In a time where Italian organisations are pushed to their limits as a result of the spread of Covid-19, cyber attackers take no pause in targeting institutions and people at a time when they’re most vulnerable. While self-isolation may mean physical distance away from you’re the comfort of your secure network, remote-working and self-isolation policies have meant that malware and phishing attacks have been on the rise.
To ensure your most sensitive data stays safe in this most exceptional of circumstances, let’s look at how the recent Italian threat landscape has been shaped by Covid-19 and how best to protect yourself.
Just Because You’re At Home, Doesn’t Mean You’re Safe…
Amidst uncertainty surrounding the distribution of healthcare information, scammers have leveraged anxiety and a change in work culture to distribute malware disguised as WHO health applications, VPNs, anti-malware suites and more.
According to a Cynet study, the rate of attacks on Italian organisations has roughly risen by 48% rise over the period between February 15 to March 15 – more than double the number of attacks on other European countries in the same period.
(Source: Cynet)
The study showed that these threats came in two forms: attempts to capture sensitive employee data and weaponised emails. A shift to remote working around the world has meant that many employees are forced to use personal machines to access privileged information – information that would have otherwise been protected behind anti-malware software.
Proofpoint, ItaliaSec 2020’s Official Sponsor, observed an increase in phishing emails claiming to be “awareness training or refunds for event cancellations”. Their Attack Spotlight team highlighted that one of the most common types of phishing email were those claiming to be the WHO.
A marked increase in phishing attacks as a result of Covid-19 also led Cybereason, our 2020 Hosting Sponsor, to observe a spike in malware attacks in Italy following a similar trend in East Asia – once again posing as a health official from the Italian arm of the WHO talking about sanitary measures related to the virus.
(Source: Cybereason)
Of these weaponised campaigns, the Cynet team noted that only 21% of these emails were simplistic in their attack, i.e. including explicit malware links. The vast majority of attack attempts were seen to be through more advanced methods, weaponising documents through macros (32%), office exploits (12%) and links to malicious websites (35%).
Deep dives conducted by teams at Sophos and Yoroi respectively, saw that the TrickBot malware would be embedded into word documents claiming to have vital information concerning the virus. The banking malware Emotet, on the other hand, was used to exfiltrate sensitive personal information such as banking details and login credentials.
The Yoroi team went a step further to identify a malicious file named “CoronaVirusSafetyMeasure_PDF.exe” that has been distributed as an attachment that poses as a PDF containing precautionary guidelines. They found that upon opening the file, it installed the RatRemos keylogger to steal passwords to online services, offloading them to an external server.
Malware attacks on the Italian population have become so widespread that the Italian Police sent out a tweet warning customers of the Intesa San Paolo and Monte dei Paschi banks to ignore any emails claiming to be from a healthcare professional.
#Coronavirus🔴Alert #phishing #Poliziapostale individua campagna malevola ai danni di utenti @intesasanpaolo @montepaschi
Inviata mail con falsa informativa e comunicazione urgente su emergenza sanitaria
Non aprire allegati e segnala casi sospetti su sito https://t.co/N9qwrgwYoU pic.twitter.com/GUqDvfJ0Zc— Polizia di Stato (@poliziadistato) February 28, 2020
How Can We Protect Ourselves?
In a time where operational capacities are at their breaking point and working lives have changed for the foreseeable future, keeping yourself cyber secure is one way to ease the anxiety of self-isolation. So… what steps can we take to secure ourselves at home?
- If you receive an email, don’t immediately click on any links or attachments
- Hover over any links to see the destination URL, verifying the address yourself
- Contact a member of the appropriate should you have any doubts concerning the email
As attackers take advantage of the current climate, be sure to take the time to stay up to date on the developments surrounding cyber security in the region.
While we stay at home to stay safe from the virus, let’s stand strong in the face of cyberattacks, together.
——–
If you’d like to learn more about keeping yourself secure or would simply like to join a growing community of Italian IT security professionals, get involved here.
