Malicious actors continue to craft ruthlessly aggressive, evil email attacks tailored to leverage mounting fears and anxieties surrounding the COVID-19 outbreak in the United States among employees in the office and at home.
Users who make the mistake of following the directions provided in that Excel file and enable macros will be kicking off a download process for a sophisticated and dangerous backdoor trojan that currently enjoys a moderate (though rising) number of detections among the anti-malware engines represented on VirusTotal.
This fairly nasty piece of malware (first reported to VirusTotal on Mar. 27, 2020) sports a number of advanced functions that allow it to evade detection by security applications, worm its way deep into an infested system, and serve as a platform for a variety of criminal activities.Conclusion: Five High-Priority Recommendations
Many organizations are in the process of enabling their users to work from home securely. Apart from having and enforcing a remote work security policy, we strongly recommend to deploy the following high-priority elements of these urgent projects:
The COVID-19 outbreak in the United States has provided malicious actors with an unprecedented opportunity to weaponize widespread fears and concerns among the general public for the purposes of social engineering schemes prosecuted through malicious emails. For the bad guys, this is the ultimate in target-rich environments.
As rapidly mounting infections in United States drive a growing climate of fear, employees need to be educated and trained to expect these kinds of emails, accurately identify them, and handle them safely.
Bad Guys Push New COVID-19 Message You Are Infected fe-shopru, tumblrcom