BROADCASTS.com

This week we're exploring Tactics, Techniques and Procedures (TTP) related to COVID-19 threats. As with many disasters, cyber criminals are hoping to exploit people who are trying to find helpful information online and may be more likely to open sketchy links or email attachments. Therefore, the best ways to protect your organization is to understand what these threats look like, how they work, and who may be behind them, all of which requires that you understand the TTPs being used. So, check out this episode to learn about TTPs for COVID-19 threats.  If you are enjoying these episodes, have ideas around topics, or would like to be on a future episode, contact us at pwned @ nuharborsecurity.com Episode Transcript: PWNED Transcripts - S2E4 - TTPs for COVID-19 Threats Check out NuHarbor Security for complete cyber security protection for your business and a security partner you can trust. Website: www.nuharborsecurity.com Facebook: www.facebook.com/nuharbor/ Twitter: @nuharbor LinkedIn: www.linkedin.com/company/nuharbor/ Instagram: www.instagram.com/nuharborsecurity/ Covid-19 related TTPs: Malware / Attack Phishing Geography / Industry Japan Lure Coronavirus Info Microsoft Word with malicaious VBA macro.  Installs Emotet via Powershell. Malware / Attack Phishing Geography / Industry United States Lure "COVID-19 — Now Airborne, Increased Community Transmission", appears to be from the CDC.gov (headers manipulated) Info Originally identified by Cofense, When victims click on the embedded link, they are redirected to a Microsoft Outlook login page, and upon entering their legitimate credentials, are further redirected to a legitimate website of the CDC. Malware / Attack Phishing Geography / Industry Italy Lure "Coronavirus: informazioni importanti su precauzioni", appears to be from “Dr. Penelope Marchetti,” an employee of the WHO in Italy. Info Emails contain Microsoft Office Documents with VBA macros that installs Trickbot Malware that steals personal information or installs additional malware. Malware / Attack Phishing Geography / Industry South Korea Lure Varying subject lines that claim to information about South Korea's response to COVID-19. Info Emails contain Microsoft Word documentation that installs the North Korea's BabyShark Malware. Malware / Attack Phishing Geography / Industry United States Lure Email claiming to provide victims with information on global FedEx operations while the COVID-19 outbreak continues. Info Emails contained an attachment titled “Customer Advisory.PDF. exe” that, when opened, infected the victim with the Lokibot malware Malware / Attack Phishing Geography / Industry United States Lure Email claiming to provide victims with information on global FedEx operations while the COVID-19 outbreak continues. Info Emails contained an attachment titled “Customer Advisory.PDF. exe” that, when opened, infected the victim with the Lokibot malware Malware / Attack Phishing Geography / Industry United States Lure COVID-19 type content Info Originally identified by Proofpoint, These attacks involved emails that contained Microsoft Office document attachments designed to lure victims and exploit a Microsoft Office vulnerability, tracked as CVE-2017-11882, which allows attackers to run arbitrary code in the context of the current user ultimately installing AZORult malware. Malware / Attack Phishing Geography / Industry United States Lure COVID-19 emails from CDC.gov Info URL contained within a phishing email led to a fake Microsoft Outlook login page, designed to convince victims to input their credentials. In another instance, victims were asked to donate Bitcoin to the CDC to aid in the pursuit of a vaccine.