Blutone Technologies


  • How Cybercriminals Are Taking Advantage of COVID-19

    06 Apr, 2020

    In the wake of large-scale global events, cybercriminals are among the first to attempt to take advantage of the situation and seek financial gain. In February 2020, the World Health Organization (WHO) released an advisory warning of ongoing scams involving the ongoing outbreak of COVID-19 / Coronavirus. These scams aim to exploit people’s fear and uncertainty concerning the disease’s spread.


    How attackers exploit the Covid-19 crisis


    1. Phishing and social engineering scams

    Phishing is one of, if not the single most common attack techniques. Reports of email phishing campaigns using COVID-19-related lures surfaced almost immediately after confirmed infections began increasing in January 2020. Health organizations such as the WHO and US Centers for Disease Control and Prevention (CDC) have been prime targets for impersonation due to their perceived authority: Attackers have been observed tempting victims with URLs or document downloads using promises of important safety documentation or infection maps.

    COVID-19 has also been a popular topic of discussion on cybercriminal forums. For example, in February 2020, a user initiated a thread on the prestigious Russian-language cybercriminal forum XSS to advertise a new COVID-19-themed phishing scheme. The user advertised a method to deliver malware via an email attachment disguised as a distribution map of the virus’s outbreak, containing real-time data from the WHO. The map itself is an impersonation of a legitimate map created by the Johns Hopkins Center for Systems Science and Engineering (CSSE). The offering was priced at $200 for a “private build”, and if buyers also required a Java CodeSign certificate, the price would be $700.


    XSS post on COVID-19-related phishing scam


    Legitimate Johns Hopkins COVID-19 distribution map


    Another phishing scam, as detailed by Sophos, impersonated an official email correspondence from the WHO. The email contained a link to purported document on preventing the spread of the virus, but redirected victims to a malicious domain which attempted to harvest credentials. The email contained several grammatical and format errors, which can be used by attackers to narrow down their victims and bypass spam filters.


    Phishing scam impersonating the WHO (Source: Sophos)


    Organizations like the WHO or CDC are also not the only ones at risk of being impersonated. Since January 2020, the number of COVID-19-related domains registered has increased significantly: Digital Shadows has identified over 1,400 domains registered over the past three months. While many of these are likely legitimate and dedicated to providing information on the virus and its spread, it is almost certain that a portion have been created with malicious intent. Malicious domains can be used to spread misinformation, host phishing pages,  impersonate legitimate brands, and sell fraudulent or counterfeit items. In March 2020, the UK’s National Fraud Intelligence Bureau (NFIB) reported over 21 cases of COVID-19-related fraud schemes, resulting in losses of over £800,000 in the UK alone. The NFIB cited specific examples which included the fraudulent sale of face masks and sites which promised victims a map of COVID-19 infections near them in return for a bitcoin payment.


    COVID-19-related domains registered over the past six months (Source: Digital Shadows’ Shadow Search)


    2. Malicious apps

    Although Apple has placed limits on Covid-19-related apps in its App Store and Google has removed some apps from the Play store, malicious apps can still pose a threat to users.

    DomainTools uncovered a site that urged users to download an Android app that provides tracking and statistical information about Covid-19, including heat map visuals.

    However, the app is actually loaded with an Android-targeting ransomware now known as CovidLock. The ransom note demands $100 in bitcoin in 48 hours and threatens to erase your contacts, pictures and videos, as well as your phone's memory. An unlock token has reportedly been discovered.

    DomainTools reported the domains associated with CovidLock were previously used for distributing porn-related malware. “The long run history of that campaign, now looking disabled, suggests that this Covid-19 scam is a new venture and experiment for the actor behind this malware,” said Tarik Saleh, senior security engineer and malware researcher at DomainTools, in a blog post.

    Proofpoint also discovered a campaignsha asking users to donate their computing power a la SETI@Home but dedicated to Covid-19 research, only to deliver information-stealing malware delivered via BitBucket.


    3. Insecure endpoints and end users

    With large numbers of employees or even the entire businesses working remotely for an extended time, the risks around endpoints and the people that use them increase. Devices that staff use at home could become more vulnerable if employees fail to update their systems regularly.

    Working from home for long periods of time may also encourage users to download shadow applications onto devices or flout policies they would normally follow in the office.

    The International Association of Information Technology Asset Managers recommends that all IT assets being taken home be signed out and tracked, that companies provide policy and advice around how assets be used at home (especially if people are used to sharing devices with family), remind users of policies around connecting to public WiFi, and make sure they continue to update their software as needed.


    4. Vulnerabilities at vendors and third parties

    Every partner, customer and service provider in your ecosystem is likely going through all the same issues as your organisation. Liaise with critical parts of your third-party ecosystem to ensure they are taking measures to secure their remote workforce.


