TORONTO — Criminal groups are exploiting fears over the recent novel coronavirus outbreak in an email phishing campaign directed at the global shipping industry, according to a report issued Monday by a California-based cybersecurity firm.
Proofpoint said the new campaign uses emails with bogus Microsoft Word attachments that are designed to install a type of malware known as AZORult.
AZORult has been around since at least 2016 and can be used to install ransomware, which is designed to lock legitimate users out of their computer systems until a ransom is paid.
“In these (coronavirus-related) attacks, we don’t see AZORult downloading ransomware currently,” Proofpoint said.
“However, because of AZORult’s configurable nature and past use in conjunction with ransomware that remains a real threat.”
Proofpoint didn’t provide statistics on how many actual coronavirus-themed malicious emails have been detected or how much damage has been caused by coronavirus-themed malicious emails.
U.S. cybersecurity firm Sophos said last week that it had learned of a scam that used faked emails pretending to be safety instructions from the World Health Organization.
“Fortunately, at least for fluent speakers of English, the criminals have made numerous spelling and grammatical mistakes that act as warning signs that this is not what it seems,” Sophos said in a blog post dated Feb. 5.
Proofpoint said in its posting that the narrowly focused campaign it detected seems to originate from Russia and Eastern Europe but there’s no evidence linking the actors to a known criminal group.
However, it says the attackers seem to be sophisticated and have targeted industries that are susceptible to shipping disruptions including manufacturing, industrial, finance, transportation, pharmaceutical and cosmetic companies.
“A coronavirus-related shipping supply disruption would negatively impact each of the company types listed above and it’s clear these attackers are aware that a major event like coronavirus can have secondary impacts on industries.”
“This awareness demonstrates not just technical sophistication, but economic sophistication as well,” Proofpoint said in its article.
Proofpoint advised workers to exercise caution when presented with coronavirus-themed email messages and attachments, as well as links and websites that could be used by criminals as lures.
Meanwhile, health officials in Canada have repeatedly stressed that the coronavirus currently poses a low risk to the public in this country. Seven cases have been identified in Canada, while worldwide, the illness known as 2019-nCoV has sickened more than 37,000 people and killed more than 800, nearly all in China.
Nevertheless, Canadians are being urged to remain vigilant against infection, with medical experts advising good hygiene practices such as washing hands frequently and coughing or sneezing into tissue.
— with a file from Cassandra Szklarski in Toronto
This report by The Canadian Press was first published Feb. 10, 2020.
The Canadian Press