How to manage COVID-19 misinformation and trickery - Image credit- Gerd Altmann from PixabayCybercriminals continue to take advantage of COVID-19 to initiate a multitude of phishing attacks, with their tactics and strategies becoming more sophisticated and focused.

An extensive number of them are leveraging phishing campaigns to deliver malware globally. They are also employing ransomware under the guise of security software. For instance, victims are unknowingly installing the BlackNet RAT Trojan. It is a malicious program that tricks users into installing a fake antivirus solution that promises to protect against the COVID-19 virus.

Recently, ransomware called CoronaVirus is being distributed through a website. It claims to encourage the use of system optimization software from WiseCleaner. The active downloads on this website distribute a file called WSHSetup.exe. It acts as a downloader, not only for the CoronaVirus ransomware but for a password-stealing trojan called Kpot.

If this trojan successfully executes, it attempts to steal login credentials and cookies from internet browsers, VPNs, email accounts, messaging programs, cryptocurrency wallets, and other services.

Business Email Compromise (BEC) attacks have seen an incredible spike too. Incredibly large budgets for healthcare items coupled with short timelines to secure products provides the perfect opportunity for individuals with a lack of remorse to capitalize. Groups participating in BEC demonstrate an abundance of this characteristic particularly well when targeting those in need.

COVID-19 is targeting the vulnerable

Healthcare services around the world are coming under repeated attack during the current crisis. Cybercriminals are using ransomware, malware and the attempted theft of critical medical records. These are worrying times, which is why NTT Ltd recently announced the provision of emergency cybersecurity incident response services – at no cost – to help frontline hospitals.

Quite simply, misinformation and trickery are spreading across the globe as a result of COVID-19. No country is immune. Just as the virus has spread from country to country, so are the associated threats. Scammers are taking advantage of it and targeting vulnerable people and businesses.

COVID-19 will continue to be used as a lure. Daily, cybercriminals register around 2000 coronavirus-themed web domains – and likely will be for the duration of the pandemic. Additionally, new versions of these lures targeting new countries will emerge. It is likely to continue – even as the world goes into recovery mode – using subjects such as “COVID Cure” or “COVID Resurgence”.

The impact these types of attacks can have on organizations is enormous. They could lead to a loss in customer confidence, reputational damage and direct financial loss. There is also the risk of a financial penalty from an industry body or government if the appropriate measures weren’t there in the first place.

Keep calm and step up security

At a time when the whole world seems to be off-balance, it is always important to remember to keep calm and refocus. A lot is going on in the world, but organizations must keep their composure. Right now is a great time for organizations to review and step up their employee training and awareness programmes. It should include extending training beyond phishing awareness and password hygiene to educating staff more broadly about common internet scams.

Additionally, ensure any corporate mobile devices or BYOD laptops, handsets and tablets are protected with antivirus and/or screened before being allowed to connect to the corporate network. This is especially important as remote working becomes the new normal. It is an important topic that we cover in the April 2020 edition of our GTIC Monthly Threat Report.

Three steps to help protect against BEC attacks

To protecting against BEC attacks, organizations should also review their supporting processes and corporate culture to ensure employees can determine if a communication is authentic or not. Here are a few things that everyone can do:

  • Avoid posting excessive information to social media about their job responsibilities, the names of their managers, colleagues, and employees etc. An attacker could harvest this information and use it against you or your coworkers to conduct a BEC attack.
  • Before fulfilling any sensitive requests in emails, look for signs of a BEC attack. For example, the use of a copycat domain name or unexpected email content from the sender.
  • Immediately communicate with security management and coworkers if an attempted BEC attack is detected. Relay that information to the rest of the workforce.

Malware campaigns and BEC attacks rely on the fact that many people are scared. By staying calm and assisting in helping to calm the workforce, many of these scams will fail. What’s more, since many phishing campaigns related to coronavirus rely on people’s fear of inadequate knowledge of the virus. Organizations should provide their workforce with trustworthy resources with information related to coronavirus.

Cybersecurity means focusing on what is critical

Finally, while organizations can never be 100% protected from an opportunist threat actor, what’s certain is the need to ensure cybersecurity is core to their overall business strategy. It means focusing on what’s critical in the organization and putting the right protection in place right from the beginning – across business process, technology, services and people.

It can seem like a daunting task which is why many businesses are looking to work with Managed Security Services (MSS) providers. These strategic partners can deliver innovative solutions to bolster organizations’ cyber resilience. Plus, they can help organizations ensure all of their people – from the bottom up – are aware of cybersecurity and the current risks.

COVID-19 has generated a sprawling web of cybersecurity risks. As the number of COVID-19 cases and publicity rises globally, cybercriminals exploiting this global crisis will also increase. Our biggest job is trying to manage these risks as we try to go about our lives. This can be achieved – by using common sense and implementing best practices in all aspects of the network environment.


NTT Ltd. is a leading global technology services company. We partner with organizations around the world to shape and achieve outcomes through intelligent technology solutions. For us, intelligent means data driven, connected, digital and secure. As a global ICT provider, we employ more than 40,000 people in a diverse and dynamic workplace that spans 57 countries, trading in 73 countries and delivering services in over 200 countries and regions. Together we enable the connected future.

Visit us at

Previous articleFCA delays Strong Customer Authentication (SCA) to 2021
Next articleBlockchain Catch-up (w/c 4th May, 2020)
Rob Kraus, Sr. Director, Global Threat Intelligence Center Operations, NTT Security
Rob works with the NTT Ltd. Global Threat Intelligence Center (GTIC) team of threat intelligence analysts and drives production of threat communications for NTT Ltd. clients. He also builds relationships with intelligence partners to ensure productive collaboration through threat intelligence alliances. Previously, Rob was a manager within its Professional Security Services group. Prior to NTT, Rob was the Supervisor for the Remote Security Services team at Digital Defense, located in San Antonio, Texas. Rob’s background also includes working as a security analyst for AT&T during the initial deployment of the AT&T U-verse service offering, as well as provisioning, optimizing, and testing long haul OC-192 fiber-optic networks while with Nortel Networks. Rob regularly speaks at information security conferences and educational institutions to keep the information security community informed of current security trends and attack methodologies. Rob is also the author of the Seven Deadliest Windows Attacks and Co-Author for the Seven Deadliest Network Attacks books, part of Syngress Publishing’s Seven Deadliest Attack Series. Rob is a Certified Information Systems Security Professional (CISSP), specializing in risk mitigation, vulnerability research, threat intelligence, web application security, penetration testing, and social engineering.


Please enter your comment!
Please enter your name here