The U.S. and U.K. governments have issued new alerts warning users not to click on any suspicious email or text message links linked to government bailout funds,media reported. The new coronavirus, called COVID-19 Exploited by Malicious Cyber Actors, highlights the many ways in which the virus is exploited by bad guys.
This is a joint alert issued by the Department of Homeland Security (DHS) CyberSecurity and Infrastructure Security Agency (CISA) and the UK National Cyber Security Center (NCSC).
According to the statement, government security agencies have seen a large number of scams linked to the new corona virus, carried out by Advanced Persistent Threat (APT) organizations and cybercriminals. Like many scams, perpetrators deceive their goals through fear and trust.
The most common of these scams are phishing scams. Malicious stoking comes from a reputable organization — such as the government or the victim’s bank — and sending them emails or text messages. A message that is sent usually states that the victim’s account needs to be verified or that additional information needs to be provided via the link provided. You can then use this information to sign in to the account in question.
New malware is also using coronavirus (coronavirus) or new coronavirus-themed bait to spread itself out. By installing malware on a victim’s computer, cybercriminals can monitor users’ activities and steal login data from sensitive websites such as credit cards and banks. Malware often masquerades as attachments to emails or files shared on social media.
The warning reads: “NCSC observed that various e-mail messages were deployed with Agent Tesla Keylogger malware. The e-mail was faucet, sent by Dr. Tandese Adanom, Director-General of WHO. The mail campaign began on Thursday, March 19, 2020. Another similar mail campaign says thermometers and masks can be provided to combat the epidemic. The email claims to attach a picture of the medical products, but it actually contains agent Tesla’s loader. “
Finally, the warning also warns people to be aware of security when using virtual private networks (VPNs) and video conferencing software. There are known vulnerabilities that are affecting VPN products from companies such as Pulse Secure, Fortinet and Palo Alto. Both Zoom and Microsoft Teams have published cases of fraud related to their video conferencing software.