In the time of the corona crisis, hackers focus their efforts on institutions that are indispensable, according to research by Unit42 of Palo Alto Networks. Where previously it was suggested that hackers ignored governments and hospitals, certain groups see them as lucrative targets.
Unit42 already observed a significant increase in phishing campaigns at the end of last month, which were mainly aimed at people working from home. By posing as certain commonly used services (including OneDrive), homeworkers would be more likely to click on a link in an email to avoid being unable to access their data. However, the most recent research explicitly looks at attacks on agencies that focus on combating the corona virus.
By the end of March, a number of Canadian agencies apparently became the target of a ransomware campaign using a variant of HiddenTear. The name EDA2 was assigned to them, and the full operation of the ransomware was mapped by Unit42. According to the company, the hackers did not succeed in getting through security, but it was possible to see in detail how EDA2 works.
Not only was ransomware used in attacks aimed at organisations involved in the corona virus battle, traditional malware that steals information from users is also still popular. For example, a campaign using the older AgentTesla info stealer (from 2014) was identified.
According to Unit42, it is clear that hackers in the time of the corona crisis have no problem carrying out attacks on extremely important health agencies. According to the researchers, there is a good chance that the number of targeted campaigns against such organisations will only increase in the coming weeks.