April 19, 2024
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – CVE-2020-1967 – OpenSSL Segmentation fault in SSL_check_chain Vulnerability
April 23, 2020Rewterz Threat Alert – Gamaredon APT Using COVID-19 Lures
April 23, 2020Rewterz Threat Advisory – CVE-2020-1967 – OpenSSL Segmentation fault in SSL_check_chain Vulnerability
April 23, 2020Rewterz Threat Alert – Gamaredon APT Using COVID-19 Lures
April 23, 2020
Severity
Medium
Analysis Summary
A recent phishing campaign targeting users in attempt to steal their credentials and use them to them gains are targeting different Government employees and healthcare organizations that use lures designed to take advantage of the fears surrounding the COVID-19 pandemic.
Over a dozen state backed groups are targeting users to COVID-19 themes as lure for phishing and malware attempts—trying to get their targets to click malicious links and download files researchers said.
From fake solicitations for charities and NGOs, to messages that try to mimic employer communications to employees working from home, to websites posing as official government pages and public health agencies.
This recent wave of phishing attacks have gone past the desired range of users, Google is now warning all of the affected users about being the target of government-backed attackers trying to steal their password.
Impact
- Credential theft
- Exposure of sensitive information
Remediation
- Always be suspicious about emails sent by unknown senders.
- Never click on the links/attachments sent by unknown senders.