They’re using promises of COVID-19 information and access to pandemic-related equipment as hooks to lure people into clicking on links or downloading poisoned files.
Although hackers are employing a wide range of malware in the conduct of these campaigns, the current leader of the pack is TrickBot. That is, based on the latest data collected by Microsoft.
The company had this to say about their recent findings:
“Based on Office 365 ATP data, Trickbot is the most prolific malware operation using COVID-19-themed lures. This week’s campaign uses several hundreds of unique macro-laced document attachments in emails that pose as messages from a non-profit offering free COVID-19 tests. In a single day, SmartScreen sees and processes more than 18,000 malicious COVID-19-themed URLs and IP addresses.”
TrickBot is most commonly delivered via Emotet and is often used as part of a multi-stage attack to deploy other malware tools, with the Ryuk ransomware strain being a frequent companion. It is particularly dangerous to business owners, as it can easily spread throughout corporate networks. If it gets admin access to a domain controller, it will exfiltrate a copy of the Active Directory database, allowing its controllers to collect and make use of other network credentials.
All that to say, if Trickbot isn’t already on your radar, it probably should be. The global pandemic is making its use more widespread and more common. Hackers around the world have made it clear that no low is too low. They have every intention of exploiting the current global health crisis to the fullest extent that they can. That means that understaffed or not, companies of all shapes and sizes must continue to be vigilant.