2,500 Attacks In Less Than A Day: Coronavirus Scammers Just Went Into Overdrive

The number of coronavirus-themed attacks spiked significantly on Monday, a cybersecurity researcher reported.

A wave of 2,500 infections of just two strains of malware were all delivered in COVID-19-themed emails between 10am and 5pm CET today, were discovered by Jiri Kropac, a researcher at cybersecurity company ESET. In the days before, the number of infections were only in the tens, he said.



He told Forbes he thinks hackers are made up of two different groups, though he didn’t have any more information on either. Their malware either tries to get leverage on a computer in order to download more malicious software, or it steals personal information from an infected computer. They both target Microsoft Windows machines only. The top five most-targeted countries include Spain, Portugal, Czech Republic, Malaysia and Germany.

“This is the biggest Coronavirus or COVID-19-themed malware campaign we have registered so far. Cybercriminals often jump on the hot media topic, which Coronavirus really is,” Kropac said. “They’re using it for their profit.”

He sent over one example phishing email, attempting to trick a target into opening an attachment by promising information on vaccines.



Another cybersecurity company, Proofpoint, said it had seen a massive surge in COVID-19 attacks too. “To date, the cumulative volume of coronavirus-related email lures now represents the greatest collection of attack types united by a single theme that our team has seen in years, if not ever,” it wrote in a post Monday.

Proofpoint researchers said they’d seen some groups go after entire industries, with one cybercriminal gang targeting the U.S. healthcare, manufacturing, and pharmaceuticals industries. Another group targeting the healthcare industry demanded Bitcoin payment for coronavirus remedies.



Cybercriminals have been increasingly capitalizing on the coronavirus scare in the weeks prior to today’s jump. As Forbes reported last week, a massive number of new websites had been registered using the coronavirus or COVID-19 names, some of which were already trying to infect visitors. Government hackers have been taking advantage too, with a Pakistan-linked group allegedly caught doing so on Monday too.

The U.K.’s National Cyber Security Centre released a warning today, saying it had also seen a rise in the number of COVID-19-based attacks. An arm of Britain’s spy agency GCHQ, the NCSC said it was now automatically discovering and removing malicious sites from the web.

”Continued global susceptibility to phishing will probably make this approach a persistent and attractive technique for cyber criminals. Moreover, if the outbreak intensifies, it is highly likely that the volume of such attacks will rise,” the NCSC warned.

Beware of criminals pretending to be WHO – World Health Organization Cyber Security Bulletin

Hackers and cyber scammers are taking advantage of the coronavirus disease (COVID-19) pandemic by sending fraudulent email and WhatsApp messages that attempt to trick you into clicking on malicious links or opening attachments.

These actions can reveal your user name and password, which can be used to steal money or sensitive information.

If you are contacted by a person or organization that appears to be WHO, verify their authenticity before responding.

The World Health Organization will:

never ask for your username or password to access safety information
never email attachments you didn’t ask for
never ask you to visit a link outside of www.who.int
never charge money to apply for a job, register for a conference, or reserve a hotel
never conduct lotteries or offer prizes, grants, certificates or funding through email.

The only call for donations WHO has issued is the COVID-19 Solidarity Response Fund, which is linked to below. Any other appeal for funding or donations that appears to be from WHO is a scam.

COVID-19 Solidarity Response Fund

Beware that criminals use email, websites, phone calls, text messages, and even fax messages for their scams.

You can verify if communication is legit by contacting WHO directly.

Contact WHO
Report a scam

Phishing: malicious emails and messages appearing to be from WHO
WHO is aware of suspicious email messages attempting to take advantage of the COVID-19 emergency. This fraudulent action is called phishing.

These “Phishing” emails appear to be from WHO, and will ask you to:

give sensitive information, such as usernames or passwords
click a malicious link
open a malicious attachment.

Using this method, criminals can install malware or steal sensitive information.

How to prevent phishing:

Check their email address.

Make sure the sender has an email address such as ‘person@who.int’

If there is anything other than ‘who.int’ after the ‘@’ symbol, this sender is not from WHO.

For example, WHO does not send email from addresses ending in ‘@who.com’ , ‘@who.org’ or ‘@who-safety.org’.

Check the link before you click.

Make sure the link starts with ‘https://www.who.int’. Better still, navigate to the WHO website directly, by typing ‘https://www.who.int’ into your browser.

Be careful when providing personal information.

Always consider why someone wants your information and if it is appropriate. There is no reason someone would need your username & password to access public information.

Do not rush or feel under pressure.

Cybercriminals use emergencies such as the coronavirus disease (COVID-19) pandemic to get people to make decisions quickly. Always take time to think about a request for your personal information, and whether the request is appropriate.

