Healthcare


  • QNodeService: Node.js Trojan Spread via Covid-19 Lure

    May 14, 2020

    We recently noticed a Twitter post by MalwareHunterTeam that showed a Java downloader with a low detection rate. Its name, “Company PLP_Tax relief due to Covid-19 outbreak CI+PL.jar”, suggests it may have been used in a Covid-19-themed phishing campaign. Running this file led to the download of a new, undetected malware sample written in Node.js; this trojan ...

  • COVID-19 blamed for 238% surge in cyberattacks against banks

    May 14, 2020

    The coronavirus pandemic has been connected to a 238% surge in cyberattacks against banks, new research claims. On Thursday, VMware Carbon Black released the third edition of the Modern Bank Heists report, which says that financial organizations experienced a massive uptick in cyberattack attempts between February and April this year — the same months in which COVID-19 began to spread ...

  • Tropic Trooper’s Back: USBferry Attack Targets Air-gapped Environments

    May 12, 2020

    Tropic Trooper, a threat actor group that targets government, military, healthcare, transportation, and high-tech industries in Taiwan, the Philippines, and Hong Kong, has been active since 2011. The group was reportedly using spear-phishing emails with weaponized attachments to exploit known vulnerabilities. Primarily motivated by information theft and espionage, the group has also been seen adopting different strategies such ...

  • COVID-19 Themed Malware Within Cloud Environments

    May 11, 2020

    Unit 42 researchers found that public cloud infrastructure has communicated with domains known to distribute COVID-19 themed malware. On March 24, 2020, Unit 42 published a blog discussing attack patterns used by malicious actors in relation to the novel Coronavirus (COVID-19). Taking these findings a step further, researchers attempted to uncover if there are malicious COVID-19 related ...

  • Zeus Sphinx revamped as coronavirus relief payment attack wave continues

    May 11, 2020

    The Zeus Sphinx banking Trojan is now receiving frequent updates and upgrades to its malicious arsenal while being deployed in active coronavirus scams. On Monday, IBM Security researcher Nir Shwarts said the company has been tracking the evolution of the malware which is based on the leaked codebase of the well-known Zeus v.2 Trojan. Zeus Sphinx — also referred ...

  • SilverTerrier: New COVID-19 Themed Business Email Compromise Schemes

    May 7, 2020

    Focusing on one of the most active subsets of the global threat landscape, Palo Alto Networks Unit 42 tracks Nigerian cyber criminals involved in Business Email Compromise (BEC) activities under the name SilverTerrier. Over the past 90 days (Jan. 30 – Apr. 30), we have observed three SilverTerrier actors/groups launch a series of 10 COVID-19 themed ...

  • DDoS attacks in Q1 2020

    May 6, 2020

    Since the beginning of 2020, due to the COVID-2019 pandemic, life has shifted almost entirely to the Web — people worldwide are now working, studying, shopping, and having fun online like never before. This is reflected in the goals of recent DDoS attacks, with the most targeted resources in Q1 being websites of medical organizations, ...

  • TrickBot Attack Exploits COVID-19 Fears with DocuSign-Themed Ploy

    May 1, 2020

    Threat actors are using people’s interest in the Department of Labor’s Family and Medical Leave Act (FMLA) to spread what appears to be the TrickBot trojan in a new spam campaign that security researchers discovered recently. Recent analysis from spam honeypots set by IBM X-Force discovered actors targeting email recipients with fake messages that claim to ...

  • Coronavirus: GCHQ gets access to NHS data to beef up security

    April 29, 2020

    Health secretary Matt Hancock has used emergency powers under the NHS Act of 2006 to give GCHQ special dispensation to access data on the NHS’s cyber security and other IT systems in order to better protect the health service from cyber attack during the Covid-19 coronavirus pandemic. Documents released by the government, which can be viewed ...

  • Academics demand answers from NHS over potential data timebomb ticking inside new UK contact-tracing app

    April 29, 2020

    A group of nearly 175 UK academics has criticised the NHS’s planned COVID-19 contact-tracing app for a design choice they say could endanger users by creating a centralised store of sensitive health and travel data about them. In the open letter published this afternoon, the 173 scholars called on NHSX, the state-run health service’s app-developing and ...

