Threat Reports

COVID-19 Threat Digest – 24 March 2020

New Cases/Deaths

  • Myanmar confirmed its first two cases after two Myanmar nationals tested positive. One of the individuals had travelled from the US, while the other returned from the UK.  
  • Spain saw its highest single day death toll after 514 people died within the past 24 hours. The total death toll is now at 2,696 with a total of confirmed cases at 39,637.
  • Iran recorded 1,411 new cases and 127 new deaths on Monday. The total number of cases is now 24,811.
  • The US experienced its highest single day death toll after 140 people died on Monday. On the same day, the number of cases rose by 10,168, with the country total now at 46,168. So far, 16 states announced they will impose stay-at-home orders, effective from Wednesday.

Outbreak Hot Spots Middle East – new confirmed cases in the last 24 hours

 

Actions by Governments

Mexican president vows to prioritise poor in COVID-19 response

President Andres Manuel Lopez Obrador stated that the government’s response would focus on the poor and vulnerable rather than  ‘rescues in the style of the neo-liberal period that provided for banks, big companies.’ The government has not yet issued travel bans or orders to self-isolate, but has banned large events and recommended social distancing.

 

PM Boris Johnson orders UK lockdown

The lockdown will be enforced by the police. All gatherings of more than two people are banned, excluding gatherings of people from the same household. Individuals are only allowed to leave their home to shop for basic necessities, do one form of exercise per day, provide care for vulnerable people and travel to and from work, if it cannot be done from home.

 

France announces stricter lockdown measures

PM Edouard Philippe announced tougher lockdown measures that include a limit on outdoor sports, ban of open-air markets, and curfews. Additionally, the use of chloroquine to treat the virus has been stopped until further clinical trials deem it satisfactory. The only exception is the treatment of patients with severe cases.  

 

South Africa prepares for 3-week lockdown

The new measure will be effective from midnight on Thursday, March 26th to midnight on Thursday, April 16th. All non-essential shops are to be closed and people will only be able to leave their homes to seek medical care, buy food or collect social grants. Soldiers will be deployed to support the police in patrolling streets.

 

Dutch government increase lockdown measures

The Dutch government has toughened the country’s lockdown. Gatherings of more than three people will now be dispersed, excluding members of the same household. The ban has now been extended to June 1st.  

 

Australia begins lockdown measures

Australian lockdown measures came into effect on 23 March, closing all non-essential services. 1,700 passengers on board a Swiss-owned cruise ship, MSC Magnifica, have also been denied entry into the country after 250 passengers reported respiratory illnesses.

 

Germany launches €750 billion package to reduce impact of outbreak

The package is to support families, renters, employees, freelancers and companies. The cabinet has also approved a supplemental budget of €156 billion in new borrowing. This is the first time in six years that Germany has taken on new debt. 

 

Heat has been filtered on Coronavirus-related news for the 24 hours leading up to a stock market close. The size of the bubble indicates the volume of articles.

Heat measures the attention a country gets in the news for 24 hours vs media’s average daily reporting on such a country. Above/below 100% = more/less than usual.

The stock market changes are based on the most recent closing levels of major stock market indices.

 