If you gave sensitive information, don’t panic.

If you believe you have given data such as your username or passwords to cybercriminals, immediately change your credentials on each site where you have used them.

If you see a scam, report it.

If you see a scam, tell us about it.

Report a scam

Cryptopia Exchange Hacked, Investigations by New Zealand Authorities Ongoing

Cryptopia Clarifies it was a Security Breach and Investigations are Currently Ongoing
It is with the above background that the exchange has issued one more tweet explaining the crypto exchange had suffered a security breach that resulted in significant losses. The team at Cryptopia also informed its users that they have notified all relevant Government Law Agencies in New Zealand.

According to the tweet, the exchange suffered the attack on the 14th of January. All trading and movement of funds in and out of the exchange, has also been suspended. No additional information has been provided by the exchange at the moment of writing this. A copy of the message provided on twitter by the exchange can be found below.



Cryptocurrency Market Reaction To The Hack

Many keen crypto traders and enthusiasts are curious as to how the crypto markets will handle news of the hack that was carried out on Cryptopia. One needs to only remember the market after-effects when exchanges were hacked in 2018. News of exchanges being hacked were accompanied by flash selling.

Checking the crypto markets, we find that the total market capitalization is stable at $122.482 Billion with Bitcoin (BTC) trading at $3,673. A majority of the top 100 cryptocurrencies are also in the green and exhibiting moderate gains after the weekend bloodbath.

However, a full 24 hours might be necessary to gauge the effect of the Cryptopia hack on the general feel and mood of the crypto market.

What are your thoughts on news that Cryptopia has been hacked and significant losses incurred? Please let us know in the comment section below.



President Donald J. Trump is Strengthening America’s Cybersecurity

STRENGTHENING CYBERSECURITY: President Donald J. Trump is releasing a National Cyber Strategy that will strengthen our defenses against cyber threats.

President Trump’s National Cyber Strategy identifies bold new steps the Federal Government will take to protect America from cyber threats and strengthen our capabilities in cyberspace.
It is the first fully articulated National Cyber Strategy released in 15 years.
The strategy builds on President Trump’s Executive Order “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure,” signed in May 2017.
PROTECTING THE AMERICAN PEOPLE, THE HOMELAND, AND OUR WAY OF LIFE: Strengthening American cybersecurity is central to the National Cyber Strategy.



President Trump’s National Cyber Strategy will protect American networks by:

Securing Federal networks and information and our Nation’s critical infrastructure
Combatting cybercrime and improving incident reporting
PROMOTING AMERICAN PROSPERITY: President Trump’s National Cyber Strategy will help protect cyberspace as an engine of economic growth and innovation.

President Trump’s National Cyber Strategy will promote American prosperity by:

Fostering a vibrant and resilient digital economy
Protecting American ingenuity from threats such as intellectual property theft
Developing a superior cybersecurity workforce through education and recruitment
PRESERVING PEACE THROUGH STRENGTH: The National Cyber Strategy will strengthen efforts to deter destabilizing activity in cyberspace.



The National Cyber Strategy will stand up to destabilizing behavior in cyberspace by:

Promoting responsible behavior among nation states
Working to ensure there are consequences for irresponsible cyber behavior
Launching an international Cyber Deterrence Initiative
Exposing and countering online malign influence and information campaigns
ADVANCING AMERICAN INFLUENCE: The National Cyber Strategy will preserve the long-term openness of the internet, which supports and reinforces American interests.

President Trump’s National Cyber Strategy will promote an open and secure internet by:

Encouraging Nations to advance internet freedom

Advancing a multi-stakeholder model of internet governance

Promoting open, interoperable, reliable, and secure communications infrastructure

Opening overseas markets for American ingenuity

Building international cyber capacity

COMMITTED TO A SECURE CYBER FUTURE: President Trump is committed to protecting the cybersecurity of our Nation and is implementing policies that work to achieve that objective.

The President’s National Security Strategy prioritizes keeping America safe in the cyber era.
The Trump Administration has released a number of agency-specific strategies emphasizing the importance of cybersecurity.



Is Donald Trump is a danger to national security?

An open letter signed by 50 Republican national security experts has warned that nominee Donald Trump “would be the most reckless president” in US history.

General Michael Hayden, director of the CIA between 2006 and 2009 and one of the signatories, told World at One’s Martha Kearney that the presidential nominee would be “very dangerous indeed” for national security.

Dr Michael Scheuer, a CIA officer for 22 years who has endorsed Donald Trump, said the group behind the letter “deserved to be ignored”.