A woman uses her computer keyboard to type while surfing the internet in North Vancouver, B.C., on December, 19, 2012. A U.S. cyber security company says criminal groups are exploiting fears over the new coronavirus to attack the global shipping industry.California-based Proofpoint says it has detected a new email campaign that uses Microsoft Word attachments designed to trick recipients into installing a type of malware known as AZORult. THE CANADIAN PRESS/Jonathan Hayward

A woman uses her computer keyboard to type while surfing the internet in North Vancouver, B.C., on December, 19, 2012. A U.S. cyber security company says criminal groups are exploiting fears over the new coronavirus to attack the global shipping industry.California-based Proofpoint says it has detected a new email campaign that uses Microsoft Word attachments designed to trick recipients into installing a type of malware known as AZORult. THE CANADIAN PRESS/Jonathan Hayward

Cybercriminals using coronavirus-themed emails to deliver malware: report

The new campaign uses emails with bogus Microsoft Word attachments

Criminal groups are exploiting fears over the recent novel coronavirus outbreak in an email phishing campaign directed at the global shipping industry, according to a report issued Monday by a California-based cybersecurity firm.

Proofpoint said the new campaign uses emails with bogus Microsoft Word attachments that are designed to install a type of malware known as AZORult.

AZORult has been around since at least 2016 and can be used to install ransomware, which is designed to lock legitimate users out of their computer systems until a ransom is paid.

“In these (coronavirus-related) attacks, we don’t see AZORult downloading ransomware currently,” Proofpoint said.

“However, because of AZORult’s configurable nature and past use in conjunction with ransomware that remains a real threat.”

Proofpoint didn’t provide statistics on how many actual coronavirus-themed malicious emails have been detected or how much damage has been caused by coronavirus-themed malicious emails.

The Canadian government’s Centre for Cyber Security said in an email that it was aware of both the AZORult malware and coronavirus-related phishing campaigns but didn’t comment specifically on the Proofpoint report.

“Cyber actors tend to use social engineering and topical subjects to lure their targets to click on a malicious link,” the centre said.

Its website cyber.gc.ca provides alerts and advice for spotting and dealing with email scams, known as phishing, and more targeted campaigns known as spear-phishing that focus on personal characteristics, interests or lines of work.

“Employees are privy to important and sensitive information, and as a result, often receive malicious emails that are intended to provide cyber intruders access to this information,” the agency says.

The RCMP said it is aware of this latest malware threat, but is not aware of any reported victims.

“We always urge caution in handling unsolicited email and we suggest recipients avoid opening attachments or clicking links from unknown senders. If you are a victim of cybercrime, report it to your local police and the Canadian Anti-Fraud Centre,” said spokeswoman Catherine Fortin.

U.S. cybersecurity firm Sophos said last week that it had learned of a scam that used fake emails pretending to be safety instructions from the World Health Organization.

“Fortunately, at least for fluent speakers of English, the criminals have made numerous spelling and grammatical mistakes that act as warning signs that this is not what it seems,” Sophos said in a blog post dated Feb. 5.

Proofpoint said in its posting that the narrowly focused campaign it detected seems to originate from Russia and Eastern Europe but there’s no evidence linking the actors to a known criminal group.

However, it says the attackers seem to be sophisticated and have targeted industries that are susceptible to shipping disruptions including manufacturing, industrial, finance, transportation, pharmaceutical and cosmetic companies.

“A coronavirus-related shipping supply disruption would negatively impact each of the company types listed above and it’s clear these attackers are aware that a major event like coronavirus can have secondary impacts on industries.

“This awareness demonstrates not just technical sophistication, but economic sophistication as well,” Proofpoint said in its article.

Proofpoint advised workers to exercise caution when presented with coronavirus-themed email messages and attachments, as well as links and websites that could be used by criminals as lures.

READ MORE: Canadian coronavirus evacuee describes life under quarantine at CFB Trenton

Meanwhile, health officials in Canada have repeatedly stressed that the coronavirus currently poses a low risk to the public in this country. Seven cases have been identified in Canada, while worldwide, the illness known as 2019-nCoV has sickened more than 37,000 people and killed more than 800, nearly all in China.

