Security News > 2021 > May > Hackers Exploit Post-COVID Return to Offices
The latest scam includes pelting recipients with emails purportedly from their CIOs welcoming employees back into offices.
The spoofed CIO email prompts victims to link to a fake Microsoft SharePoint page with two company-branded documents, both outlining new business operations.
If a victim decides to interact on either document a login panel appears and prompts the recipient to provide login credentials to access the files.
Just last month, as governments rolled out pandemic relief payments, attackers used fake U.S. aid payments to deliver Dridex Malware.
"COVID-19 has given us a window into how hackers can exploit human vulnerabilities during a crisis, with healthcare and pandemic-related attacks prevalent in 2020," Sivan Tehila with Perimeter 81 wrote recently for Threatpost.
Cybercriminals thrive on change and only become emboldened by it, rolling out new cybercrime offenses to exploit trending news events, she said.
News URL
https://threatpost.com/hackers-exploit-covid-office/166550/
Related news
- Iranian hackers now exploit Windows flaw to elevate privileges (source)
- Hackers Exploit Roundcube Webmail XSS Vulnerability to Steal Login Credentials (source)
- Hackers exploit Roundcube webmail flaw to steal email, credentials (source)
- Hackers exploit 52 zero-days on the first day of Pwn2Own Ireland (source)
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- High-Severity Flaw in PostgreSQL Allows Hackers to Exploit Environment Variables (source)
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign (source)