Cybercriminals Are Using New Malware Tricks

Cybercriminals are taking advantage of the evolving jobs market and employee health situation under COVID-19 to disguise malware in various emailed documents. Check Point, a cyber-security company, reports an increase in the number of fraud attempts involving the use of curriculum vitae (CV) or medical leave forms.

The security vendor said that the ratio of CV-related malware to all detected malicious files doubled over the past two months. One campaign featured banking Trojan Zloader hidden in malicious .xls files in emails with subject lines such as "applying for a job" or "regarding job."

Separately, cyber-criminals have been taking advantage of interest in the U.S. Family and Medical Leave Act (FMLA) to lure administrative staff into opening attachments. Attachments with names like "COVID -19 FLMA CENTER.doc" have been sent via emails containing subjects that say: "the following is a new Employee Request Form for leave within the FMLA," according to Check Point.

Though the number of COVID-19 attacks fell by seven percent in May, as businesses begin to open again, the number of malware attacks predictably increased. Check Point explained that when the pandemic was at its peak in March, there was a 30 percent decrease in malware attacks compared to January 2020. This was because many countries went into quarantine and most businesses and other organizations were closed as a result, greatly reducing the potential number of targets for attackers. However, since opening began, there was a 16 percent increase in cyber-attacks in May, compared to the period between March and April. Phil Muncaster "Phishers Hide #COVID19 Malware in CVs and Medical Leave Forms" (Jun. 08, 2020).

Commentary and Checklist

When most people hear of a cyber-attack on a computer, they think of a malware infection that penetrates network defenses by brute force. However, those types of programs require sophisticated programing to be successful, and only account for about three percent of all attacks. Most successful cyberattacks, or about 97 percent, are done using social engineering, or phishing, techniques to get the victim to do the job for the cybercriminal. After all, why should a cybercriminal spend a lot of time programing a virus to overcome a company’s network defenses when they can get an unwary worker to unlock the front door?

The basic social engineering attack comes in the form of an email that has been designed to appear as though it is from a credible organization, like your message service, Fed Ex, or your bank. It usually contains a link or an attachment. When you open it, you install malware or ransomware that infects your computer or network. The main rule is: Think Before You Click.

Here are a few recent common social engineering or phishing emails.

Court Notice to Appear: Cybercriminals send emails that appear to be from a legitimate, international law firm called 'Baker & McKenzie' stating the victim is scheduled to appear in court.

IRS refund ransomware: Victims receive what purports to be an email from the IRS shortly after April 15 which suggests a problem with their refund, causing many to click on the attached Word file, which is of course, infected.

Jobseekers using CareerBuilder: Be aware. Taking advantage of the notification system the job portal uses, cybercriminals uploaded malicious attachments instead of résumés. On CareerBuilder, when someone submits a document to a job listing, a notification email is generated for the person(s) who posted the job and the attachment is included. Thus, Cybercriminals caused CareerBuilder to act as a delivery vehicle for phishing emails.

Finally, be aware of emails that purport to be from FedEx, UPS, your bank, a fax notice, a Dropbox link, or a message from Facebook Messenger reporting the unexpected death of a celebrity. These are almost always fake, and are designed to appeal to a victim’s curiosity.

Here are some general facts about malware you may find interesting:

  • Malware stands for "malicious software."
  • Malware includes viruses, spyware, adware, worms, trojans, rootkits, and bots.
  • Malware can infect computers, mobile phones, and other mobile devices.
  • Malware can monitor online activity; steal confidential information; corrupt or hamper devices, slow network performance; and even take control of your devices.
  • Criminals use malware to steal identities; send out spam; or to extort money.
  • Malware is often embedded into freeware and spam.
Finally, your opinion is important to us. Please complete the opinion survey: