Proofpoint researchers have uncovered a new Coronavirus-themed email attack focusing on concerns around disruptions to global shipping.
Following the classification of the Coronavirus as a global emergency, attackers are capitalising on its fears and exclusively targeting industries that are susceptible to shipping disruptions such as manufacturing, industrial, finance and transportation.
In a blog post, researchers at Proofpoint explain that the targeted email campaign involves an attached Microsoft Word document which seeks to exploit a two-and-a-half year old Microsoft Office vulnerability CVE-2017-11882.
Once the document is opened, an information stealing malware AZORult is installed. AZORult has been seen being utilsed in sextorion scams with ransomware.
“The malware actors doing this appear to be from Russia and Eastern Europe, and while they aren’t part an APT group, they clearly understand the economic concerns surrounding the Coronavirus,” wrote Proofpoint.
Organisations that have concerns around global shipping should be extra vigilant and cautious around Coronavirus-themed emails, and when opening links or documents received from unknown sources. Only earlier this week, the FTC issued a warning about ongoing scam campaigns exploiting the global health crisis.
Victoria Guilloit, Partner, Privacy Culture: “Unfortunately, world events such as the Coronavirus outbreak present an opportunity for criminals of all kinds to target vulnerable and concerned people so we all need to be extra vigilant.
“Rather than clicking on potentially malicious links or attachments in emails, the best course of action is to go to a trusted source for the latest advice. The Public Health England or World Health Organisation websites for example will contain the most up-to-date information.”
Registration now OPEN for PrivSec Global
Taking place across four days from 30 Nov to 3 Dec, PrivSec Global, will be the largest data protection, privacy and security event of 2020.
Reserve your place before 2nd October, and receive VIP access to PrivSec Global which includes priority access to limited space sessions, workshops, networking opportunities and exclusive content.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.