A woman uses her computer keyboard to type while surfing the internet in North Vancouver, B.C., on December, 19, 2012. A U.S. cyber security company says criminal groups are exploiting fears over the new coronavirus to attack the global shipping industry.California-based Proofpoint says it has detected a new email campaign that uses Microsoft Word attachments designed to trick recipients into installing a type of malware known as AZORult. THE CANADIAN PRESS/Jonathan Hayward

A woman uses her computer keyboard to type while surfing the internet in North Vancouver, B.C., on December, 19, 2012. A U.S. cyber security company says criminal groups are exploiting fears over the new coronavirus to attack the global shipping industry.California-based Proofpoint says it has detected a new email campaign that uses Microsoft Word attachments designed to trick recipients into installing a type of malware known as AZORult. THE CANADIAN PRESS/Jonathan Hayward

Cybercriminals using coronavirus-themed emails to deliver malware: report

The new campaign uses emails with bogus Microsoft Word attachments

Criminal groups are exploiting fears over the recent novel coronavirus outbreak in an email phishing campaign directed at the global shipping industry, according to a report issued Monday by a California-based cybersecurity firm.

Proofpoint said the new campaign uses emails with bogus Microsoft Word attachments that are designed to install a type of malware known as AZORult.

AZORult has been around since at least 2016 and can be used to install ransomware, which is designed to lock legitimate users out of their computer systems until a ransom is paid.

“In these (coronavirus-related) attacks, we don’t see AZORult downloading ransomware currently,” Proofpoint said.

“However, because of AZORult’s configurable nature and past use in conjunction with ransomware that remains a real threat.”

Proofpoint didn’t provide statistics on how many actual coronavirus-themed malicious emails have been detected or how much damage has been caused by coronavirus-themed malicious emails.

The Canadian government’s Centre for Cyber Security said in an email that it was aware of both the AZORult malware and coronavirus-related phishing campaigns but didn’t comment specifically on the Proofpoint report.

“Cyber actors tend to use social engineering and topical subjects to lure their targets to click on a malicious link,” the centre said.

Its website cyber.gc.ca provides alerts and advice for spotting and dealing with email scams, known as phishing, and more targeted campaigns known as spear-phishing that focus on personal characteristics, interests or lines of work.

“Employees are privy to important and sensitive information, and as a result, often receive malicious emails that are intended to provide cyber intruders access to this information,” the agency says.

The RCMP said it is aware of this latest malware threat, but is not aware of any reported victims.

“We always urge caution in handling unsolicited email and we suggest recipients avoid opening attachments or clicking links from unknown senders. If you are a victim of cybercrime, report it to your local police and the Canadian Anti-Fraud Centre,” said spokeswoman Catherine Fortin.

U.S. cybersecurity firm Sophos said last week that it had learned of a scam that used fake emails pretending to be safety instructions from the World Health Organization.

“Fortunately, at least for fluent speakers of English, the criminals have made numerous spelling and grammatical mistakes that act as warning signs that this is not what it seems,” Sophos said in a blog post dated Feb. 5.

Proofpoint said in its posting that the narrowly focused campaign it detected seems to originate from Russia and Eastern Europe but there’s no evidence linking the actors to a known criminal group.

However, it says the attackers seem to be sophisticated and have targeted industries that are susceptible to shipping disruptions including manufacturing, industrial, finance, transportation, pharmaceutical and cosmetic companies.

“A coronavirus-related shipping supply disruption would negatively impact each of the company types listed above and it’s clear these attackers are aware that a major event like coronavirus can have secondary impacts on industries.

“This awareness demonstrates not just technical sophistication, but economic sophistication as well,” Proofpoint said in its article.

Proofpoint advised workers to exercise caution when presented with coronavirus-themed email messages and attachments, as well as links and websites that could be used by criminals as lures.

