Cyber criminals create a spoofed copy of the NHS website in the midst of the coronavirus pandemic to trick users into downloading dangerous malware that can steal their passwords and credit card data

• Kaspersky has uncovered malware being distributed through a fake NHS website
• The spoof site contains links that download misleading malware called a Trojan 
• This then steals passwords, credit card data, files and other data from browsers
• Kaspersky also described attacks on hospital infrastructure a form of 'terrorism'

Internet security company Kaspersky has uncovered malware hiding in a spoof copy of the NHS website to capitalise on people seeking coronavirus health advice. 

The convincing impersonation of the UK’s health service website includes harmful links that lure internet users who are after looking for COVID-19-related health tips.

Once unsuspecting visitors click links on the site, malware can steal passwords and credit card data from their internet browser, which is sent to cyber criminals.

Kaspersky has acknowledged an increase in scam attempts during the course of the pandemic, especially those with fake coronavirus advice.

The authentic-looking version of the NHS website, which is actually a scam set up by criminals, has links inserted to download malware where users think they are clicking for health advice

‘We are seeing a spread in COVID-19 messaging to trick people into opening malicious links or attachments and downloading malware,’ said Yury Namestnikov, head of Kaspersky’s Globla Research and Analysis Team.

Namestnikov said the company saw a 43 per cent growth in these sorts of attacks between January and March as coronavirus infection rates climbed.

This particular type of malware is being distributed as a Trojan – a type of seemingly innocuous software that later reveals its malicious intent.

The Trojan is let loose via three hyperlinks attached to text on the site – ‘Advice about staying at home’, ‘Use the 111 Coronavirus service’ and ‘How to avoid infection’.

 The file downloaded from the website is a stealer Trojan - or password stealing ware (PSW) - malware that is able to steal passwords and credit card data from browsers, files and other data stored on the victim’s computer

Once the unsuspecting visitor clicks on one of these links, a pop-up box appears asking them if they want to save a file called ‘COVID19’.

KASPERSKY'S FIVE TIPS TO AVOID A PHISHING SCAM 

- Protect your devices with a reputable Internet security product.

- Update your operating system and applications as soon as updates become available.

- Use a unique, complex password for every online account, and consider using a password manager to help you with this.

- Always type a URL into your web browser directly, rather than clicking on links in unsolicited messages.

- Make regular backups of your data. 

The file is a stealer Trojan, or ‘password stealing ware (PSW), that can steal data stored on the victim’s computer based on the criminal’s stipulations – for example all .txt files from the Desktop folder – although it can also follow commands from the scammers.

Once the user clicks 'Save File' and the file is downloaded, the Trojan can steal passwords, credit card data, cookies from popular browsers, cryptowallets files and screenshots – all of which is then sent to the cyber criminals.

To reduce the risk of falling victim to these sort of sites, Kaspersky recommends frequent operating system updates, using complex and unique passwords for each online account and steering clear of links in unsolicited messages.

This week, Kaspersky’s founder has said attempts on the internet infrastructure of hospitals and healthcare organisations during the pandemic is ‘equivalent to a terrorist attack’.

The transition to working from home for millions around the world has little impact on cybercriminals’ ability to carry out attacks, he warned.

‘Cyber criminals are very likely to stay active,’ said Kaspersky in a virtual press conference this week.

‘They are used to working from home and their circumstances have not changed drastically.

'They will keep trying to attack businesses and individuals and it is our job to keep working hard and defend our customers.'

+4

As cyber criminals continue to exploit the COVID-19 pandemic, the last few months have seen a rise in both opportunistic and targeted attacks, with spear phishing campaigns in particular causing challenges as they target users with fake coronavirus-related advice

The company said is offering corporate security products to the healthcare sector for free for six months.

Meanwhile, social tracking applications, which have been implemented by governments and authorities worldwide, should be ‘implemented cautiously’, the company said.

Social tracking apps, which can inform civilians if they have been in contact with somebody with the virus or track the spread over regions, could impact personal privacy, it said. 

Examples of such apps include an app jointly developed by Google and Apple that uses Bluetooth to track phones a user comes into contact with. 

Another free app called the 'Covid Symptom Tracker' lets Brits self-report their health status daily, even if they are feeling well to help trace people with symptoms. 

