A yet to be an unidentified group of hackers has just created a fake website, get this – a clone of the NHS (National Health Service) official website. This clone website, as it turns out, is providing information about possible treatments for the coronavirus. Of all the things that the hackers can think of, it is to exploit panic around the global crisis and cause systematic information disruption.
This most recent attack is yet another example of just how devious, and downright opportunistic these cybercriminals are—grabbing almost every prospect of inducing panic and chaos amidst an already grief-stricken situation.
These past few weeks have seen a rise in the number of cyber-attacks, DDoS, ransomware exploits, and other malware-laced breaches against, of all establishments – healthcare institutions. As if these organizations and their workers are not strained enough already as a result of the global coronavirus pandemic – even the WHO (World Health Organization) itself was not spared from these attacks.
According to the security researchers that were commissioned to investigate the incident, site visitors are tricked into the website’s information about the possible coronavirus treatments and are asked to download a file into their devices’ system. Unfortunately for them, the downloaded file is infected with a Trojan (Password Stealing Malware) fully equipped with tools to crack and steal passwords, account and billing information, credit card data, and all sorts of personal and financial information available from the targeted devices.
As an extra, the trojan is also armed with a new malware installer for remote capabilities, allowing the hacker to perform a further sweep of data from your device in real-time.
The NHS is no stranger to cyber-attacks, with more than 100 instances of network attacks documented over the years. This is a favorite target amongst cybercriminals due to the fact that the NHS is a very reputable and trustworthy institution. No one wiser would come to think that the NHS will get their information compromised in any way.
The UK’s National Cyber Security Centre (NCSC), together with the US Department’s Homeland Security (DHS) with its Cybersecurity and Infrastructure Security Agency (CISA), has worked out and issued a joint advisory to inform the public against these kinds of attacks. In general, avoid opening unknown links or files from unknown websites, secure your network devices and update those security applications regularly, and make sure to report all instances of cybercrime to the proper authorities.