Hackers using COVID vaccine as a lure to spread malware

Cyber criminals are impersonating WHO, DHL, and vaccine manufacturers in phishing campaigns

COVID-19 vaccine container and syringe

Security researchers have exposed a new phishing campaign that uses COVID-19 vaccine news to spread malware, phishing, and Business Email Compromise attacks (BEC).

The attacks target individuals within businesses by impersonating organizations, including the WHO, DHL, and vaccine manufacturers. The themes leveraged a range of topics, including the fear that a person had encountered an infected individual; government vaccine approvals and economic recovery fueled by the vaccine; and sign-up forms to receive the vaccine, information updates, and vaccine shipment delivery.

According to a Proofpoint blog post, the BEC attack campaigns were far more targeted. They reportedly gave information on a bogus merger/acquisition and were sent directly to senior executives in the affected organizations.

Researchers first noted the attacks in early December 2019. These emails projected that COVID-19 vaccines would fuel the world's economic recovery. The email claimed to be from an executive asking the recipient for their cooperation in a foreign company’s confidential acquisition. It alleged that this is an opportune moment to acquire, as in the "midst of every crisis lies a great opportunity." 

This month, hackers sent hundreds of messages over four days that targeted dozens of industries in the US and Canada. The emails urged the potential victims to click a link to "confirm their email to receive the vaccine.” The goal of this phishing campaign was to steal Microsoft 365 login credentials. 

“This campaign was notable because it capitalized on the recent government approval of vaccines and the rush to receive it. Specifically, the email talks about "Government approval of the COVID-19 vaccine" and provides a link where one can supposedly register to receive it. At the time of this campaign, the vaccine in the United States was still available to first responders and doctors on the front lines,” said researchers.

On January 11, researchers observed another small (under 100 emails) BEC email campaign targeting various US industries. This email only briefly mentions the COVID-19 vaccine but adds urgency - a common BEC technique - to the follow-up request: "Please give me your personal number." 

“This attempt to increase the stress by giving the recipient less time to think about their response and allowing the attacker to pivot outside of a protected ecosystem,” said researchers.

Two other campaigns abused the World Health Organization logo and name to spread trojans and keyloggers and the DHL brand to steal email login credentials. Both used news on COVID-19 vaccines to lure victims into clicking on malicious links.

Featured Resources

Security analytics for your multi-cloud deployments

IBM Security QRadar SIEM solution brief

Download now

Five reasons to move to the cloud

Join the enterprises moving their workloads to the cloud

Download now

Architecting hybrid IT and edge for digital advantage

Why business leaders should consider a hybrid IT strategy

Download now

Six reasons to accelerate remote asset monitoring with AI

How to optimise resources, increase productivity, and grow profit margins with AI

Download now

Recommended

Lazarus APT hacking group is targeting the defense industry
Security

Lazarus APT hacking group is targeting the defense industry

26 Feb 2021
FedEx and DHL phishing emails target Microsoft users
phishing

FedEx and DHL phishing emails target Microsoft users

24 Feb 2021
Cyber security firm saw attacks rise by 20% during 2020
cyber security

Cyber security firm saw attacks rise by 20% during 2020

23 Feb 2021
Hackers are using Google Alerts to help spread malware
hacking

Hackers are using Google Alerts to help spread malware

22 Feb 2021

Most Popular

How to build a CMS with React and Google Sheets
content management system (CMS)

How to build a CMS with React and Google Sheets

24 Feb 2021
Oxford University COVID lab falls victim to hackers
hacking

Oxford University COVID lab falls victim to hackers

26 Feb 2021
Npower shuts down app after hackers steal user data
hacking

Npower shuts down app after hackers steal user data

25 Feb 2021