Weekly threat monitor – April 18th

Cyberattacks against global financial institutions, critical infrastructure, enterprises, and healthcare providers continue to rise.  In the week ending April 18, several APT groups including at least one based in North Korea launched reconnaissance strikes against airports, hospitals, banks, stock trading firms, and medical research facilities.

Hackers seem to be targeting organizations that are connected in some form or manner to the Coronavirus pandemic. The focus seems to be on taking advantage of the confusion and work pressure created by the pandemic and use it to force employees and others to fall for digital traps laid for these people by the hackers.

Five factors the hackers are counting on to ensure a successful attack:

  • Use of untested collaboration or communication tools including in some instances free VPN tools that could be easily compromised
  • Use of devices whose software has not been updated
  • Because of workload, employees are unable to focus on detecting phishing attacks
  • Use of deceptive and Coronavirus focused messaging in emails by hackers
  • Lack of adequate threat modeling and

The continuing attacks on healthcare, banking, and enterprises continue to be a source of concern. Because of the persistence and use of sophisticated techniques, it is only a matter of time before a major breach occurs (if it hasn’t happened already).

Unprecedented malware distribution
The levels of malware spread we have seen in the last 28 days are without precedent. In the week ending April 18th,  several varients of Mirai, Tesla, Trickbot, Locky were detected by our honeypots. Such levels may continue till the Coronavirus curve is flattened and the anxieties associated with the pandemic reduce.

We are issuing an advisory for the following sectors this week:

  • Healthcare
  • Banking
  • Manufacturing
  • Enterprises
  • Embassies and consulates

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to Top