“Hack-for-hire” cyber crews are still capitalizing on the coronavirus (COVID-19) by using bogus gmail accounts to trick business leaders in key industries to hand over their Google account credentials, the company’s security researchers said.
Google’s Threat Analysis Group (TAG) warned in a blog post of an uptick in new activity from several India-based cyber phishers. The attackers are mostly ensnaring individuals in the U.S., the U.K., Bahrain, Canada, Cyprus, India and Slovenia with email invitations to sign up for COVID-19 notifications from the World Health Organizations (WHO), TAG director Shane Huntley said.
A link on the email directs the victims to attacker-hosted websites that closely resemble the official WHO website. “The sites typically feature fake login pages that prompt potential victims to give up their Google account credentials, and occasionally encourage individuals to give up other personal information, such as their phone numbers,” Huntley wrote.
Google cybersecurity researchers regularly track some 270 government-backed hacking groups in 50 countries, Huntley said. But COVID-19 has created the perfect storm for nation state-backed mercenary hackers to flourish. “We continue to see attacks from groups like Charming Kitten on medical and healthcare professionals, including WHO employees. And, as others have reported, we’re seeing a resurgence in COVID-related hacking and phishing attempts from numerous commercial and government-backed attackers,” he said. In the last month, Google researchers have sent 1,755 warnings to users whose accounts have been targeted in COVID-19-related campaigns, Huntley wrote. Since March, the clean-up has also included YouTube, from which Google has removed more than one thousand channels that were mostly uploading “spammy, non-political content” in what appeared to be a coordinated campaign.
Huntley said that the blog post is the first entry of a new, quarterly bulletin where TAG will share threat information about actions it takes against accounts connected to synchronized influence campaigns both foreign and domestic. “Our hope is that this new bulletin helps others who are also working to track these groups, such as researchers studying this issue, and we hope these updates can help confirm findings from security firms and others in the industry,” he said.
In an April bulletin, TAG researchers said that bad actors are creating a false sense of urgency as bait to lure people into responding to phishing campaigns and scams. The ruses, which include fake solicitations for charities, mimicked employer communications to teleworkers and websites posing as official government agencies, appear across a range of Google products, Huntley said. Google's systems recently detected 18 million COVID-19-related malware and phishing messages per day and 240 million pandemic-associated daily spam messages.