Coronavirus Emails to target Healthcare Companies, Hackers using fake HIV test results

The world of cybercriminals has proved to have gone rogue this time when they chose to play with fears of public health.

Phishing attempts were first reported in January which was connected to the novel coronavirus( SARS-CoV-2) but in the meanwhile, another scam relating to public health was being set up.

 When the news of fake HIV results and prudent information on Coronavirus came up recently on 10th March 2020, people started to panic, especially the health care service providers.

A group of cyber frauds started faking HIV test results that were injected with malicious codes and being sent by emails to people according to research from Proofpoint-a cybersecurity research firm. 

People working in industries like healthcare, insurance and pharmaceutical companies around the world were all believed to be the target of these attacks according to a blog post by Proofpoint.

Proofpoint gathered concrete evidence on the case that proved it to be 100% true. 

Not only that, but they have also used the name of Vanderbilt University’s renowned medical center to make the ruse more authentic to people, Sherrod DeGrippo, Head of the threat research and detection team at Proofpoint said to BuzzFeed News.

Phishing lures related to health are not uncommon, said DeGrippo.

He says “The psychology behind this is: whether or not you recently went through an HIV test, it is very likely that you would still want to have a glance at the HIV test results”.

  “And so it starts from a fear-based emotion to a secondary emotional reaction that is being curious”, Degrippo said to CyberScoop.

He also added that “they happen to have grown more favorable to cybercrooks since the emergence of the novel coronavirus on December,19 which infected more than 100,000 people worldwide.

The designed fake HIV test results and integrate them into the mail in such a way that they looked like they come from Vanderbilt University.

 And more interestingly they sent emails to insurance, pharmaceuticals and healthcare companies which included a spreadsheet with the subject line labeled as “Test Result of Medical Analysis”, which when downloaded, a pop up appeared suggesting to install macros, which were in injected with deadly malware named as the Koadic Remote Access Trojan.

“Coronavirus has been exhausting for us,” DeGrippo told CyberScoop.

This malware has the potential to breach and steal sensitive and personal information, including monetary information too. People from the research center have observed a few applications like Adobe, Office 365 and DocuSign designed with coronavirus themed emails to have been used to steal personal details.

Who were the targets of Coronavirus themed Cyber fraud campaigns?

Those emails were mainly targeted to industries like healthcare, pharmaceuticals, insurance and other industries such as higher education, construction, retail, and transportation.

According to the statement by DeGrippo, the hackers were a group of Russian speaking individuals who were financially instigated. They sent approximately around 200 emails to employees of big pharma, insurance, and healthcare companies in North America. 

The Koadic RAT was used by the hacker to track keystrokes so that they could upload their malicious codes on the victim’s computer.

DeGrippo also mentioned that the hackers bought a list of corporate email addresses from the black market, designed the mail and sent to corporate workers who were worth targeting like someone working as a manager.

Proofpoint said that they neutralized all attacks on their own clients, so they doubted if one of their clients could be a victim of these why not other people. 

When the health-related phishing was going out of hand and had no signs of stopping, the department of Homeland Security’s Cybersecurity wing had to voice in.

Both the Homeland’s cybersecurity wing and Federal Trade Commission warned of coronavirus related cyber fraud.

A cyber threat sharing bureau working for healthcare organizations, Health Information Sharing and Analysis Center (H-ISAC), just now warned the members of the hackers exploiting the Coronavirus and suggested them to patch their systems.

Existing tension around the world made it easy for hackers to get attention, COVID-19 is definitely a larger opportunity for cybercriminals to exploit than other health issues, said H-ISAC’s chief security officer Errol Weiss.

“Cyber Frauds are making use of phishing lures playing the Coronavirus themed fear-based campaigns for almost anything. From compromising company emails to stealing credentials to ransomware attacks across different sectors as mentioned above, they have billions in the world that they could target”, said Weiss via an email to Cyberscoop.

Not only the U.S and Japan were the targets of these fake coronavirus schemes. Few other countries like Australia and Italy were also in the line of target said the researchers.

The cybercrook occurred when they chose to target people by the name of the Centers for Disease Control and Prevention (CDC) with fake information on coronavirus, said a security analyst from Kaspersky.

A relatively new survey from cybersecurity agency Mimecast and the Health Information Management and Systems Society dug out that 90 % of organizations encountered email attacks in the past few years. Among the 90 %, 25% had to go through severe attacks.

Healthcare data breach costs 

The healthcare data breach overall cost a fortune, amounting to $6.45 million on an average.

The most common cause of this disruptive attack was done via mail(61%), followed by credential targeted attacks numbered up to 57% and threat initiated attack by cyber frauds stole user’s login credentials (35%).

The most common loss was productivity by 55%, followed by data loss by 34 % and ending to financial loss by almost 17%.

In precaution, the healthcare providers are tightening their cybersecurity defense trying to implement cybersecurity technologies. More than 80 % of the organizations have installed next-gen firewalls and 79% have secured their emails.

On the other hand, the world of cyber frauds is on the rise, struggling to get industrialized and advanced than before.

This is why most of the organizations have strengthened their defense system and others are on the same line.

Take Away

The tension doesn’t end here, as the cybercriminals are trying to advance their techniques. So, IT professionals must try to build a business process in such a way that it works as a shield for any known attacks. Organizations are investing in rock-solid defense mechanisms so far and more are left to implement.

You can always be defensive if you can’t play offensive.