IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Hackers using COVID vaccine as a lure to spread malware

Cyber criminals are impersonating WHO, DHL, and vaccine manufacturers in phishing campaigns

Security researchers have exposed a new phishing campaign that uses COVID-19 vaccine news to spread malware, phishing, and Business Email Compromise attacks (BEC).

The attacks target individuals within businesses by impersonating organizations, including the WHO, DHL, and vaccine manufacturers. The themes leveraged a range of topics, including the fear that a person had encountered an infected individual; government vaccine approvals and economic recovery fueled by the vaccine; and sign-up forms to receive the vaccine, information updates, and vaccine shipment delivery.

According to a Proofpoint blog post, the BEC attack campaigns were far more targeted. They reportedly gave information on a bogus merger/acquisition and were sent directly to senior executives in the affected organizations.

Researchers first noted the attacks in early December 2019. These emails projected that COVID-19 vaccines would fuel the world's economic recovery. The email claimed to be from an executive asking the recipient for their cooperation in a foreign company’s confidential acquisition. It alleged that this is an opportune moment to acquire, as in the "midst of every crisis lies a great opportunity." 

This month, hackers sent hundreds of messages over four days that targeted dozens of industries in the US and Canada. The emails urged the potential victims to click a link to "confirm their email to receive the vaccine.” The goal of this phishing campaign was to steal Microsoft 365 login credentials. 

“This campaign was notable because it capitalized on the recent government approval of vaccines and the rush to receive it. Specifically, the email talks about "Government approval of the COVID-19 vaccine" and provides a link where one can supposedly register to receive it. At the time of this campaign, the vaccine in the United States was still available to first responders and doctors on the front lines,” said researchers.

On January 11, researchers observed another small (under 100 emails) BEC email campaign targeting various US industries. This email only briefly mentions the COVID-19 vaccine but adds urgency - a common BEC technique - to the follow-up request: "Please give me your personal number." 

“This attempt to increase the stress by giving the recipient less time to think about their response and allowing the attacker to pivot outside of a protected ecosystem,” said researchers.

Two other campaigns abused the World Health Organization logo and name to spread trojans and keyloggers and the DHL brand to steal email login credentials. Both used news on COVID-19 vaccines to lure victims into clicking on malicious links.

Featured Resources

Activation playbook: Deliver data that powers impactful, game-changing campaigns

Bringing together data and technology to drive better business outcomes

Free Download

In unpredictable times, a data strategy is key

Data processes are crucial to guide decisions and drive business growth

Free Download

Achieving resiliency with Everything-as-a-Service (XAAS)

Transforming the enterprise IT landscape

Free Download

What is contextual analytics?

Creating more customer value in HR software applications

Free Download

Recommended

Google rescinds mandatory vaccination policy for US staff
Business operations

Google rescinds mandatory vaccination policy for US staff

24 Feb 2022
How coronavirus has accelerated the digital transformation of Britain's public sector
public sector

How coronavirus has accelerated the digital transformation of Britain's public sector

28 Jan 2022
Hackers use Linux backdoor on compromised e-commerce sites with software skimmer
malware

Hackers use Linux backdoor on compromised e-commerce sites with software skimmer

19 Nov 2021
Iranian hackers ramp up attacks against IT services sector
hacking

Iranian hackers ramp up attacks against IT services sector

19 Nov 2021

Most Popular

Open source packages with millions of installs hacked to harvest AWS credentials
hacking

Open source packages with millions of installs hacked to harvest AWS credentials

24 May 2022
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
Microsoft finally adds Power BI integrations to PowerPoint and Outlook
business intelligence (BI)

Microsoft finally adds Power BI integrations to PowerPoint and Outlook

25 May 2022