READ MORE: Canadian coronavirus evacuee describes life under quarantine at CFB Trenton

Meanwhile, health officials in Canada have repeatedly stressed that the coronavirus currently poses a low risk to the public in this country. Seven cases have been identified in Canada, while worldwide, the illness known as 2019-nCoV has sickened more than 37,000 people and killed more than 800, nearly all in China.

Nevertheless, Canadians are being urged to remain vigilant against infection, with medical experts advising good hygiene practices such as washing hands frequently and coughing or sneezing into tissue.

— with a file from Cassandra Szklarski in Toronto

David Paddon, The Canadian Press


Like us on Facebook and follow us on Twitter.

Coronavirus

Just Posted

New changes are being proposed to four streets in James Bay to allow better access for cyclists. Residents have until June 11 to provide feedback. (Black Press Media file photo)
New revisions to James Bay bike lanes open for feedback

Routes on Government and Montreal streets planned for 2022

An elderly man having a medical emergency in Mount Douglas Park on May 13 was rescued by firefighters and paramedics with the help of ATVs. (Devon Bidal/News Staff)
Rescue team uses ATVs get man in medical distress out of Saanich park and to hospital

Cedarhill Road closed as firefighters, paramedics rescue man in Mount Douglas Park

While recovering several items reported stolen from the set of a Netflix movie in early April, West Shore RCMP also seized drugs and drug trafficking items from a Colwood residence last week. (Black Press Media file photo)
Electronics, credit cards taken from Neflix set found in Colwood home

West Shore RCMP seize stolen items, drugs, trafficking materials

Saanich police used a drone to investigate a fatal crash in the 5200-block of West Saanich Road on Feb. 4, 2021. (Devon Bidal/News Staff)
Police determine speed, impairment not factors in fatal West Saanich Road crash

Driver who died veered across center line into oncoming traffic for unknown reason, police say

Prince Rupert was one of the first B.C. communities targeted for mass vaccination after a steep rise in infections. Grey area marks community-wide vaccine distribution. (B.C. Centre for Disease Control)
B.C. tracks big drop in COVID-19 infections after vaccination

Prince Rupert, Indigenous communities show improvement

Anyone with information on any of these individuals is asked to call 1-800-222-TIPS (8477) or visit the website victoriacrimestoppers.ca for more information.
Greater Victoria Crime Stoppers wanted list for the week of May 11

Greater Victoria Crime Stoppers is seeking the public’s help in locating the… Continue reading

Municipal governments around B.C. have emergency authority to conduct meetings online, use mail voting and spend reserve funds on operation expenses. (Penticton Western News)
Online council meetings, mail-in voting option to be extended in B.C.

Proposed law makes municipal COVID-19 exceptions permanent

A nurse prepares a dose of the COVID-19 vaccine in Kelowna on Tuesday, March 16. (Phil McLachlan/Black Press)
British Columbians aged 20+ can book for vaccine Saturday, those 18+ on Sunday

‘We are also actively working to to incorporate the ages 12 to 17 into our immunization program’

The AstraZeneca-Oxford University vaccine. (AP/Eranga Jayawardena)
2nd person in B.C. diagnosed with rare blood clotting after AstraZeneca vaccine

The man, in his 40s, is currently receiving care at a hospital in the Fraser Health region

Canada’s demo Hornet soars over the Strait of Georgia near Comox. The F-18 demo team is returning to the Valley for their annual spring training. Photo by Sgt. Robert Bottrill/DND
F-18 flight demo team returning to Vancouver Island for spring training

The team will be in the Comox Valley area from May 16 to 24

Ladysmith RCMP safely escorted the black bear to the woods near Ladysmith Cemetary. (Town of Ladysmith/Facebook photo)
Bow-legged bear returns to Ladysmith, has an appointment with the vet

Brown Drive Park closed as conservation officers search for her after she returned from relocation

Brian Peach rescues ducklings from a storm drain in Smithers May 12. (Lauren L’Orsa video screen shot)
VIDEO: Smithers neighbours rescue ducklings from storm drain

Momma and babies made it safely back to the creek that runs behind Turner Way

Most Read