TTPs for COVID-19 Threats

This week we're exploring Tactics, Techniques and Procedures (TTP) related to COVID-19 threats. As with many disasters, cyber criminals are hoping to exploit people who are trying to find helpful information online and may be more likely to open sketchy links or email attachments. Therefore, the best ways to protect your organization is to understand what these threats look like, how they work, and who may be behind them, all of which requires that you understand the TTPs being used. So, check out this episode to learn about TTPs for COVID-19 threats. If you are enjoying these episodes, have ideas around topics, or would like to be on a future episode, contact us at pwned @ nuharborsecurity.com

Episode Transcript: PWNED Transcripts - S2E4 - TTPs for COVID-19 Threats

Check out NuHarbor Security for complete cyber security protection for your business and a security partner you can trust.
Website: www.nuharborsecurity.com
Facebook: www.facebook.com/nuharbor/
Twitter: @nuharbor
LinkedIn: www.linkedin.com/company/nuharbor/
Instagram: www.instagram.com/nuharborsecurity/

Covid-19 related TTPs:

Malware / Attack	Phishing
Geography / Industry	Japan
Lure	Coronavirus
Info	Microsoft Word with malicaious VBA macro. Installs Emotet via Powershell.

Malware / Attack	Phishing
Geography / Industry	United States
Lure	"COVID-19 — Now Airborne, Increased Community Transmission", appears to be from the CDC.gov (headers manipulated)
Info	Originally identified by Cofense, When victims click on the embedded link, they are redirected to a Microsoft Outlook login page, and upon entering their legitimate credentials, are further redirected to a legitimate website of the CDC.

Malware / Attack	Phishing
Geography / Industry	Italy
Lure	"Coronavirus: informazioni importanti su precauzioni", appears to be from “Dr. Penelope Marchetti,” an employee of the WHO in Italy.
Info	Emails contain Microsoft Office Documents with VBA macros that installs Trickbot Malware that steals personal information or installs additional malware.

Malware / Attack	Phishing
Geography / Industry	South Korea
Lure	Varying subject lines that claim to information about South Korea's response to COVID-19.
Info	Emails contain Microsoft Word documentation that installs the North Korea's BabyShark Malware.

Malware / Attack	Phishing
Geography / Industry	United States
Lure	Email claiming to provide victims with information on global FedEx operations while the COVID-19 outbreak continues.
Info	Emails contained an attachment titled “Customer Advisory.PDF. exe” that, when opened, infected the victim with the Lokibot malware

Malware / Attack	Phishing
Geography / Industry	United States
Lure	Email claiming to provide victims with information on global FedEx operations while the COVID-19 outbreak continues.
Info	Emails contained an attachment titled “Customer Advisory.PDF. exe” that, when opened, infected the victim with the Lokibot malware

Malware / Attack	Phishing
Geography / Industry	United States
Lure	COVID-19 type content
Info	Originally identified by Proofpoint, These attacks involved emails that contained Microsoft Office document attachments designed to lure victims and exploit a Microsoft Office vulnerability, tracked as CVE-2017-11882, which allows attackers to run arbitrary code in the context of the current user ultimately installing AZORult malware.

Malware / Attack	Phishing
Geography / Industry	United States
Lure	COVID-19 emails from CDC.gov
Info	URL contained within a phishing email led to a fake Microsoft Outlook login page, designed to convince victims to input their credentials. In another instance, victims were asked to donate Bitcoin to the CDC to aid in the pursuit of a vaccine.

Justin Fimlaid

Justin (he/him) is the founder and CEO of NuHarbor Security, where he continues to advance modern integrated cybersecurity services. He has over 20 years of cybersecurity experience, much of it earned while leading security efforts for multinational corporations, most recently serving as global CISO at Keurig Green Mountain Coffee. Justin serves multiple local organizations in the public interest, including his board membership at Champlain College.

TTPs for COVID-19 Threats

Related Posts

Latest Pwned episodes