A woman uses her computer keyboard to type while surfing the internet in North Vancouver, B.C., on December, 19, 2012. A U.S. cyber security company says criminal groups are exploiting fears over the new coronavirus to attack the global shipping industry.California-based Proofpoint says it has detected a new email campaign that uses Microsoft Word attachments designed to trick recipients into installing a type of malware known as AZORult. THE CANADIAN PRESS/Jonathan Hayward

Cybercriminals using coronavirus-themed emails to deliver malware: report

The new campaign uses emails with bogus Microsoft Word attachments

Criminal groups are exploiting fears over the recent novel coronavirus outbreak in an email phishing campaign directed at the global shipping industry, according to a report issued Monday by a California-based cybersecurity firm.

Proofpoint said the new campaign uses emails with bogus Microsoft Word attachments that are designed to install a type of malware known as AZORult.

AZORult has been around since at least 2016 and can be used to install ransomware, which is designed to lock legitimate users out of their computer systems until a ransom is paid.

“In these (coronavirus-related) attacks, we don’t see AZORult downloading ransomware currently,” Proofpoint said.

“However, because of AZORult’s configurable nature and past use in conjunction with ransomware that remains a real threat.”

Proofpoint didn’t provide statistics on how many actual coronavirus-themed malicious emails have been detected or how much damage has been caused by coronavirus-themed malicious emails.

The Canadian government’s Centre for Cyber Security said in an email that it was aware of both the AZORult malware and coronavirus-related phishing campaigns but didn’t comment specifically on the Proofpoint report.

“Cyber actors tend to use social engineering and topical subjects to lure their targets to click on a malicious link,” the centre said.

Its website cyber.gc.ca provides alerts and advice for spotting and dealing with email scams, known as phishing, and more targeted campaigns known as spear-phishing that focus on personal characteristics, interests or lines of work.

“Employees are privy to important and sensitive information, and as a result, often receive malicious emails that are intended to provide cyber intruders access to this information,” the agency says.

The RCMP said it is aware of this latest malware threat, but is not aware of any reported victims.

“We always urge caution in handling unsolicited email and we suggest recipients avoid opening attachments or clicking links from unknown senders. If you are a victim of cybercrime, report it to your local police and the Canadian Anti-Fraud Centre,” said spokeswoman Catherine Fortin.

U.S. cybersecurity firm Sophos said last week that it had learned of a scam that used fake emails pretending to be safety instructions from the World Health Organization.

“Fortunately, at least for fluent speakers of English, the criminals have made numerous spelling and grammatical mistakes that act as warning signs that this is not what it seems,” Sophos said in a blog post dated Feb. 5.

Proofpoint said in its posting that the narrowly focused campaign it detected seems to originate from Russia and Eastern Europe but there’s no evidence linking the actors to a known criminal group.

However, it says the attackers seem to be sophisticated and have targeted industries that are susceptible to shipping disruptions including manufacturing, industrial, finance, transportation, pharmaceutical and cosmetic companies.

“A coronavirus-related shipping supply disruption would negatively impact each of the company types listed above and it’s clear these attackers are aware that a major event like coronavirus can have secondary impacts on industries.

“This awareness demonstrates not just technical sophistication, but economic sophistication as well,” Proofpoint said in its article.

Proofpoint advised workers to exercise caution when presented with coronavirus-themed email messages and attachments, as well as links and websites that could be used by criminals as lures.

READ MORE: Canadian coronavirus evacuee describes life under quarantine at CFB Trenton

Meanwhile, health officials in Canada have repeatedly stressed that the coronavirus currently poses a low risk to the public in this country. Seven cases have been identified in Canada, while worldwide, the illness known as 2019-nCoV has sickened more than 37,000 people and killed more than 800, nearly all in China.

Nevertheless, Canadians are being urged to remain vigilant against infection, with medical experts advising good hygiene practices such as washing hands frequently and coughing or sneezing into tissue.

— with a file from Cassandra Szklarski in Toronto

David Paddon, The Canadian Press


Like us on Facebook and follow us on Twitter.

Coronavirus

Get local stories you won't find anywhere else right to your inbox.
Sign up here

Just Posted

Liam’s Lowdown: Revelstoke’s ‘trashy’ future

The CSRD peg the cost of the new composting facility at roughly $500,000

Adapting to love along the Columbia River

One man starts a GoFundme to help his partner with health costs caused on the trip where they met

Fiery collision involving truck closes Highway 1 at Three Valley Gap

Drivers should expect major delays and congestion; estimated time of re-opening is 2 p.m.

Snow to continue in Revelstoke

Up to 15 cm expected

Kootenay-Columbia MP urges end to ‘illegal roadblocks’ in solidarity with pipeline dispute

Rob Morrison says protestors across Canada need to remove roadblocks on roads, rail lines

VIDEO: B.C. senior recalls ‘crazy’ wartime decision to grab bear cub from den

Henry Martens – now 96 – says he was lucky to be alive after youthful decision to enter a bear’s den

Landlord ordered to pay $11K after harassing B.C. mom to move days after giving birth

Germaine Valdez was pressured to move just a few days after giving birth by C-section to her child

Heart attacks strike B.C. husband and wife just over one year apart

Courtenay couple share personal stories to bring awareness to heart month

‘Nothing surprises us anymore:’ U.S. border officials find brain in package

U.S. Customs and Border Protection agents found the brain packed in a glass mason jar in a Canada Post shipment

Prolific offenders from Alberta lead RCMP on chase from Kelowna to Abbotsford

Men first reported in Chilliwack ending with allegedly stolen vehicle in an Abbotsford pond

Adapting to love along the Columbia River

One man starts a GoFundme to help his partner with health costs caused on the trip where they met

B.C., Ottawa sign sweeping 30-year deal for northern caribou habitat

West Moberly, Saulteau co-manage new protection on two million acres

Eyes on police after Trudeau orders blockades torn down, injunctions enforced

The RCMP in B.C. have sent a letter to the traditional leaders of the Wet’suwet’en Nation

B.C. massage therapist suspended following allegations of sexual misconduct

While suspended, Leonard Krekic is not entitled to practice as an RMT in B.C.

Most Read