Val Saengphaibul and Fred Gutierrez, Threat Analysts at FortiGuard Labs, a part of Fortinet® (NASDAQ: FTNT), a global leader in broad, integrated, and automated cybersecurity solutions has recently issued a special Threat Analysis Report.
For the first quarter of 2020, coverage on the Coronavirus/COVID-19 outbreak has dominated the 24-hour global news cycle. Government leaders, scientists, and health professionals worldwide suggest that this is not merely an epidemic, but a potential pandemic crisis.
As individuals worldwide fixate on this global health emergency, combining legitimate sources and news feeds with rampant rumors and amateur reports on social media, bad actors know that events like this are the perfect opportunity for exploitation.
And the easiest and fastest way to exploit a target, whether an individual or an organization, is through social engineering attacks. These attack vectors are the fastest to spin up, and have the highest rate of return.
This is especially true as drive-by downloads become less common due to security vendors improving response times and security posture by the timely patching of vulnerabilities.
And social engineering attacks are especially attractive because, regardless of whatever technological security measures in place, the human psyche is the weakest link in any security systems as it is the easiest to exploit.
Coronavirus-related Threat Activity
Over the past several weeks, FortiGuard Labs has been observing a significant increase in both legitimate and malicious activity surrounding the Coronavirus. We’ve seen benign emails containing documents with guidance from HR departments, to emails from distribution companies selling masks, gloves, and other protective equipment that at first appeared to contain suspicious links, but in fact have been benign as well.
And we and other threat researchers have documented malicious attacks leveraging the Coronavirus outbreak theme. Threat findings via OSINT channels have yielded multiple themes, such as those appearing to be reports from trusted sources, such as governmental agencies, news outlets, etc. but that were actually malicious. It is also important to note that we are likely only scratching the surface on observable attacks as this is a global outbreak, and most of our observations have been in English or languages utilizing ASCII (ISO-8859) characters.
The issue has now become so problematic that the World Health Organization (WHO) recently issued a statement on their website titled, Beware of criminals pretending to be WHO. The UN also recently added an advisory on the 29th of February as well reminding citizens to be vigilant of such scams.