Coronavirus – Page 2 – Law Enforcement, Military, and Terrorism News

Trend Micro: Coronavirus Used in Malicious Campaigns

(Developing Story) The coronavirus disease (COVID-19) is being used in a variety of malicious campaigns including email spam, BEC, malware, ransomware, and malicious domains, Trend Micro has reported.

As the number of those afflicted continue to surge by thousands, campaigns that use the disease as a lure likewise increase. Trend Micro researchers are periodically sourcing for samples on coronavirus-related malicious campaigns. This report also includes detections from other researchers.

Trend Micro:

The mention of current events for malicious attacks is nothing new for threat actors, who time and again use the timeliness of hot topics, occasions, and popular personalities in their social engineering strategies.

We analyzed coronavirus-related malware and spam attacks that our customers encountered globally in the first quarter (Q1) of 2020, from January to the present. We then categorized them according to region, namely the Asia Pacific Region (APAC), Latin America Region (LAR), North American Region (NABU), and Europe, Middle East, & Africa Region (EMEA).

The data came from our Smart Protection Network mechanism and are detected based on heuristic patterns. The number of spam corresponds to spam emails with the word “coronavirus” in the subject. The malware count is composed mostly of the accompanying malware files in these spam messages.

Figure 1. Coronavirus-related malware and spam attacks in Q1 2020 (Global)

As seen in the chart above, customers in the EMEA region had the most attacks at around 130,000 for both malware and spam. APAC saw around 28,000 attacks for both. NABU has over 21,000 for malware and over 22,000 for spam, while LAR has over 18,000 for malware and 19,000 for spam.

Figure 2. Countries with the most coronavirus-related malware and spam attacks in Q1 2020 (EMEA)

For EMEA, customers in the UK received almost a third of all malware and spam attacks for the region at over 41,000 for both. Next is France at almost 24,000 for malware and almost 23,000 for spam. Italy, one of the countries most affected by the coronavirus, has been hit by over 11,000 spam and malware cases, making it the country in EMEA that has seen the third-most coronavirus-related campaigns.

Read more at Trend Micro.

Trendmicro.com (March 2020) Developing Story: Coronavirus Used in Malicious Campaigns

Global operation sees a rise in fake medical products related to COVID-19

Coronavirus outbreak sparks a new trend in counterfeit medical items

Counterfeit facemasks, substandard hand sanitizers and unauthorized antiviral medication were all seized under Operation Pangea XIII, which saw police, customs and health regulatory authorities from 90 countries take part in collective action against the illicit online sale of medicines and medical products.

The operation resulted in 121 arrests worldwide and the seizure of potentially dangerous pharmaceuticals worth more than USD 14 million.

The outbreak of the coronavirus disease has offered an opportunity for fast cash, as criminals take advantage of the high market demand for personal protection and hygiene products.

Law enforcement agencies taking part in Operation Pangea found 2,000 online links advertising items related to COVID-19. Of these, counterfeit surgical masks were the medical device most commonly sold online, accounting for around 600 cases during the week of action.

The seizure of more than 34,000 counterfeit and substandard masks, “corona spray”, “coronavirus packages” or “coronavirus medicine” reveals only the tip of the iceberg regarding this new trend in counterfeiting.

“Once again, Operation Pangea shows that criminals will stop at nothing to make a profit. The illicit trade in such counterfeit medical items during a public health crisis shows their total disregard for people’s wellbeing, or their lives,” said Jürgen Stock, INTERPOL’s Secretary General.

Compared to the week of action in 2018, this latest edition of the operation reported an increase of about 18 per cent in seizures of unauthorized antiviral medication, and an increase of more than 100 per cent in seizures of unauthorized chloroquine (an antimalarial medication), which could also be connected to the COVID-19 outbreak.

During the week of action (3 – 10 March 2020) authorities in participating INTERPOL countries inspected more than 326,000 packages of which more than 48,000 were seized by customs and regulatory authorities.

Overall, authorities seized around 4.4 million units of illicit pharmaceuticals worldwide. Among them were:

erectile dysfunction pills
anti-cancer medication
hypnotic and sedative agents
anabolic steroids
analgesics/painkillers
nervous system agents
dermatological agents
vitamins.

More than 37,000 unauthorized and counterfeit medical devices were also seized, the vast majority of which were surgical masks and self-testing kits (HIV and glucose), but also various surgical instruments.

Information received from the participating countries during the operation points to a considerable decrease in international shipments of small parcels (by about 40 per cent), probably due to the coronavirus outbreak.

The operation has already closed down more than 2,500 web links, including websites, social media pages, online marketplaces and online adverts for illicit pharmaceuticals with a similar number in the process of being closed down. The combined efforts of the authorities disrupted the activities of 37 organized crime groups.