    Security priorities for remote working at scale

    Liviu Arsene, global cyber security researcher at Bitdefender, recommends that organisations take the following steps to ensure secure and stable remote working:

    • Bump up the number of simultaneous VPN connections to accommodate all remote employees
    • Set up and support conferencing software that ensures both a stable voice and video connection
    • Ensure all employees have valid credentials that don’t expire within less than 30 days as changing expired Active Directory credentials can be difficult when remote
    • Send out rules and guidelines regarding accepted applications and collaborative platforms so employees are aware of what is sanctioned and supported and what is not
    • Have gradual rollout procedures for deploying updates, as delivering them all at once to VPN-connected employees could create bandwidth congestions and affect inbound and outbound traffic
    • Enable disk encryption for all endpoints to reduce the risk of data loss on compromised devices
  • The simple way to spot a Phishing email

    25 Feb, 2020

    A Phishing email is when a cybercriminal tries to trick email users by sending an email address from a manager, coworker or business partner. With the move to cloud mail services such as O365 and Gmail, it’s very easy for cybercriminals to target users and harvest their credentials.

    The first step is to look at the sender’s email address closely. Sometimes there are subtle differences in the address.

    For example:

    Real address:

    Fake address:

    Sometimes this is not clearly visible as it is masked so hovering with your mouse over the username can help unmask the real address.

    If the email has an embedded link, never click it but use the same technique and hover over it to see where it leads to. If the link says and you hover over it and on the lower left side of the Outlook screen it says, you will know its fake.

    Never open or download an email attachment unless you are 100% certain it’s safe.

    The last step, if you weren’t expecting the email and don’t know who it’s from, don’t click it. If it’s regarding something important, they will contact you again.

    I hope this helps.

  • Six things you need to do to prepare for, prevent and minimise the damage of a cyberattack

    12 Feb, 2020

    When it comes to cybersecurity, the best defence is a good offence.

    Here are six tips that can help you mitigate the impact of an attack on you. 


    Cybercrime has become a global epidemic and shows no signs of slowing down. Indeed, the latest research from IBM and the Ponemon Institute found that the average cost of a data breach is $3.9 million and that it takes 279 days on average to identify and contain a breach—279 days!

    Statistically speaking, without the right people, processes, and technology in play, your networks are likely to have been compromised already—and you may not even know it. And we do mean “you.”

    As with many things in life, when it comes to cybersecurity, the best defence is a good offence. Don’t wait for the attack; take a threat-focused approach to defending yourself and find trouble before trouble finds you.

    Here are six tips that can help you better prepare, prevent, and minimise the damage from a cybersecurity attack and get back to business as soon as possible:

    1. Raise awareness. It’s important for everyone in the organisation to be savvy and alert about security issues. This means watching for phishing scams sent through email and messaging apps that appear genuine but are actually attempts to retrieve credentials or sensitive data or release malware into the system.

    2. Be ready to document everything you know and everything you do. Many countries and industries have regulations and other laws that require reporting unauthorised network access or data breaches. Documenting what happened and each remediation step is a necessary part of preparing for that reporting. It also allows you to do a post mortem and ask, “What can we do better or different in the future to minimise our risk of another breach?”

    3. Follow the 3-2-1 rule. The most significant difference between those who end up having to pay a ransom vs. those who don’t is their backups. Many companies take it for granted that their data is backed up regularly, and they learn otherwise when they need to do a restore. In the case of ransomware, it’s important to distinguish between data synchronisation in the cloud and a valid backup. In the former scenario, infected data sets can be uploaded to the cloud and can overwrite good data. With a true backup, which follows the 3-2-1 backup rule, you’ll avoid this problem. The 3-2-1 backup rule means you should have three copies of your data and store the copies on two different media, and keep one backup copy offsite.

    4. Purchase a Cyber Insurance policy. If you do experience a cyber breach, a solid Cyber insurance policy will cover your losses and costs to repair the damage.

    5. Isolate the problem. Make sure that infected devices are taken off the network and shut down whenever possible until they can be diagnosed. The longer the infected machine remains online, the more potential it has to affect others and exacerbate the situation.

    6. Lockout further damage. If personal or company identity data is stolen, immediately notify your bank or your customer’s bank, credit card companies, and credit monitoring agencies. This will limit the thieves’ ability to continue using the stolen data.

    As we continue to become more reliant on technology, cybercrime will continue to rise. Start being proactive about your cybersecurity now!

    If you would like any more information, help or advice on this matter, call Blutone on 1300 660 139, and we'll be happy to help.



Why Choose Us

  • Tech Expert on demand – for quick fixes 123
  • Solutions tailored to your needs
  • Tech Expert on-site – for those hands on solutions
  • Priority access for Entrepreneur and Business
  • Free Membership – to get you started
  • Remote concierge service
  • Free Tech Expert advice – to point you in the right direction
  • On-site concierge service
Contact Us Today