Collected symptom data aims to help slow the outbreak of COVID-19 in the UK by identifying how fast the virus is spreading in an area, as well as high risk areas of the country.  

‘This technology should be implemented if it can save lives,’ said Namestnikov.

‘But managing such large amounts of data must be done correctly and properly secured and encrypted to keep information safe.

+4

A Kaspersky employee has said he hopes apps that are released to track social distancing and the spread of the coronavirus are only needed as temporary measures and are not later exploited by businesses 

‘If done so correctly and transparently, authorities can check which organisations have collected and used this data.’

Costin Raiu, Kaspersky’s Director of Global Research and Analysis Team, hopes that social tracking apps are only temporary measures and that businesses do not see them as an opportunity to monetise personal data.

‘Mobile tracking is used to tell others about who they have been in contact with and the best way to keep yourself safe is to stay at home,’ Raiu said in the online meeting.

‘We must put this technology behind us when we go back to normality and hope it is not a permanent part of society.’

KASPERSKY SAYS CYBER ATTACKS ON HOSPITALS DURING THE CORONAVIRUS PANDEMIC ARE AKIN TO TERRORIST ATTACKS 

Kaspersky Founder and CEO Eugene Kaspersky believes cyberattacks on hospitals during the COVID-19 pandemic are on par with terrorist incidents.  

In an online press conference on Wednesday, April 22, Eugene Kaspersky said that despite the current social distancing measures in place around the world, there will be very little impact on the cybersecurity landscape.  

'Cybercriminals are very likely to stay active,' he said. 'They are used to working from home and their circumstances have not changed drastically.

'They will keep trying to attack businesses and individuals and it is our job to keeping working hard and defend our customers. 

'Any attack made on a hospital at this time can be seen as equivalent to a terrorist attack.”

Also present during the virtual meeting, Costin Raiu, Kaspersky’s Director of Global Research and Analysis Team, said he would like to see any malicious individuals or groups that carry out attacks on healthcare organisations heavily reprimanded.

'The message must be clear to cyber criminals that anybody targeting medical institutions will be hunted down by LEAs and cybersecurity companies like ourselves to make sure they are brought to justice,' Raiu said.  

While pressure may be on medical institutions to keep their systems secure, the current circumstances have made this a greater challenge than usual, Raiu believes.  

'People in hospitals are understandably having to concentrate on looking after their patients and saving lives,' he said. 

'They are not necessarily worried about updating their systems. 

'They may also be managing and prioritising resources differently and if they need to choose between investing in cybersecurity solutions or buying medical equipment, there is only one clear choice.'

Regarding the general threat landscape, the last months have seen a rise in opportunistic and targeted attacks, with spear phishing campaigns in particular targeting users with fake coronavirus-related advice.  

'We are seeing a spread in COVID-19 messaging to trick people into opening malicious links or attachments and downloading malware,' said Yury Namestnikov, Kaspersky's Head of Global Research and Analysis Team for Russia.

'We saw 43 per cent growth in this sort of attack between January and March 2020.' 

Since the outbreak, social tracking applications have been developed to inform civilians if they have recently been in contact with somebody who has contracted the virus. 

While these applications are being created to benefit humanity, there are some reservations and concerns about how such technology could impact personal privacy. Yury Namestnikov said.

'This technology should be implemented if it can save lives,' he said.

'But managing such large amounts of data must be done correctly and properly secured and encrypted to keep information safe. 

'If done so correctly and transparently, authorities can check which organisations have collected and used this data.'

Costin Raiu hopes that any apps that are released are only needed as temporary measures and businesses do not see them as an opportunity to monetise personal data. 

'We face an impossible choice,' he said. 

'Mobile tracking is used to tell others about who they have been in contact with and the best way to keep yourself safe is to stay at home. 

'We must put this technology behind us when we go back to normality and hope it is not a permanent part of society.' 

Kaspersky said that as a company it has adapted well to the outbreak, transitioning its workforce to working from home.   

'One day, this will all be over, and everyone will want to see each other again in person,' the founder said. 

'Quite often, face-to-face connections are the best way for people to interact and I enjoy seeing so many people in my working life. 

'But we can also take advantage of the technology we are benefiting from now. 

'For instance, this year we have postponed our Security Analyst Summit but this year we can run two ‘versions’ of the same conference - a physical one and an online one. 

'Businesses can plan now for when we go back to normal and build stronger customer relationships.'