Under Operation Pangea XIII, INTERPOL member countries also reached out to the general public – through videos, brochures, exhibitions and talks at hospitals and schools – to raise awareness of the dangers of buying pharmaceuticals from unregulated online sources.

“As reducing demand is an important aspect in Operation Pangea, Malaysia is strongly promoting awareness activities to the public. These include the distribution of car stickers, video broadcasts via electronic billboards as well as radio and television interviews”, said Norlida Binti Abdul Rahman, Senior Principal Assistant Director, Ministry of Health, Malaysia.

Fake medicines often contain the wrong amount of active ingredient (too little, too much, or none at all). In other cases, the medicines may be genuine but have been stolen and then badly stored or may have expired. This means they could be ineffective or contaminated.

https://www.interpol.int/en/News-and-Events/News/2020/Global-operation-sees-a-rise-in-fake-medical-products-related-to-COVID-19

Interpol.int (March 2020) Global operation sees a rise in fake medical products related to COVID-19

Fact Sheet: DHS Notice of Arrival Restrictions on China, Iran and Certain Countries of Europe

In furtherance of Presidential Proclamations 9984, 9992, 9993, and 9994, which bans the entry of non-U.S. citizens who are from or recently been in China, Iran, or certain European countries, the Department of Homeland Security issued a Notice of Arrival Restrictions requiring American citizens, legal permanent residents, and their immediate families who are returning home to the U.S. to travel through one of 13 airports upon arrival to the U.S., submit to an enhanced entry screening and self-quarantine for 14 days once they reach their final destination.

On March 11, 2020, President Trump determined that the potential for widespread transmission of the coronavirus by infected individuals seeking to enter the United States threatens the security of the homeland. The President issued Proclamations 9984, 9992, and 9993, which suspends entry to nearly all foreign nationals who have been in China, Iran, and certain European countries at any point during the 14 days prior to their scheduled travel to the U.S.

These European countries include: Austria, Belgium, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Slovakia, Slovenia, Spain, Sweden, Switzerland, and the United Kingdom.

The order is now effective. Americans returning from the affected countries will now be required to travel through 13 airports:

Boston-Logan International Airport (BOS), Massachusetts
Chicago O’Hare International Airport (ORD), Illinois
Dallas/Fort Worth International Airport (DFW), Texas
Detroit Metropolitan Airport (DTW), Michigan
Daniel K. Inouye International Airport (HNL), Hawaii
Hartsfield-Jackson Atlanta International Airport (ATL), Georgia
John F. Kennedy International Airport (JFK), New York
Los Angeles International Airport, (LAX), California
Miami International Airport (MIA), Florida
Newark Liberty International Airport (EWR), New Jersey
San Francisco International Airport (SFO), California
Seattle-Tacoma International Airport (SEA), Washington
Washington-Dulles International Airport (IAD), Virginia

Upon arrival, travelers will proceed to standard customs processing. They will then continue to an enhanced entry screening where the passenger will be asked about their medical history, current condition, and asked for contact information for local health authorities. Additionally, some passengers will have their temperature taken.

After the enhanced entry screening is complete, passengers will be given written guidance about COVID-19 and be allowed to proceed to their final destination.

Once home, individuals must immediately self-quarantine in their home and monitor their health in accordance with CDC best practices.

In order to ensure compliance, local and State public health officials will contact individuals in the days and weeks following their arrival.

DHS.gov (March, 2020) Fact Sheet: DHS Notice of Arrival Restrictions on China, Iran and Certain Countries of Europe

DOD Officials Explain New Coronavirus Domestic Travel Restrictions

Defense officials announced restrictions on domestic travel yesterday for service members, Defense Department employees and family members in response to the new coronavirus, or COVID-19.

Deputy Defense Secretary David L. Norquist signed a memorandum halting all domestic travel, to include permanent changes of station and temporary duty travel. The ban is in effect from March 16 to May 11, 2020.

Officials speaking on background said the new memo said that service members will only be authorized local leave only.

The ban is in addition to restrictions on all DOD military and civilian personnel and their families traveling to, from, or through areas for which the Centers for Disease Control and Prevention have issued a Level 3 Travel Health Notice. That policy also stops PCS and TDY travel through May.

There are exceptions for hardship, mission essential and humanitarian travel, but those exceptions must be approved. Domestic travel for medical treatment is excluded from the ban.

There are 10 service members who have tested positive for COVID-19. One DOD civilian and two DOD contractors have the virus, as do eight family members, officials said. There are 13 DOD laboratories that can test samples for the virus.

The officials said the new policy is aimed at preventing the spread of coronavirus. Each day tens of thousands of service members and DOD civilians are traveling. This ”strategic pause” is ”the best and safest route” to slowing the spread of the virus, they said.

