In the past two weeks, Check Point researchers have documented an average of 192,000 coronavirus-related cyber attacks per week, marking a 30% increase compared to previous weeks. Researchers found that a majority of these attacks start with phishing emails in which criminals impersonate the WHO, United Nations, Zoom, Microsoft or Google to try and trick users into clicking on links or opening infected documents.
The World Health Organization’s name and logo is a popular choice for hackers to impersonate. Recently, cyber criminals sent malicious emails posing as the WHO from the domain “who.int” with the email subject “Urgent letter from WHO: First human COVID-19 vaccine test/result update” with a malicious document attached. The document contained the infamous Agent Tesla malware, a password stealing program that comes with a key logger for hackers to gather usernames and passwords from a victim’s device. Victims who clicked on the file ended up downloading the malware.