Hackers using COVID vaccine as a lure to spread malware

Cyber criminals are impersonating WHO, DHL, and vaccine manufacturers in phishing campaigns

Security researchers have exposed a new phishing campaign that uses COVID-19 vaccine news to spread malware, phishing, and Business Email Compromise attacks (BEC).

The attacks target individuals within businesses by impersonating organizations, including the WHO, DHL, and vaccine manufacturers. The themes leveraged a range of topics, including the fear that a person had encountered an infected individual; government vaccine approvals and economic recovery fueled by the vaccine; and sign-up forms to receive the vaccine, information updates, and vaccine shipment delivery.

According to a Proofpoint blog post, the BEC attack campaigns were far more targeted. They reportedly gave information on a bogus merger/acquisition and were sent directly to senior executives in the affected organizations.

Researchers first noted the attacks in early December 2019. These emails projected that COVID-19 vaccines would fuel the world's economic recovery. The email claimed to be from an executive asking the recipient for their cooperation in a foreign company’s confidential acquisition. It alleged that this is an opportune moment to acquire, as in the "midst of every crisis lies a great opportunity." 

This month, hackers sent hundreds of messages over four days that targeted dozens of industries in the US and Canada. The emails urged the potential victims to click a link to "confirm their email to receive the vaccine.” The goal of this phishing campaign was to steal Microsoft 365 login credentials. 

“This campaign was notable because it capitalized on the recent government approval of vaccines and the rush to receive it. Specifically, the email talks about "Government approval of the COVID-19 vaccine" and provides a link where one can supposedly register to receive it. At the time of this campaign, the vaccine in the United States was still available to first responders and doctors on the front lines,” said researchers.

On January 11, researchers observed another small (under 100 emails) BEC email campaign targeting various US industries. This email only briefly mentions the COVID-19 vaccine but adds urgency - a common BEC technique - to the follow-up request: "Please give me your personal number." 

“This attempt to increase the stress by giving the recipient less time to think about their response and allowing the attacker to pivot outside of a protected ecosystem,” said researchers.

Two other campaigns abused the World Health Organization logo and name to spread trojans and keyloggers and the DHL brand to steal email login credentials. Both used news on COVID-19 vaccines to lure victims into clicking on malicious links.

Featured Resources

B2B under quarantine

Key B2C e-commerce features B2B need to adopt to survive

Download now

The top three IT pains of the new reality and how to solve them

Driving more resiliency with unified operations and service management

Download now

The five essentials from your endpoint security partner

Empower your MSP business to operate efficiently

Download now

How fashion retailers are redesigning their digital future

Fashion retail guide

Download now

Recommended

Dark web ads offering access to corporate networks increase sevenfold
hacking

Dark web ads offering access to corporate networks increase sevenfold

28 Jul 2021
Number of hacking tools increasing as cyber criminals become more organized
hacking

Number of hacking tools increasing as cyber criminals become more organized

28 Jul 2021
Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021
Criminals target Discord to spread malware
live chat

Criminals target Discord to spread malware

26 Jul 2021

Most Popular

The benefits of workload optimisation
Sponsored

The benefits of workload optimisation

16 Jul 2021
RMIT to be first Australian university to implement AWS supercomputing facility
high-performance computing (HPC)

RMIT to be first Australian university to implement AWS supercomputing facility

28 Jul 2021
Samsung Galaxy S21 5G review: A rose-tinted experience
Mobile Phones

Samsung Galaxy S21 5G review: A rose-tinted experience

14 Jul 2021