PREVIEW: Malware and Cyber Attacks during COVID-19

Dear Readers,

The COVID-19 pandemic has a lot of consequences, and cybersecurity world isn’t free of their impact. Cyber attacks are intensifying in the US and globally. We are observing changing patterns of behavior from threat actors and noticing coronavirus-related cyberattacks and malwares. This month’s issue touches on this very current problem.

The edition opens up with Lina Maharon’s article “Cyber attacks on COVID-19”. Lina gives us an overview of all significant covid-related cyber attacks observed since mid-January 2020. She shows how malicious hackers make use of search engine optimization (SEO) and niche keyword techniques to lure as many victims as possible to click, surf, share, download virus links and files, as well as trick victims with deceptive messages, emails, websites, and online forms for social engineering attacks. Lina also prepared another article - dedicated more generally to malware during the COVID-19 pandemic. In this report she focuses on what malware is, what kinds of malware exist, the evolution of malware, what the open source tools available for malware analysis are, and finally malware during COVID-19.

In addition, inside this issue there are articles on Point-of-Sale Malware, Detecting Fileless Malware, Malicious Powershell as Job Description, or Creating Awareness of Anti-Forensic Deceptions. This issue contains two interviews with representatives of Spirion and Cellebrite as well. We had very nice talks with them and touched on the subject of how the cybersecurity landscape will change due to the pandemic.

Of course, that’s not all. Have a look at our Table of Contents to see what more you can find inside.

Thanks to all our contributors!

Have a nice read!

Regards,

Dominika Zdrodowska

and the eForensics Magazine Editorial Team

---

INSIDE OF THE PREVIEW: Full article by Siddharth Sharma "Point-of-Sale Malware: A Case Study"

---

Subscriber? Click here to download the whole issue

Buy this issue

---

TABLE OF CONTENTS

---

Cyber Attacks based on Covid-19

By Lina Maharon  

Cyber-attacks based on the theme of Covid-19 began proliferating on the internet in mid-January 2020 as more online users began searching for more information on Covid-19, coronavirus and SARS-CoV-2. Malicious hackers make use of search engine optimization (SEO) and niche keyword techniques to lure as many victims as possible to click, surf, share, download virus links and files, as well as trick victims with deceptive messages, emails, websites and online forms for social engineering attacks.

Malware During Covid-19

by Lina Maharon

This report will focus on what is malware, what kind of malware is out there, the evolution of malware, what are the open source tools available for malware analysis, and malware during Covid-19.

Password Cracking – Methods and Techniques to decrypt forensics evidence

by Wilson Leite da Silva Filho

There are many anti-forensics techniques and tools, cryptography is showing up as the one with the greater potential of frustrating forensic analysis. This is due to the fact that the cryptography algorithms and protocols and their implementations in software and hardware are becoming widespread among computer artifacts, as we will discuss in the following sections. 

Point-of-Sale Malware: A Case Study

by Siddharth Sharma

In the article we will be looking into dynamic analysis of POS samples, static analysis of POS samples, Luhn’s algorithm, previous POS malware panels, and countermeasures.

Malicious Powershell as Job Description-Analysis of APT33 attack

by Siddharth Sharma

Below is the technical analysis of one such spear phishing campaign that took place recently.

Of COVID-19: Attempts to Secure the Healthcare  System 

by Bunde Collins

In this unprecedented time of the global Coronavirus pandemic, social distancing has become the new normal and is one among many other factors being touted by governments in flattening the curve and reducing the rate of virus transmissions. However, despite the existing anxiety of what the future holds, cyber criminals, for their part, have been working overtime sending malware-infected COVID-19 maps as well as targeting the World Health Organization, the Center for Disease Control (CDC), public hospitals and healthcare systems. Public users have also not been left behind as they have become a formidable phishing target for these cybercriminals.  This article gives an overview of what is happening in the healthcare system and how you can be a force for good by joining security communities working round the clock to thwart these cybercrime attempts.

Detecting Fileless Malware Attacks

by Matthew Kafami

Two terms being used heavily in the industry lately are “fileless malware” and “living off the land”, and are termed as such due to the methods by which these types of malware operate. Traditional malware typically relies heavily on the use of tools that may not be native to the intended target, often including custom code that is either packed and built into the malware or will be called upon during execution. Typical malware downloads and installs malicious files to the infected system. Fileless malware conducts most of its activity in volatile memory and uses native tools to avoid being detected by typical IDS/IPS an enterprise system might use. 

Interview with Mark Gambill, EVP & Chief Marketing Officer at Cellebrite

 

Creating Awareness of Anti-Forensic Deceptions Used by Cyber-Criminals

by Rhonda Johnson 

The evolving complexity of malware attacks and high level of sophistication in the deception technologies that cybercriminals use against their targets should be a pressing concern for digital forensic investigators.  The inability of a digital forensic investigator to detect malware that is specifically tailored against individuals or organizations could prevent the appropriate actors from being identified and prosecuted in a court of law.  In a 2015 San Bernardino terror attack in which suspects killed 14 people and injured dozens more, the FBI had difficulty in getting case-related evidence from one of the suspect’s iPhone due to the implementation of anti-forensics encryption technology. While forensic investigators were eventually able to gain access to the contents by utilizing a zero-day exploit, this situation underscored the importance of knowing anti-forensic techniques and tools. 

Interview with Kevin Coppins, President and CEO, Spirion