Fake Zoom alerts and dodgy medical freebies among COVID-cracks detected by Taiwan's CERT

Phishers claimed to be from 'National Health Commission', which exists in mainland China but not Taiwan


Taiwan's CERT detected cyber-crooks impersonating medical authorities to attack the country's tech industry during the early stages of the COVID pandemic.

Since the beginning of the pandemic, the organisation noted an uptick in the number of attacks using malicious domain names to confuse victims, it said at the APNIC 50 conference. Hackers also impersonated trusted bodies such as the World Health Organisation or America's Centers for Disease Control and sent phishing emails offering free protective equipment such as face masks.

Local supermarket chain PXMart had its Facebook fan page copied and a free mask offer added in the hope of doing something nasty to those who fell for the scam.

"Attackers used COVID-19 social engineering to increase the success rate of their attacks," said TWCERT/CC director Chih-Hung Lin.

One group named "Mustang Panda" impersonated Taiwan's Ministry of Health and Welfare. In June the group sent phishing emails offering free medical supplies to businesses. The PowerPoint attached to the email contained macro files which created a backdoor connection to a malicious server.

"Although the email was in the traditional Chinese language we use in Taiwan, they claimed to be the National Health Commission, a name that is widely used in mainland China. So this is the first clue of where the attack possibly originated from," said TWCERT/CC security engineer Henry Chu.

Hackers also targeted video conferencing with emails that appeared to be notifications of missed Zoom meetings. Chu said those mails aimed to "create a sense of urgency and panic."

“This is a key trait of many scams to get people to click the link and provide personal information.”

Some of these attacks were on medical facilities. Such attacks were not attempts to steal data but to disrupt access to critical data or systems, according to Lin.

The centre also highlighted that people working from home and accessing enterprise resources from their home networks created vulnerabilities. "If someone at home gets infected by malware, it may spill into the enterprise core network," Lin said.

®


Tech Resources

How backup modernization changes the ransomware game

If the thrill of backing up your data and wondering if you will ever see it again has worn off, start the new year by getting rid of the lingering pain of legacy backup. Bipul Sinha, CEO of the Cloud Data Management Company, Rubrik, and Miguel Zatarain, Director of Global Infrastructure Technology at PACCAR, Fortune 500 manufacturer of trucks and Rubrik customer, are talking to the Reg’s Tim Phillips about how to eliminate the costly, slow and spotty performance of legacy backup, and how to modernize your implementation in 2021 to make your business more resilient.

The State of Application Security 2020

Forrester analyzed the state of application security in 2020 and found over 75% of external attacks are attributed to web application and software exploits.

Webcast Slide Deck | Three reasons you need a hybrid multicloud

Businesses need their IT teams to operate applications and data in a hybrid environment spanning on-premises private and public clouds. But this poses many challenges, such as managing complex networking, re-architecting applications for the cloud, and managing multiple infrastructure silos. There is a pressing need for a single platform that addresses these challenges - a hybrid multicloud built for the digital innovation era. Just this Regcast to find out: Why hybrid multicloud is the ideal path to accelerate cloud migration.

Top 20 Private Cloud Questions Answered

Download this asset for straight answers to your top private cloud questions.

Biting the hand that feeds IT © 1998–2021