sb-au logo
Story image

Reports suggest spike in vaccine-related phishing campaigns

12 Aug 2020

When the COVID-19 pandemic picked up steam in its initial spread across the world in March, instances of pandemic-related phishing campaigns were rife across the internet. 

Thousands of email attacks and scams cropped up, and many more fell victim to them. Much of their success can be attributed to their exploitation of people’s fears around COVID-19 – many campaigns spoke of virus hotspots, or posed as government health departments to seem credible.

Now, with several months between the first reports of the virus, many phishing campaigns have changed course – instead of stoking fear, and with dozens of efforts to develop vaccines entering their final stages around the world, they are exploiting hopes for such a vaccine.

According to new research from Check Point, the primary attack delivery method is email, constituting 82% of all attack vectors for malicious files in the last month.

In these campaigns, attackers send emails with subject lines that include deceptive vaccine-related content, which inevitably conceal malicious links in the body. These links lead to a malicious file usually in the form of .exe, .xls or .doc. 

“Lately, we’re seeing a clear trend adopted by hackers:  deceive the masses by using their interest in coronavirus vaccines. Most of the campaigns involve a person’s inbox, which is concerning,” says Check Point data manager Omer Dembinsky.

“Over 80% of attacks against organisations start from a malicious email. Email is the first link in a chain of attacks. 

“Since email attacks usually involve the human factor, employees’ email inboxes are an organisation’s weakest link.”

Here are some examples included in Check Point’s research.

Subject: Urgent Information Letter: Covid-19 New Approved Vaccines

This campaign is an example of malspam, and contained malicious .EXE files with the name ‘Download_Covid 19 New approved vaccines.23.07.2020.exe’.

When a victim clicked, an InfoStealer was installed which made light work of extensive data theft, including login information, usernames and passwords from the user’s computer.

Subject: UK coronavirus vaccine effort is progressing

In this example, the phishing campaign contained a malicious link within an email - the subject line of which read 'UK coronavirus vaccine effort is progressing badly appropriate, recruiting consequence and elder adults'.

Further investigation revealed that it was used to redirect traffic to a known medical phishing website, which was trying to imitate a legitimate Canadian pharmacy.

Pandemic-related attacks are dropping

Despite overall numbers of cyber-attacks remained high in July, since its zenith in March and April, the number of COVID-19-related attacks has dropped significantly, according to Check Point researchers.

In July, there were 61,000 coronavirus-related attacks, a decrease of over 50% when compared to the weekly average of 130,000 attacks in June.

“Closing this security gap requires protections against various threat vectors: phishing, malware, data theft and account-takeover,” continues Dembinsky.

“I strongly urge everyone to closely read the subject lines of emails coming in. If it has the word “vaccine” in it, think twice. 

“Chances are that you are the threshold of being tricked into giving up your most sensitive, most private information.”