  • Remote spring: the rise of RDP bruteforce attacks

    April 29, 2020

    With the spread of COVID-19, organizations worldwide have introduced remote working, which is having a direct impact on cybersecurity and the threat landscape. Alongside the higher volume of corporate traffic, the use of third-party services for data exchange, and employees working on home computers (and potentially insecure Wi-Fi networks), another headache for infosec teams is the ...

  • Studying How Cybercriminals Prey on the COVID-19 Pandemic

    April 22, 2020

    With the spread of the coronavirus worldwide, interest is high in related topics. Accordingly, Unit 42 researchers found an immense increase in coronavirus-related Google searches and URLs viewed since the beginning of February. Cybercriminals are looking to profit from such trending topics, disregarding ethical concerns, and in this particular case preying on the misfortunes of ...

  • State-backed phishing targets U.S. Government employees with fast food lures

    April 22, 2020

    More than a dozen state-backed hacking groups are actively targeting U.S. Government employees and healthcare organizations in phishing campaigns that use lures designed to take advantage of the fears surrounding the COVID-19 pandemic. “TAG has specifically identified over a dozen government-backed attacker groups using COVID-19 themes as lure for phishing and malware attempts—trying to get their targets to ...

  • APT32 Targeting Wuhan Government and Chinese Ministry of Emergency Management

    April 22, 2020

    From at least January to April 2020, suspected Vietnamese actors APT32 carried out intrusion campaigns against Chinese targets that Mandiant Threat Intelligence believes was designed to collect intelligence on the COVID-19 crisis. Spear phishing messages were sent by the actor to China’s Ministry of Emergency Management as well as the government of Wuhan province, where COVID-19 ...

  • German government might have lost tens of millions of euros in COVID-19 phishing attack

    April 18, 2020

    The government of North Rhine-Westphalia, a province in western Germany, is believed to have lost tens of millions of euros after it failed to build a secure website for distributing coronavirus emergency aid funding. The funds were lost following a classic phishing operation. Cybercriminals created copies of an official website that the NRW Ministry of Economic Affairs had set ...

  • Gamaredon APT Group Use Covid-19 Lure in Campaigns

    April 17, 2020

    Gamaredon is an advanced persistent threat (APT) group that has been active since 2013. Their campaigns are generally known for targeting Ukrainian government institutions. From late 2019 to February of this year, researchers published several reports on Gamaredon, tracking the group’s activities. In March, we came across an email with a malware attachment that used the ...

  • Malicious Attackers Target Government and Medical Organizations With COVID-19 Themed Phishing Campaigns

    April 14, 2020

    Despite prior reporting by various sources indicating that some cyber threat attacker activity may subside in some respects during the COVID-19 pandemic, Unit 42 has observed quite the opposite with regard to COVID-19 themed threats, particularly in the realm of phishing attacks. While the various COVID-19 themed phishing campaigns observed by Unit 42 are numerous, this blog ...

  • Hackers struggle morally and economically over Coronavirus

    April 9, 2020

    With the Coronavirus pandemic in full swing, threat actors are torn about how they should operate during the pandemic, and like everyone else, are also seeing a downturn in the underground hacker marketplace. In mid-March, BleepingComputer asked numerous ransomware operators whether they would stop targeting health care companies during the Coronavirus pandemic. Some operators stated they would no ...

  • Europol: Catching The Virus Cybercrime, Disinformation And The COVID-19 Pandemic

    April 6, 2020

    Cybercriminals have been among the most adept at exploiting the COVID-19 pandemic for the various scams and attacks they carry out. With a record number of potential victims staying at home and using online services across the European Union (EU) during the pandemic, the ways for cybercriminals seeking to exploit emerging opportunities and vulnerabilities have multiplied. Read ...

  • Spearphishing Campaign Exploits COVID-19 To Spread Lokibot Infostealer

    April 3, 2020

    Researchers have discovered threat actors once again capitalizing on the COVID-19 pandemic and current attention on the World Health Organization (WHO) with a new spearphishing email designed to spread the LokiBot trojan sent using the WHO trademark as a lure. Researchers at FortiGuard Labs on March 27 first observed the malicious COVID-19-themed scam, which claims to ...