The surge in numbers for specific countries are also noticeable, which begs the question, why are these countries being targeted? The US, for example, remains a top target with regard to using the vaccine as a lure. In this case, it is likely that the US is a target given its part in the cold chain, as two of the major vaccine manufacturers have headquarters there.
In Europe and Asia, France and Japan were the most heavily targeted with regard to malware threats and attacks. Looking at the number of attempts and targets, we think that highly anticipated events that are being advertised to proceed this year could be driving the focus of cybercriminals. Namely, these events are the French Open, Tour de France, Rugby World Cup, and the Olympics. Both countries have announced that spectators of and participants in these events are required to have proof of vaccination, such as vaccine passports. Moreover, as countries try to welcome tourists to push economies into recovery, both France and Japan have been the first to announce that all foreign visitors will be checked by new technologies that lessen contact with airport immigration officers, such as facial recognition and biometrics.
There is also a noticeable increase in targets located in Asia and Africa. It is possible that cybercriminals have moved to impersonate legitimate entities that request for or distribute aid as a result of new record surges in infections between Q1 and Q2 within these two regions. One other possible reason for the shift in their modi operandi is the fact that vaccines have yet to reach some of the countries with higher populations in these two continents.
Since the number of malicious routines decreased during the first quarter of the year, this could imply that cybercriminals are waiting for the next development or more news about the pandemic that they can take advantage of for abuse. In the meantime, we continue monitoring these routines and techniques, as given the ongoing vaccinations worldwide, these schemes are unlikely to subside anytime soon. Cybercriminals’ attention and targets, after all, could simply shift to other countries and events. Moreover, given the Covid-19 mutations spreading in various parts of the world, cybercriminals will continue abusing this theme as a lure for more months to come.
As a result, countries that have yet to vaccinate their citizens will likely be the next targets for malicious activities following this theme. Malicious groups and cybercriminals will take advantage of these developing localized situations. They might also use any further developments to spread more false information on available “cures” and medications online.
Documentations and technologies related to the pandemic will also be a likely target. As more people look forward to travelling for business and leisure, sales and services for falsified documents will likely be rampant in the online and offline underground market, while technologies that check the health and vaccination records of people will be targets for attacks online.
Indeed, cybercriminals will continue abusing people’s need and desire for more information, especially pieces of information that suggest a “return to normalcy” in countries where infection rates are already at a decline. It is therefore likely that misinformation and fake news will still run rampant post-vaccination, including false information that could appeal to individuals who are not yet inoculated or choose not to be.
How to protect yourself from Covid-19 scams and routines
Cybercriminal groups will continue finding the most effective techniques that they can use to infect and attack systems, as well as to target unwitting individuals for profit at others’ expense. Here are some of the best practices to mitigate risks and protect yourself from these threats and scams:
- Download apps, software, and/or media only from official platforms or websites. Applications or software from unofficial platforms might have embedded malicious components in them, or might impersonate other popular apps as a lure. They might also have functions that are unrelated to their stated purposes.
- Avoid selecting embedded links in emails and text messages that prompt urgency or are from unknown senders. These links could be phishing and/or SMShing URLs that were embedded in order to gain access to devices, steal sensitive or financial information, or spread malware. These might also lead to malicious websites that intentionally infect devices for subsequent stealthy communication.
- Avoid selecting and spreading fake news, ads, or unverified information, especially on social media. Fake news headlines are structured to be clickbait: They are alarmist to capture the interest of readers and to evoke strong emotions for manipulation. These pages might redirect you to malicious websites that steal information or spread malware. Before sharing, search for other reliable and known media agencies who publish the same content to verify the accuracy of information.
Trend Micro solutions
Trend Micro continues to monitor all attacks and malicious routines related to Covid-19 that can compromise your businesses and devices. Multilayered protection is also recommended for protecting all fronts and preventing users from accessing malicious domains that could deliver malware. Trend Micro endpoint solutions such as the Smart Protection Suites and Worry-Free™ Business Security detect and block malware as well as the malicious domains they use.
As an added layer of defense, Trend Micro™ Email Security thwarts spam and other email attacks. The protection it provides is constantly updated, protecting the system from both old and new attacks. Trend Micro™ InterScan™ Messaging Security provides comprehensive protection that stops inbound threats and secures outbound data, as well as blocks spam and other email threats.
Trend Micro Phish Insight can help empower employees and users to enhance security awareness and information in recognizing threats against the organization and themselves. These simulations on the latest threats and techniques can help increase cyber awareness and change behaviors using real-world phishing campaign samples for customized training on an easy-to-use platform. Trend Micro Check can also help detect misinformation, scams, and similar online threats. A free multiplatform tool powered by artificial intelligence (AI), Trend Micro Check offers scam link detection, email security review, fact-checking of text, audio, and visuals to identify misinformation and news outlet credibility verification. Since its launch, it has identified more than two million scams and three million instances of misinformation.
Users can also benefit from security solutions that can thwart stealthy adware, such as the Trend Micro™ Mobile Security solution, which blocks malicious apps. End users can also benefit from its multilayered security capabilities that secure the device owner’s data and privacy and safeguards them from ransomware, fraudulent websites, and identity theft.
For organizations, the Trend Micro™ Mobile Security for Enterprise suite provides device, compliance, and application management, data protection, and configuration provisioning. It also protects devices from attacks that exploit vulnerabilities, prevents unauthorized access to apps, and detects and blocks malware and fraudulent websites. Trend Micro’s Mobile App Reputation Service (MARS) covers Android and iOS threats using leading sandbox and ML technologies to protect users from malware, zero-day and known exploits, privacy leaks, and application vulnerability.
Indicators of Compromise (IOCs)
You can access the link here for the full list of IOCs.