We all have new worries thanks to the current coronavirus pandemic, but the old worries haven’t gone away. Among them: malicious hackers, some of whom are trying to use the outbreak to steal or ransom victims’ data.
Several recent attacks have attempted to leverage the coronavirus by getting people to click on links in messages about the illness, according to a report by cybersecurity firm Nocturnus on Wednesday. Hackers have also tried to use the influx of people working at home because of the virus to their advantage.
Chief among the techniques are coronavirus-themed phishing campaigns targeting countries hard-hit by the coronavirus, including China, Japan, South Korea, and Italy. As with many other phishing efforts, the hackers’ goal is to get a user to click on an emailed link that downloads malicious malware, which can be used to steal victims’ personal data or freeze their computers.
Nocturnus said the emails have tried to bait users into clicking with subject lines such as “Coronavirus: Important information on precautions” (in this case, in Italian). Other phishing emails spotted by a second security firm, Nuspire, include messages about a coronavirus vaccine (which doesn’t exist yet), deals on medical equipment, and investment opportunities related to the outbreak.
Coronavirus-themed ransomware, which can encrypt a computer’s hard drive, enabling hackers to demand payment to unlock it, has also been used. One piece of malware spotted warns victims: “Just because you’re home doesn’t mean you’re safe,” before demanding payment to unlock files, according to Nocturnus.
Software appearing to provide information about the coronavirus, while actually delivering malicious software, is another problem. “Coronavirus map” software that appears to track the global pandemic, for example, also hides the password-stealing malware AZORult, cybersecurity firm Reason Security said. The Nocturnus report also identified a mobile app that promises “Ways to Get Rid of Coronavirus,” which, in fact, delivers malware that steals banking information.
Nocturnus has also found suspicious domains claiming to distribute VPN, or virtual private network, software. Many white-collar workers who are now working from home may need such software. But attempting to download it from an untrustworthy site could leave computer with—again—a dangerous malware infection.
How to avoid malware
Broadly, avoiding most of these risks means following the same advice as during more normal times. Don’t click on links from unknown people. Only download or install software from trusted sources. And verify that the URL of any website that asks users to enter a password is accurate: Hackers often set up URLs that are similar to real websites to harvest passwords.
Remote-work vulnerabilities
The sudden increase in remote work that many companies have instituted over the past week introduces a new set of cybersecurity risks to organizations. The fundamental problem: Communication that is entirely online makes it much easier for bad actors to use deception to gain access to systems. This type of hack, generally known as social engineering, relies on con artistry rather than code.
Hackers may “call into a department and pretend to be another department” of an organization, says Marty Puranik, president and CEO of cloud computing provider Atlantic.net. Chris Wysopal, cofounder and chief technology officer of security firm Veracode, warns that hackers may pretend to be employees having remote access problems thus tricking IT staff into giving them access. Both scenarios suggest taking additional care when verifying identities remotely.
Even more worrisome, Puranik says hackers “could impersonate Department of Homeland Security [personnel] and call a police department, call a hospital chain and say, we need access to your system so we can, for example, enforce a curfew.” DHS did not respond to inquiries from Fortune about how companies can confirm the identities of government agents remotely, but one simple solution would be for them to contact DHS directly to investigate suspicious requests.
Hackers impersonating government agents may have goals well beyond stealing bank account information, or even infiltrating corporate systems. An attempted hack of the U.S. Health and Human Services agency website on Sunday appears to have been aimed at slowing emergency information systems and spreading false information through text messages.
Much is unclear about the attack, but some sources told Bloomberg that it was likely state-backed. The incident suggests that the coronavirus pandemic could become partly a replay of the 2016 U.S. election, with governments angling to destabilize opponents by sowing fear and distrust.
At their most extreme, hacks could even interfere with systems vital in the fight against the virus. A Czech hospital appears to have been hit by a ransomware attack, in which hackers shut down its information systems and asked for money to eliminate the problem, though there is no evidence that attack was state-backed.
The fluid situation is likely to make serious cyberattacks of many sorts easier, says Puranik. “Sometimes the rules go out the window when there’s a lot of volatility. Someone might let down their guard.
“It makes it easier for malicious actors to take advantage of the system.”
More must-read stories from Fortune:
—Inside Xerox’s audacious quest to buy much bigger rival HP
—How A.I. is aiding the coronavirus fight
—How early GPS gadget maker Garmin mapped out success against big tech
—Dormant PayPal Credit accounts are coming back to hurt credit scores
—WATCH: Best earbuds in 2020: Apple AirPods Pro vs. the Sony WF-1000XM3
Catch up with Data Sheet, Fortune’s daily digest on the business of tech.
