Pandemic gave a “window of opportunity” to the cyber-attacks.

Variety of fake apps offering to inform if you are infected by COVID-19, Ministry of Health sending messages with recommendations, and other practices. The goal: trick the users in order to obtain their personal data for later scam.

Being vigilant and preventive is crucial. The Guayoyo team shares recommendations based on their monitoring activities of these attack trends.

“This Covid-19 situation caught many companies off guard forcing them to grant access to information and promptly change their work schemes, in many cases, without competent advice. When effective technological adjustments are not made and users are not advised on the possible security risks, potential intruders gain effectiveness ”, explains Josmell Chavarri, Guayoyo’s co-founder.

Here some CASES to create awareness.

Covid-19 map

There is malware designed to take advantage of coronavirus concerns. Specifically, one is being distributed as a “coronavirus map”, which is one of the most searched phrases today.

This “map” is distributed in form of a web application, as a more reliable alternative to tracking the COVID-19 evolution. However, this executable hides a malware known as AZORult, which steals information.

Fake app

In European countries, a mobile application «CORONAVIRUS FINDER» was being distributed through WhatsApp messages, offering to locate those infected with Coronavirus in proximity with the user. The real intention of this application, is to steal user’s banking information for future scams.

Malicious email

This alert was communicated by the Colombian Ministry of Health, warning about a campaign circulating through email and WhatsApp, acting as the Ministry of Health, sending an attachment (PDF file) to distribute a malicious code which is installed on the users device. The objective of this campaign is to steal users personal information.

How we defend ourselves?

In recent days, Guayoyo took records of Remote Access services and VPNs exposed to the Internet in Uruguay.

All components of these technologies are at major risk when not upgraded or configured properly.

In this situation, the recommendations are:

– Protect services with robust authentication. Strengthen password policies and apply 2FA using OTP or user certificates.

– Monitor all activity on the corporate network, looking for any type of suspicious activity such as access attempts out of business hours from unknown and not confirmed locations or unidentified devices.

– Update the security patches.
84% of cyberattacks take advantage of common vulnerabilities.

– Sign-up at http://app.howlermonkey.io to track the vulnerabilities.

Guayoyo also shares a blacklist of malware campaigns related to COVID-19 IOCs,
communicated by CCN-CERT (http://ccn-cert.net/cibercovid19).

What can we do with that data?

– Proactively detect and block these scam campaigns

– Automate downloading and deploying process for these IOCs in our perimeter

– Use this data to create blocking rules on our mail servers