Cyber attackers continue to prey on COVID anxieties with multi-pronged attack: Mimecast


Mimecast’s Threat Intelligence team has also identified a malicious email campaign that claims to be from the Australian Department of Health containing COVID-19 ‘safety and cure’ information.

This multi-pronged approach targeting both businesses and citizens proves that cyber attackers are continuing to prey on COVID anxieties.

Screenshots of the phishing campaign are below. The initial email was sent using a genuine Dropbox email alias.

Mimecast’s Principal Technical Consultant, Garrett O’Hara, says of the multi-pronged approach:

“The malicious email campaign identified by Mimecast’s Threat Intelligence team represents a virus specific healthcare scheme in an attempt to lure clicks and credential theft.

“This campaign, combined with the increased ransomware attacks on the local aged and healthcare sectors reported by the ACSC, prove criminal activity of this nature will continue to be tailored to play on our significant virus-related fears and wants, as long as it remains a key issue of concern to a wide range of potential victims.

“Cybercriminals will often use the branding of trusted organisations in these phishing attacks – in the case of this campaign, Dropbox, Adobe, Microsoft and the Australian Department of Health – in order to build credibility and get users to open attachments or click on the link.

“Separately, organisations in the health and aged care sectors rely heavily on legacy systems and face the challenge of coordinating care between multiple parties – internal and external – while protecting the personal health information of their patients. And because the sale of medical records is so lucrative, the sector is an attractive target for attackers.”

Please see screenshots of the malicious email campaign, targeting Australian citizens, below.

Screenshots of malicious email campaign

“Dropbox file is a PDF”

“PDF links to an Adobe campaign page”

“And finally, to the phish page”