.png)
As we all know, the World Health Organization declared the Coronavirus a Public Health Emergency of International Concern. The daily news are dominated by increasing numbers of people being infected. Nations are shutting their borders, and grocery store shelves are being emptied. Societies are in a state of panic, many people are overcome by fear. This is a perfect condition to execute Cyber Attacks. Most Cyber Attackers prey on people´s fears. Cyber Criminals and State Sponsored Bad Actors know that fear interrupts processes in our brain that allow us to regulate emotions, and reflect before acting.
My purpose, as Founder of 1600 Avenue, a non-profit Silicon Valley-based organization serving the public interest, is to keep people from making decisions online based on emotions. By providing people the information and cyber guidance they need, their fear of the Coronavirus will not negatively affect their decision-making.
Situations like the one we are living now are the reason why we created the "Global Crisis Response Team" (GCRT), a 1600 Avenue global initiative to protect individuals and organisations' from cyber attacks during periods of crisis (click here for more info).
As our threat intelligence efforts are able to identify various cyber-attack campaigns exploiting the Coronavirus, I will update this blog. I will provide clear, factual guidance on how to identify these attacks and prevent them from happening to you.
Something very concerning is that criminals are purchasing a multitude of domains related to the Coronavirus with a likely goal of using these domains to initiate cyber attacks. Some examples of recently purchased domains found by Recorded Future and published on Forbes Magazine, include:
corona-virus[.]healthcare
survivecoronavirus[.]org
vaccine-coronavirus[.]com
coronavirus[.]cc
bestcoronavirusprotect[.]tk
coronavirusupdate[.]tk
coronavirusstatus[.]space
coronavirus-map[.]com
blogcoronacl.canalcero[.]digital
coronavirus[.]zone
coronavirus-realtime[.]com
coronavirus[.]app
bgvfr.coronavirusaware[.]xyz
If you receive an email from a domain or website that has some form of the coronavirus string in it, do not forward, input credentials, or click on any links in the email.
Domains like these are the source of phishing email campaigns like this Click here for a Cure attack, which steals the victim´s credentials or installs malware :
Upon receiving any type of email from a domain such as cure@corona-virus.healthcare, you can check the domain reputation of the URL following these steps:
1. Go to a tool like: https://www.trustedsource.org/
2. Once at this site, input the domain name as shown in the screenshot below.
3. The site will tell you if there is currently any known malicious activity associated with that site.
99 percent of the time there will be bad actors using this type of domain to prey on your fears. Do NOT be a victim!
If you have a domain or receive an email and you are not quite sure if it is malicious, email us info@1600cyber.com. Do not forward the email, just send us the sender address and we will verify if this is legitimate or part of a cyber attack.
Remember as Rudyard Kipling said “Of all the liars in the world, sometimes the worst are our own fears.” As a global community we will overcome the Coronavirus and cyber criminals during this difficult time by making decisions based on fact, not fear.
Frank Satterwhite aka Brown Tony Stark