COVID-19 Threat Digest – 23 March 2020
- Papua New Guinea recorded its first case after a foreign mine worker tested positive. The country has now announced a two-week state of emergency, imposing stricter travel restrictions.
- Eritrea confirmed its first case after a 39-year-old Eritrean national arriving from Norway tested positive.
- The US reported a total of 35,070 cases, with half of the cases being in the state of New York. The US death toll is now at 458.
- Germany observed a significant rise in new cases, bringing the total to 26,220.
- Italy recorded a total of 5,476 deaths after a death toll of 651 in a single day.
- Spain’s death toll rose to 2,172 after a 26% increase on Sunday. The total number of cases is now at 33,089.
Outbreak Hot Spots US and Canada – new confirmed cases in the last 24 hours
Actions by Governments
The tests, described as a “gamechanger” by Prime Minister Boris Johnson, will start arriving in the UK over the coming weeks. In contrast to tests that detect whether an individual has contracted COVID-19, the new tests will determine whether someone has already had the virus, by looking for the presence of antibodies in their blood.
Wuhan residents can now begin returning to work if they are not displaying any symptoms and are able to provide a ‘green health code’, proving they are virus-free. The city plans to ‘gradually reopen’, with public transportation resuming soon. Non-residents will be able to start applying to leave the city.
All foreign tourists and transit arrivals will be banned for 14 days. Individuals arriving from Macau or Taiwan will be allowed in but will need to quarantine themselves. 8,600 restaurants, bars and clubs will be banned from selling alcohol. According to chief executive Carrie Lam, the risk of cross-infection is raised as people get ‘intimate after drinking’.
The lockdown will begin on Wednesday night, with everyone, except those working in essential services, to stay at home. The new measure is being implemented after the country’s total number of cases rose to 102.
Norway announced that the United Nations will create a fund to help developing countries with weak health systems in battling the crisis as well as helping them overcome long-term consequences.
The FBI’s New York office warned against extremist groups that are urging members to spread the virus via bodily fluids and personal interactions. Members are encouraged to visit places where they may come into contact with Jewish people. Some groups were also encouraging members to spread the disease to police officers using spray bottles.
Outbreak Hot Spots Europe – new confirmed cases in the last 24 hours
Actions by Companies
- Airbus are transporting vital supplies including medical gear during their aircraft test flights.
- Bed Bath & Beyond is closing all US stores, and scheduled to reopen on April 3rd, 2020.
- BHP, a multinational mining company, is ‘speeding up’ payments to suppliers from 30 days to 7 days.
- Carnival Corporation is offering their cruise ships to be used as temporary hospitals.
- Cisco is donating $8million in cash and $210million in products to coronavirus-related causes.
- Costa, a UK-based coffee chain, are temporarily closing all of their cafes.
- H&M are closing all of their UK based stores. Their suppliers are now producing personal protective equipment for medical staff.
- IBM, Microsoft, Amazon and Google are donating computing power to help process datasets and perform complex simulations.
- Maruti, an Indian carmaker, is halting its operations, and will resume when the government allows them to. Other carmakers in India such as Mahindra, Hyundai, Honda, Toyota, Tata Motors and Jeep are also following suit.
- McDonald’s are closing all 1,270 of their UK restaurants.
- Nando’s, a UK-based restaurant, are closing all of their restaurants until further notice.
- Netflix is creating a $100million fund to support the production industry and its workers.
- Oil Search, an oil and gas exploration company, have suspended some of their activities after confirmation of the first case in Papua New Guinea.
- Philips are increasing their production of critical health technologies.
- Primark are closing all of their UK stores until further notice.
- Qantas have closed all of their airport lounges, both in Australia, and overseas.
- Samsung and LG are both temporarily closing their production facilities in India. Samsung plan to reopen on March 25th, 2020, and LG plans to reopen at the end of March.
- Singapore Airlines have grounded most of their fleet, cutting their capacity by 96%.
- Smiths Group is increasing their production output of the PARAPAC Plus ventilators.
- SK Telecom, a South Korean telecoms operator, is going to provide the Gyeongbuk Provincial Police agency access to Geovision, a big data-based real-time floating population analysis service.
- Subway are closing all of their UK stores until further notice.
- Turkish Airlines have suspended the majority of their international flights, with only transfers to Hong Kong, Moscow, Ethiopia, New York and Washington D.C. still running. They will resume operations on April 17th, 2020.
- Vestas, a producer of wind turbines, have resumed their blade production operations in Spain after compiling with health and safety guidelines.
- Volkswagen are temporarily closing two of their production plants in Mexico. They are also exploring the possibility to switch their production lines to produce hospital ventilators.
- Volvo is temporarily closing their production plants in Belgium, Sweden and the US.
Having previously stated that he hopes to host the Olympics as normal, Prime Minister Shinzo Abe noted on Monday that he doesn’t believe the world is ready to do so. The International Olympic Committee will decide in four weeks whether to cancel or postpone the games.
