Taiwan’s CERT detected cyber-crooks impersonating medical authorities to attack the country’s tech industry during the early stages of the COVID pandemic.
Since the beginning of the pandemic, the organisation noted an uptick in the number of attacks using malicious domain names to confuse victims, it said at the APNIC 50 conference. Hackers also impersonated trusted bodies such as the World Health Organisation or America’s Centers for Disease Control and sent phishing emails offering free protective equipment such as face masks.
Local supermarket chain PXMart had its Facebook fan page copied and a free mask offer added in the hope of doing something nasty to those who fell for the scam.
“Attackers used COVID-19 social engineering to increase the success rate of their attacks,” said TWCERT/CC director Chih-Hung Lin.
One group named “Mustang Panda” impersonated Taiwan’s Ministry of Health and Welfare. In June the group sent phishing emails offering free medical supplies to businesses. The PowerPoint attached to the email contained macro files which created a backdoor connection to a malicious server.
“Although the email was in the traditional Chinese language we use in Taiwan, they claimed to be the National Health Commission, a name that is widely used in mainland China. So this is the first clue of where the attack possibly originated from,” said TWCERT/CC security engineer Henry Chu.
Hackers also targeted video conferencing with emails that appeared to be notifications of missed Zoom meetings. Chu said those mails aimed to “create a sense of urgency and panic.”
“This is a key trait of many scams to get people to click the link and provide personal information.”
Some of these attacks were on medical facilities. Such attacks were not attempts to steal data but to disrupt access to critical data or systems, according to Lin.
The centre also highlighted that people working from home and accessing enterprise resources from their home networks created vulnerabilities. “If someone at home gets infected by malware, it may spill into the enterprise core network,” Lin said.