctor, or make an appointment to directly confirm any medical diagnosis or test results.”