The Pentagon reservation is also taking actions and raised the health protection condition in the building and associated properties to Bravo. This means all tours of the building are cancelled. Starting March 16, offices in the building will go on minimum manning, with vast numbers of employees teleworking.

Offices in the building will have rotating staffs and ”red and blue” teams. Those employees who require access to classified information to do their mission-essential tasks will work from the building, officials said.

The Pentagon will restrict access to employees with swipe card access, and will restrict international visitors. ”We are also restricting access of Pentagon officials who have been overseas in one of the CDC-defined Level 3 or 2 countries,” officials said on background.

As of today, the Level 3 countries are: China, Iran, South Korea, Austria, Belgium, the Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Italy, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Slovakia, Slovenia, Spain, Sweden, Switzerland, Monaco, San Marino and Vatican City.

Personnel who return from these countries will be required to self-isolate for 14 days before being allowed back to work, officials said.

Pentagon officials are also closing employee fitness centers and said they are looking at other measures to lessen the chances of transmission.

Defense.gov (March, 2020) DOD Officials Explain New Coronavirus Domestic Travel Restrictions

INTERPOL warns of financial fraud linked to COVID-19

INTERPOL is encouraging the public to exercise caution when buying medical supplies online during the current health crisis, with criminals capitalizing on the situation to run a range of financial scams.

Criminals taking advantage of coronavirus anxiety to defraud victims online

With surgical masks and other medical supplies in high demand yet difficult to find in retail stores as a result of the COVID-19 pandemic, fake shops, websites, social media accounts and email addresses claiming to sell these items have sprung up online.

But instead of receiving the promised masks and supplies, unsuspecting victims have seen their money disappear into the hands of the criminals involved.

This is one of several types of financial fraud schemes connected to the ongoing global health crisis which have been reported to INTERPOL by authorities in its member countries.

COVID-19 fraud schemes

Scams linked to the virus include:

Telephone fraud – criminals call victims pretending to be clinic or hospital officials, who claim that a relative of the victim has fallen sick with the virus and request payments for medical treatment;
Phishing – emails claiming to be from national or global health authorities, with the aim of tricking victims to provide personal credentials or payment details, or to open an attachment containing malware.

In many cases, the fraudsters impersonate legitimate companies, using similar names, websites and email addresses in their attempt to trick unsuspecting members of the public, even reaching out proactively via emails and messages on social media platforms.

“Criminals are exploiting the fear and uncertainty created by COVID-19 to prey on innocent citizens who are only looking to protect their health and that of their loved ones,” said INTERPOL Secretary General Jürgen Stock.

“Anyone who is thinking of buying medical supplies online should take a moment and verify that you are in fact dealing with a legitimate, reputable company, otherwise your money could be lost to unscrupulous criminals,” concluded the INTERPOL Chief.

Blocking and recovering fraudulent payments

Monetary loses reported to INTERPOL have been as high as hundreds of thousands of dollars in a single case, and these crimes are crossing international borders.

INTERPOL’s Financial Crimes Unit is receiving information from member countries on a near-daily basis regarding fraud cases and requests to assist with stopping fraudulent payments. Targeted victims have primarily been located in Asia, but the criminals have used bank accounts located in other regions such as Europe, to appear as legitimate accounts linked to the company which is being impersonated.

In one case, a victim in Asia made payments to several bank accounts unknowingly controlled by criminals in multiple European countries. With INTERPOL’s assistance, national authorities were able to block some of the payments, but others were quickly transferred by the criminals to second and even third bank accounts before they could be traced and blocked.

To date, INTERPOL has assisted with some 30 COVID-19 related fraud scam cases with links to Asia and Europe, leading to the blocking of 18 bank accounts and freezing of more than USD 730,000 in suspected fraudulent transactions.

INTERPOL has also issued a Purple Notice alerting police in all its 194 member countries to this new type of fraud.

Warning signs

If you are looking to buy medical supplies online, or receive emails or links offering medical support, be alert to the signs of a potential scam to protect yourself and your money.

Independently verify the company/individual offering the items before making any purchases;
Be aware of bogus websites – criminals will often use a web address which looks almost identical to the legitimate one, e.g. ‘abc.org’ instead of ‘abc.com’;
Check online reviews of a company before making a purchase – for example, have there been complaints of other customers not receiving the promised items?;
Be wary if asked to make a payment to a bank account located in a different country than where the company is located;
If you believe you have been the victim of fraud, alert your bank immediately so the payment can be stopped.
Do not click on links or open attachments which you were not expecting to receive, or come from an unknown sender;
Be wary of unsolicited emails offering medical equipment or requesting your personal information for medical checks – legitimate health authorities do not normally contact the general public in this manner.

Interpol.int (March, 2020) INTERPOL warns of financial fraud linked to COVID-19