BleepingComputer cybersecurity experts: The malware group submitted a ZIP archive with the decryptors to VirusTotal and now it plans to switch to cryptojacking.
Digital Shadows: The coronavirus is a double-edged sword for cybercrime. For some threat actor is an opportunity, for others is a tragedy
The coronavirus is a double-edged sword for cybercrime. It has been explained by Digital Shadows cyber security experts in a post. The ongoing COVID-19 pandemic is having a highly detrimental effect on most businesses and organizations, yet companies linked with antibacterials and cleaning products, for example, will likely experience record sales. In yet another example of the dark web mirroring real life, the situation is no different in the cybercriminal underground. Researchers have observed threat actors operating on cybercriminal forums and marketplaces expressing their worries and a sense of desperation, as to how the pandemic will affect their established business models. Some are urgently trying to adapt their offerings to survive in this vastly changed landscape. Others see an opportunity to profit from mass hysteria and panic or take advantage of the increased online exposure that virus-tackling measures have inadvertently caused.
The cyber security experts: Some threat actors want to exploit the COVID-19 to earn money. This stealing credit card numbers and spreading malware
According to the cyber security experts, threat actors on multiple Russian- and English-language cybercriminal forums initiated threads to discuss the likely impact of coronavirus on established services and offerings and the different types of cybercrime, that might be boosted by this unprecedented situation. The first “weapon” is that many people are being forced to self-isolate or are reluctant to leave our homes to visit physical shops. This led to a huge surge in online transactions as people order deliveries to their doorsteps, a point that has not been missed by cybercriminals. Especially to steal credit card numbers. Furthermore, current government advice in many countries across the world recommends that people work from home, which has dramatically increased online activity. This, added to the high request of information on COVID-19 evolution by users, it’s a good occasion to spread malware.
DarkWeb marketplaces sell as anti-pandemic masks, “miraculous cures” and many drugs to face the quarantine and the lockdown
Cybercrime have also changed “goods” proposed in DarkWeb. Medical items, as anti-coronavirus masks, “miraculous cures” and many drugs are protagonists in the marketplaces. Buyers come especially from places in which there is a preparation for a lockdown. Also cannabis and other drugs sale are increased, thanks for fear of quarantine.
Many cyber criminals are worried and desperate about their activities. The spread of the coronavirus and the governments measures put at risk the future
Other threads discussing COVID-19, approached the likely negative effects on the cybercriminal underground. In a thread on Verified, one user highlighted travel- and event-related fraud as a sector of the cybercrime-related economy that could be particularly hard-hit, noting that “people are afraid of flying and the borders are closed”. The discussion on coronavirus’s impact also highlighted the effect the illness has already had on threat actors engaged in bank-related fraud, cashing out, and warehouse or bank drops. For example, one user stated that their usual “dropworker” can’t work because banks in their unspecified location are closed. This likely refers to the individuals employed to visit banks to withdraw money from fraudulently acquired accounts, allowing cybercriminals to “cash out” their illicitly earned funds. Another forum member stated that in Spain and Italy, dropworkers are “afraid to leave the house”.