By: Samuel Bocetta

If there’s one thing society can rely on, it is that hackers will figure out a way to take advantage of a public crisis. Enter coronavirus. Though the actual global danger level of the illness is still open to debate, one thing is certain. Panic is near, perhaps nowhere more so than where the disease was birthed, including ground zero in Wuhan, China, and the extended Asian region. 

With protective facemasks in short supply and large public events being canceled at an increasing rate, this pandemonium is the perfect cauldron of chaos for hackers to step into. And step into it they have.

https://www.state.gov/coronavirus/

A New Way to Sneak in Malware

This isn’t the first time hackers have targeted the region, so they have no need to be truly creative. All that had to be done was wait for a prime opportunity like coronavirus to come along and then put a new spin on an old tactic. In what is basically just another phishing attack, one hacker or group of hackers has targeted the region with mass emails that relay the information that x and y countries have been infiltrated with the disease (no big surprise there) and that it’s critical they open an attached Word document to gain information about what they should do.

If you’re still opening attachments from strangers and organizations, you deserve coronavirus. That might have been a little harsh. You only deserve the common cold. Regardless, you should be able to guess what happens if you open the “helpful” document.

That’s right. You just invited a big dose of malware into your system. In this case, it will probably be the Emotet malware, which installs itself and goes to work either sending your personal information out to the hacker or proceeding to install ransomware. If you’re looking for a good way to have your computer or device taken hostage until you make a Bitcoin payment in return for maybe or maybe not having control returned, this is a good way to do it.

Keep in mind that popular consumer-grade cybersecurity options you hear mentioned like a virtual private network (VPN) won’t do much good in the face of these kinds of attacks. The technology in popular VPNs works via “session encryption”, obscuring your IP address and thereby hiding your physical location. They don’t scan incoming emails and aren’t able to detect malware. For that, you need antivirus and antimalware installed, as well as a good firewall.

Emotet has recently been associated with holidays, large events (like a special invitation to a celebrity appearance), and topics at the top of the public consciousness, so coronavirus is made to order.

Visit This Great New “Cure for Coronavirus” Website

Though scientists around the world are working day and night to come up with a vaccine, you can rest assured that if one is created it won’t come to you in the form of an email from an organization you’ve never heard of and loaded with a handy link to click. This is the exact tactic taken by the hackers currently focusing on Asia.

If you fall for the game by clicking the link, you’ll be taken to a fake website trumpeting whatever wild claims deemed necessary by its creator to entice you to enter your information for more details. Or maybe there will be a brand new, more effective style of face mask for sale. All you have to do is enter your credit card information and click, click, click. Unfortunately, that swanky new face mask doesn’t exist and you just sent you credit card details to the bad guys.

If you’re not familiar with a website and it doesn’t tick any of the boxes that offer clues that the site owner has gone to any trouble to establish a good online reputation, don’t enter any information!

The Hacker(s) Known as TA542

The hacker or group of hackers associated with the latest surge in Emotet use is referred to by cybersecurity experts as TA542, and the recent cyber-assault on Asia fits the profile. As one of the most active bad actors working right now, TA542 likes to carpet bomb target areas with hundreds of thousands or even millions of emails loaded with the destructive payload - often some variation of Emotet.

Previously, Emotet was aimed at the banking industry and delivered a TA542 Trojan horse that, once installed, took over the system or some other nefarious action. More recently, the Emotet payloads have switched to well-known (in the hacker community) third-party malware. After installation, the malicious software might install a variety of modules which perform a variety of nasty things:

• Send spam to you and use your machine to spam others

• Engage in straight out credential theft like bank login info

• Email harvesting

• Infect other machines on the local network

• Steal info from your address book

Obviously TA542 is not your friend.  

Why is Asia Particularly Susceptible?

It’s not that Asians are more gullible than any other region of the world. It just so happens that coronavirus started in China and has hit that region of the world harder than anywhere else. It’s not surprising that citizens feel a stronger sense of urgency and/or panic and are liable to be more skittish and likely to fall for these kinds of hacker ploys.

https://en.wikipedia.org/wiki/File:ASEAN-PT.JPG

Final Thoughts

Obviously, preying on the fears of those worried about a life-threatening disease is a Grinchian level of antisocial behavior. The good news is that you can do something about this coronavirus-fueled hack-a-thon presently underway. Here’s what to do:

Think before you click and not vice-versa. That’s all. There’s nothing new going on here. It’s simply another iteration on humanity’s inability to keep themselves from completely and immediately trusting any random email that shows up in their box. These days, be on particular alert for unsolicited emails related to current events.

While the current round of attacks is targeted at Asia, it likely won’t stay like that forever. Coronavirus and the associated freakout is everywhere. Hackers are a resourceful, adaptive bunch, and you can bet that if they think there are juicier victims to be had elsewhere, they will be on their way there in the twitch of a cat’s tail.

Citizens of the 10 states of the Association of Southeast Asian Nations (ASEAN) should take care when interacting with their inbox. This includes Brunei Darussalam, Cambodia, Indonesia, Laos, Malaysia, Philippines, Singapore, Thailand, and Vietnam.

Samuel Bocetta is a retired security analyst and a regular contributor to Asia Sentinel.