The Current Corona Virus Crisis

We are all very much aware of the current Coronavirus crisis. Of course, all of us want information on the virus and constantly reach out for news and updates. Cyber attackers have taken advantage of this and responded with a virtual barrage of coronavirus deceptions designed to compromise our endpoints and allow them to infiltrate our networks. As always, when they can elicit user cooperation to click a link or an attachment, they can often get past much of the endpoint security available today and begin their reconnaissance within the networks. The barrage has taken form as phishing campaigns, new exploits, and malware linked to the virus across a wide variety of attack vectors. The use of current events for malicious attackers is de rigueur. They constantly socially engineer lures in our email and web-based advertisements on popular personalities, trending topics, and other noteworthy events.

Most amazingly, is that many ads and emails related to purchasing basic commodities which are now in short supply due to Coronavirus are packaged as offers for malware-tainted outreach for toilet paper, thermometers, N95 masks, and more! The keyword Coronavirus is getting bid up on search engines, in substantial part by the criminals that want to place their lures closer to you.

An Attacker Campaign

In early March Reason Security identified an attacker campaign that embedded the AZORult information stealer inside of a Coronavirus map. This campaign deployed a duplicate of a legitimate Coronavirus dashboard produced originally by Johns Hopkins University. The key to this attack is to gain the target’s cooperation to download and execute CoronaMap.exe. The cybercriminals involved in this attack have previously launched attacks using malvertisements (bogus malware-laden advertisements posted through legitimate advertising networks) then when clicked, also downloaded malware.

Also in March a Coronavirus campaign the Agent Teslainfostealer was discovered delivering malware via email. Agent Tesla is one of many keyloggers that can capture your keystrokes, credentials, and other information. Once stolen, this information is passed clandestinely to their command and control servers. These campaigns prey upon intended victims and the current Coronavirus pandemic by sending a barrage of emails with titles that reference Coronavirus – public health emergency. This is happening in multiple waves of this campaign that are hitting multiple countries around the world.

Most of these campaigns are being delivered by email and there is much your users can do to avoid falling to this attack vector. Often you can see lookalike domains embedded in the email. Characters used in a word, upon close inspection, may actually be foreign characters from another font placed in a way that they will fool you into seeing what you expect, but not what is there. First and foremost, carefully inspect the user’s email address. When in doubt look them up and double-check. Never (ever) download files or click on zip files from someone you don’t know. Hover above URL links before you click them and inspect them carefully. When in doubt navigate to the website you recognize yourself and find the link or offer there.

Regardless of the precautions you take, organized-crime funded attackers will ultimately breach your network. They will seek to steal credentials and gain access. The solution is time. In the final analysis, attackers will need the time to perform reconnaissance within the networks and more. Time is your most important tool.

That’s where Acalvio ShadowPlex can help.

White hat deception can fight and beat black hat Coronavirus deception. We can cut their time within your networks to a small fraction of what it might be otherwise. Attackers will need to gain this access for extended periods of time in order to reach their goals. In the case of those decoys placed by Acalvio ShadowPlex, they have no warning. Just about everywhere they turn they will stumble into a deception decoy. Even the most casual ping off a decoy will set off a high urgency alert. Absolutely no one should be investigating the decoys.

Acalvio ShadowPlex deception technology was designed to protect complex environments in all industries, both on-premise and in the cloud. The key to our success is how we have almost completely eliminated false alerts. This is one of the biggest problems in the security operations center and Acalvio ShadowPlex has solved it. Deception technology is mathematically objective and absolute. Acalvio alerts are not based upon complex analysis or probability. If you touch a deception asset, the probability of a policy violation and a likely threat is just about 100 percent. Your activity should be considered highly suspect or even dangerous. These urgent alerts generated by ShadowPlex will represent a true and present danger which you can act decisively upon to protect your enterprise. This makes Acalvio ShadowPlex an essential part of your cybersecurity strategy.

Also, if you are looking at Zero Trust strategy deception will be an important cornerstone to your approach. Deception can help harden your entire infrastructure to better protect you against advanced threats. Find out more about Acalvio and how deception technology can help your industry to reduce risk and help with compliance. We’d be pleased to introduce you to our latest technology and share case studies that show how Acalvio ShadowPlex has protected the most sensitive information.