LACNIC CSIRT

Using the Internet Means Taking Care of Ourselves – #coronavirus Online

LACNIC CSIRT – LACNIC’s incident response center – has observed an increase in cybercrime reports during the current global health crisis.

Faced with this serious worldwide situation, the “bad guys” of the Internet are not wasting any time and, unfortunately, are taking advantage of the vulnerability that the emergency has created, the need for information many people experience and the importance that the Internet has acquired these days.

In addition, many people are resorting to telecommuting and this is forcing the use of an increased number of digital solutions in non-controlled environments such as companies themselves.

In the first trimester of 2020, according to information provided by Recorded Future, registration of domain names related to #coronavirus grew from very few to close to 800.

For this reason, LACNIC CSIRT has tried to update the Internet community with the latest information about certain types of fraud so that everyone can be on the lookout and prevent cyberfraud.

In this context, there has been an increase in #cybercrime targeting users who wish to access maps that contain information on the coronavirus pandemic,  #coronavirus symptoms, and other coronavirus related topics. Many of these attacks direct users to malicious websites that not only try to steal confidential user information but also provide fake diagnoses. 

Attackers have also targeted online shopping sites. Fake websites have been created offering protective products that are currently in high demand, such as face masks and hand sanitizer. Attackers are also taking advantage of this type of websites to request Bitcoin donations under the pretense of funding research to find a vaccine against the virus.

The most common form of attack is via email, as most of these fraud attempts try to use an email attachment or a link to a malicious site. According to Vade Secure, many documents created with the Microsoft suite have been detected that exploit previously known vulnerabilities, which appear to originate in reliable sources and contain information regarding the evolution of the virus, protection tips and other topics.  

In general, several industries have been affected by these campaigns, including the pharmaceutical sector, the cosmetics sector, the financial sector, transportation, and others.

Some people don’t regard credential theft as a serious crime, but, if one keeps in mind that this information allows attackers to gain access to other systems, we realize that it is indeed very serious, as attackers know that many individuals use the same username and password for different purposes.

Some considerations we should keep in mind:

  • Avoid opening links to unknown websites or clicking on links suggested by unknown persons or pop-up windows.
  • Check the URL you want to go to. If it seems suspicious or you are unfamiliar with the website, try typing it yourself in your browser. 
  • Don’t open links (URLs) that offer seemingly wonderful products that will keep you from becoming infected or that offer immunity.
  • Be aware of messages asking you to urgently provide personal information. No institution will ask us to enter our personal information this way.
  • Change the settings of online platforms so that participants cannot share their screens.
  • Always check the source and never provide personal data or documents.
  • Keep your systems up-to-date and your backups current.
  • Check official websites.
  • Regularly change your passwords and avoid using the same password for different websites.
  • If affected, report the problem as soon as possible to the institution involved. Otherwise, a list of regional CSIRTs is available at https://csirt.lacnic.net/nuevo-csirt-de-la-region