Nevertheless, Canadians are being urged to remain vigilant against infection, with medical experts advising good hygiene practices such as washing hands frequently and coughing or sneezing into tissue.

— with a file from Cassandra Szklarski in Toronto

David Paddon, The Canadian Press


Like us on Facebook and follow us on Twitter.

Coronavirus

Get local stories you won't find anywhere else right to your inbox.
Sign up here

Just Posted

Kennedy Nikel, applied marine biologist at Cascadia Seaweed, here seen in late September, shows off bull kelp (in her left hand) and rock weed. The company is spear-heading an annual seaweed festival scheduled for May 13-21, 2021, with Sidney council have signed off in principle. (Wolf Depner/News Staff)
Cascadia hopes to see Sidney host seaweed festival in May 2021

Council supports the idea in principle following a presentation by Cascadia Seaweed

Trevor Davis, base manager of the Western Canada Marine Response Corporation in Sidney, stands in front of the Hecate Sentinal, an oil skimming vessel based at Sidney’s Van Isle Marina. (Wolf Depner/News Staff)
Oil spill response base taking shape on Saanich Peninsula

Enhanced base with elements in North Saanich and Sidney to be fully operational in fall 2022

The O’Meara family – (left to right) Mari, Max, Adam and Rei – spent Saturday afternoon picking out the perfect tree. (Devon Bidal/News Staff)
Santa’s Forest tree sale in Saanich implements one-way perusing, curbside pick up

Christmas tree, wreath sales in Braefoot Park through Dec. 24

Environment Canada has issued a special weather statement forecasting windy weather Sunday and Monday. (News Bulletin file photo)
More windy weather on the way for Vancouver Island

Environment Canada issues special weather statement for Victoria, east coast of Island, north Island

Idyllic winter scenes are part of the atmosphere of the holiday season, and are depicted in many seasonal movies. How much do you know about holiday movies? Put your knowledge to the test. (Pixabay.com)
QUIZ: Test your knowledge of holiday movies and television specials

The festive season is a time for relaxing and enjoying some seasonal favourites

Black Press Media and BraveFace have come together to support children facing life-threatening conditions. Net proceeds from these washable, reusable, three-layer masks go to Make-A-Wish Foundation BC & Yukon.
Put on a BraveFace: Help make children’s wishes come true

Black Press Media, BraveFace host mask fundraiser for Make-A-Wish Foundation

Kevin Bieksa during his days playing with the Vancouver Canucks. (Photo: commons.wikimedia.org)
Bieksa to guest on free Canucks Alumni ‘Hot Stove’ on Zoom app

Former NHL player has become a game analyst on Sportsnet

A small crash in the water south of Courtenay Saturday afternoon. Two men had to be rescued, but reports indicate there were no serious injuries. Photo by Mike Chouinard
Small plane crash in Comox Valley waters Saturday afternoon

Two rescued from plane that had flipped in water; no serious injuries reported

A photo from 2017, of Nuchatlaht First Nation members outside court after filing a land title case in B.C. ( Submitted photo/Nuchatlaht First Nation).
Vancouver Island First Nation calls on B.C. to honour UNDRIP in historic title case

Nuchatlaht First Nation says Crown counsel continues to stall the case using the ‘distasteful’ argument that the Nation ‘abandoned’ their land

West Vancouver Island’s Ehattesaht First Nation continues lock down after 9 active cases were reported today after a visitor tested positive last week. (Ehattesaht First Nation/Facebook)
Ehattesaht First Nation’s COVID-19 nightmare: nine active cases, a storm and a power outage

The Vancouver Island First Nation in a lockdown since the first case was reported last week

114 Canadians were appointed Nov. 27 to the Order of Canada. (Governor General of Canada photo)
Indigenous actor, author, elder, leaders appointed to Order of Canada

Outstanding achievement, community dedication and service recognized

The Ahousaht First Nation confirmed its first case of COVID-19 on Nov. 26, 2020. (Westerly file photo)
Ahousaht First Nation on lockdown over COVID-19

“Emotions are high. The anxiety is high. We want our community to pull through.”

Most Read