Skip to main content
What do you want to do?
Foundation
Undergraduate
Postgraduate
International
Advanced Clinical Practice
Aerospace Engineering
Anthropology
Arts and Health
Biomedical Sciences
Business School
Chemical Engineering
Civil Engineering
Clinical Education
Computer Science
Creative Writing
Criminology
Design School
Digital Media
Economics and Finance
Education
Electronic and Electrical Engineering
English
Environmental Sciences
Film Studies
Games Design
Geography
Global Challenges
History
Journalism
Law
Life Sciences
Mathematics
Mechanical and Automotive Engineering
Media and Communications
Medicine
Musculoskeletal Ultrasound
Music
Nursing
Occupational Therapy
Physician Associate
Physiotherapy
Politics and International Relations
Psychology
Public Health and Health Promotion
Social Work
Sociology
Sport, Health and Exercise Sciences
Theatre
Campus life
Study support
Student Services
Professional Development Centre
Research
Research degrees
Our partners and networks
International students
Study abroad and exchange
International Summer Schools
Global alumni
Business advice and support
Higher and Degree Apprenticeships
Employing our students
Research and development
Facilities and services
Procurement services
Help for SMEs
Health and safety training
Business newsletter
Support Brunel
Contact us
News and Events
Brunel Alumni
Giving back to Brunel
Contact us
About
Colleges

Hackers Taking Advantage of the Fear Around Coronavirus

By Dr Hayleigh Bosher & Samuel West
02 Mar 2020
HB Corona 920x540

Dr Hayleigh Bosher is Lecturer in Intellectual Property Law at Brunel University London. Samuel West is a Security Engineer for Libraesva 

The Coronavirus has received extensive media attention, much of which has been seen to strike fear and panic. Now hackers, spammers and fraudsters have used this as an opportunity to launch new attacks. This article explains a real-life attack to show how and why they work, what to look out for and what can be done to stop the hackers.

Libraesva, a UK and Italy based Security Software Vendor, recently discovered targeted phishing and whaling campaigns based around the Coronavirus outbreak. Phishing is the fraudulent practice of sending emails pretending to be from recognisable companies in order to get individuals to reveal personal information such as passwords or credit card numbers and siphon funds from the organisation. Whaling is a specific type of phishing attack that targets high-profile employees, such as the CEO or CFO. 

The image below shows a real example of a whaling email received and blocked by Libraesva. The email shows how the attackers pretended to be the director of Milan University, warning internal users of the outbreak of Coronavirus and what steps to take to prevent further spread. In this case, the hacker was able to change the code of the email to make it appear to be sent from a trusted sender – the Director of the University. Unlike a typical whaling attack that immediately asks for transfer or funds, this hacker, taking advantage of the fear around Coronavirus, asks readers to download a guide to stop the disease.

HB corona IN1

Email Spoof of director of Milan University, sent from a University of Bologna compromised account

The interesting thing about this attack is that the underlying sender of the email is trusted by the University, gaining the trust of the receiving email server technology. The email states, on many occasions, the dangers of the virus 2019-nCoV as a respiratory epidemic, and makes a call to action for readers to quickly look at the attached document which is a simple docx file with a link. However, once a reader clicks to access the document, the hacker has set up a fake Office 365 login page shown in the image below - which requires users login and passwords to see the document.

Once ‘Download File’ is selected the motivation of the hacker and the scam becomes clear, asking for University user login details and passwords.

HB corona IN2

The landing page when following the link from the attached document.

HB corona IN3

 After selecting download file, we can clearly see credential harvesting fields.

The risks are very high, hackers can sell the credentials that they obtain, or use them to ex-filtrate even more data. They could also log in as a staff member and use that to send further malicious emails, which is how this email was able to be sent in the first place.

But isn’t this illegal?

Yes, of course, this type of activity is illegal. Most countries around the world have laws against this type of cybercrime. In the EU there is the convention of Cybercrime and in the UK we have the Computer Misuse Act. These regulations make it illegal to interfere with the functioning of a computer. There are also laws against fraud and the GDPR which protects data and this would come into play because of the data the hackers illegally obtained.

The problem is that these hackers are difficult to locate, as they often use technological measures to ensure that they are not traceable. 

What else can we do about it?

This example was located and prevented through Libraesva’s email security software and management. It was observed that the spoofed sender of the email was on a compromise protection list known in the industry as “BEC – Business Email Compromise”, so additional checks were undertaken.

The email was sent using an email address of another University, after that person was successfully hacked. Using Libraesva’s Adaptive Trust Engine’s relationship monitoring, we saw that the trust between these two Universities was quite high. But the trust between the two individual users was low, we didn’t let the organisational trust get in the way of understanding the true nature of the email.

The third indicator was that the email came externally to the Milan University users, which doesn’t make any sense, all emails from the director will 99% of the time come via the internal route, meaning this is obviously fake.

The coronavirus is an opportunity for hackers to take advantage of the fear to scam people, business and universities. It is important to be aware of these risks and take the necessary precautionary action.

Using the above indicators, Libraesva has built a dedicated technology to halt these kinds of attacks, make sure your IT team employ some Email Security, as this is the main way threats and malicious activity can get into your organisation.