TechRadar reports fraudulent outbreak maps are being used to attract unwitting victims and then deliver malware through various well-test tactics. ThreatPost is reporting two Coronavirus-themed campaigns that use PDF and Microsoft Word documents to deploy remote access tools (RAT), clipboard-copying, keystroke logging, desktop image capture, and a cornucopia of malware. CheckPoint security discovered another Coronavirus-themed campaign targeting Japan that delivers the reigning champion of credential harvesting Emotet.
As workforces practice social distancing to work from home, the risk of attacks against corporate remote access systems rises. The criminals target employees to harvest their VPN credentials as a backstage pass to corporate assets. There are some controls and practices that companies should implement to protect themselves during times of chaos and uncertainties.