OECD Secretary General Angel Gurria said that the economic shock from COVID-19 is already larger than that of the 2008 financial crisis. Many of the world’s largest economies are expected to fall into recession over the coming months. He has urged governments to do whatever it takes to ensure that testing and treatment of the virus takes place.
Prime Minister Viktor Orban will ask parliament to extend the current state of emergency. The government has also submitted a bill that gives it the power to suspend laws and pass additional decrees. The proposal will allow it to keep special decrees in effect even if parliament does not meet again in 2020.
Although central banks in the developed world have cut interest rates in response to COVID-19, the borrowing costs for developing countries have increased, even as tourism revenue falls. Tim Jones, the policy head at Jubilee Debt Campaign, stated that immediate action is needed to prevent a debt crisis.
Drugs, Treatments & Vaccines
The Board aims to impose a new rule that will require pharmacists to only prescribe two antimalarial drugs, hydroxychloroquine and chloroquine, to patients who tested positive. The prescription will also be limited to a 14-day supply with no automatic refills.
Gilead Sciences has said that it will stop accepting ‘compassionate use requests’ for the experimental drug Remdesevir amid ‘overwhelming demand’. The company will make exceptions for pregnant women and children experiencing ‘severe manifestations’ of COVID-19.
AbCellera’s platform for antibody discovery is being used by American pharmaceutical company Eli Lilly and Co. to develop a new drug for treating COVID-19. The company aims to be testing new therapies on patients within the next four months.
Vir Biotechnology is asking for residents from five US epidemic hot spots to donate blood if they have recovered from the virus. The company hopes to use the blood samples, ideally from a total of 100 donors, to isolate antibodies for creating a vaccine and a treatment.
Security researchers at Malware Hunter Team identified phishing emails that contained a coronavirus-themed attachment that installed Netwalker ransomware onto the target’s device. The ransomware, which has recently been used against Toll Group and the Champaign Urbana Public Health District, encrypts files on infected machines.
The variant of Netwalker used in this attack does not terminate the Fortinet endpoint protection client. Vitali Kremez speculated that the attackers could disable the anti-virus protection from the administration panel while keeping Fortinet endpoint protection client running so as not to alert victims.
Researchers at Zscaler discovered a new multi-stage campaign targeting Brazilian users, in which users are sent a macro-based PowerPoint file that supposedly contains a list of hotels and inns infected with coronavirus. The downloaded file is disguised as a MP3 file extension.
The malicious file delivers njRAT, which the attacker has leveraged from a GitHub repository linked to the GitHub account NYANxCAT. In addition to collecting basic system information, the malware also runs a keylogger subroutine.
On March 20th, 2020, the FBI’s Internet Crime Complaint Center warned users to be aware of coronavirus themed scams. The agency warned the public about phishing scams, malicious advisory attachments disseminated through emails, and counterfeit equipment and treatments.
Section Chief Herb Stapelton stated that attacks targeting users in the US primarily came from those living outside of the country. Stapelton also said that attackers are targeting states that have been more heavily impacted by coronavirus, such as New York, California, and Washington.
The researchers found that malicious reports related to coronavirus rose from 1,448 in February 2020, to 8,319 by March 16th, 2020. It appears that attackers are expanding their campaigns to focus on geographic regions most impacted by the virus. The largest number of malicious reports for March have so far been registered in Italy, followed by the US, Turkey, France, and the UK.
Attackers have been targeting government institutions, the most popular of which have been education departments, health departments, and fire services. Attacks in the healthcare sector have been directed against hospitals and clinics, pharmaceutical institutions, and companies who distribute medical equipment.
One of the campaigns seen by the researchers attempted to deliver malware to healthcare services in Thailand. The email purports to come from the Thailand Establishment of National Institute of Health. The message contains an attachment which claims to be virus information, yet in actuality the attachment installs the infostealing NanoBot trojan onto the target’s device.
The UK Local Government Association warns of an increase in scams linked to the coronavirus outbreak. Rotherham Council stated that a worker accidentally clicked on a spam email with ‘COVID-19’ as in the subject field. This resulted in automatic emails being generated. The council’s systems are not believed to be compromised. Middlesbrough Council also reported being targeted with fake emails.
Action Fraud found that, since the beginning of February, victims have lost £960,000 in 105 coronavirus-linked cases. Many of the cases involved victims signing up for mail-order sanitisation products they never received. In addition, the National Fraud Intelligence Bureau recorded 200 cases of fraudulent emails.
Researchers at Cofense discovered a campaign that delivers an ODP file that appears to be a PPT file purporting to contain information on coronavirus. The attackers were using the file in order to deliver a link to a malicious website. The researchers stated that this is the first time they have seen an ODP file type used in a phishing email.
Researchers at Malwarebytes have reported that attackers are delivering NetWire RAT in emails that purport to come from the World Health Organisation (WHO). The email uses the WHO logo and claims to come from Dr. Stella Chungong.
Malwarebytes also provided a rundown of other recently covered coronavirus-themed attacks that are being used to deliver malware. Details of these campaigns are available via Malwarebytes.
Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.