Actions by Companies

  • AT&T’s CEO Randall Stephenson has said that the increased number of people working from home has added strain on their broadband network.
  • Australian banks NAB, Westpac and Commonwealth have all closed branches.
  • Boeing factories in Washington state have closed for two weeks.
  • Dollar General is hiring 50,000 new employees in the US to meet demand.
  • Carlsberg Malaysia have temporarily closed their brewery in the country.
  • China Construction Bank has donated 20,000 facemasks to Budapest’s State Health Centre in Hungary.
  • Ford Motor Company have closed their production plants in South Africa, India, Thailand and Vietnam.
  • Greggs, the largest bakery chain in the UK, have closed all branches across the country.
  • IKEA Austria has donated 50,000 surgical face masks to doctors and hospitals in the country.
  • India Yamaha Motor have suspended their manufacturing operations within the country until March 31st, 2020.
  • Japan Airlines are significantly reducing their international routes from March 29th until April 30th, 2020.
  • Mazda is suspending their manufacturing operations in Japan, Mexico and Thailand for up to two weeks, and will subsequently operate their Japanese factory in 8-day stints until April 30th, 2020.
  • McDonald’s are closing all of their New Zealand restaurants at 8PM on March 25th, 2020. They have also closed all but five of their Israeli branches.
  • Morrisons, a UK-based supermarket, is in the process of installing protective screens at checkouts across all of their stores.
  • MTU Aero Engines, a German aircraft engine manufacturer, is suspending operations across their manufacturing facilities in Munich, Germany and Rzeszow, Poland, for three weeks starting March 30th, 2020.
  • RBC Royal Bank has closed three Trinidad branches, and they are adjusting their hours across the Caribbean to promote social distancing.
  • Rolls-Royce Motor Cars have suspended production for two weeks.
  • Saudi Electricity Company has said that customers will not be cut off if they fall behind on their bill payments.
  • Sports Direct, a UK-based sports chain, have closed all of their stores, shortly after announcing they would remain open.
  • TD Bank are closing some of their branches and reducing the hours of others in Canada.
  • UBS Group AG, a Swiss investment bank, has announced that they will make several billion francs available to Swiss corporate clients as a result of the pandemic.
  • Unilever Ghana have provided hygiene products to hospitals and research facilities across the country.
  • Woolworths, an Australian supermarket, has installed protective glass for cashiers at their branches.

 

Geopolitics

UN chief calls for ceasefire

United Nations Secretary-General António Guterres has called for a global ceasefire so that countries can work together to fight COVID-19. The appeal came during a virtual press conference on UN Web TV.

 

Guterres has also asked for $2 billion in humanitarian aid to be set aside for poorer countries fighting the virus. He has written to the G20 to request better coordination on an effective response, especially with regards to preventing COVID-19’s spread in the developing world.

 

Chinese government urged to allow American journalists back into country

In an open letter, the New York Times, Wall Street Journal and Washington Post have asked the Chinese government to reconsider a decision to expel the papers’ journalists from the country. The move was retaliation for the State Department’s recent decision to cap the number of Chinese nationals employed at five Chinese media groups at 100. The groups were recently designated as foreign missions, meaning that they will be treated as extensions of Beijing’s government.

 

Iran expels MSF humanitarian team

Iran has rejected aid from humanitarian group Medecins Sans Frontieres and expelled the emergency team of nine and the 50-bed inflatable hospital sent to the country on monday. An advisor to Iran’s health minister thanked MSF but stated that there was no need ‘for hospital beds set up by foreign forces’.

 

Iran tells US to lift sanctions, EU will send aid

Iranian President Hassan Rouhani has told the United States to lift sanctions if it wants Iran to fight COVID-19, stating that ‘Your offer of help is the biggest lie in history’. On March 22, Supreme Leader Ayatollah Khamenei rejected assistance from the US; the latter had made it clear that sanctions would not be lifted, despite the outbreak. The EU will send €20 million in humanitarian aid to Iran over the next two weeks, and has agreed to support the country’s request to the IMF for financial support.

 

Olympics officially postponed

Prime minister Shinzo Abe and the International Olympic Committee have agreed to postpone the Tokyo Olympics by one year.

 

Donald Trump wants to reopen economy in weeks

The president is concerned about the impact of the virus on the economy, and refused to confirm that he would follow the advice of public health authorities if they deemed it necessary to continue restrictive measures. He said that he expected life to return to normal soon, and implied that this meant a matter of weeks rather than months.

 

WHO chief thanks Saudi Arabia for aid to Yemen

Tedros Adhanom Ghebreyesus noted that unity was important during the ongoing crisis, and thanked Saudi Arabia for airlifting supplies to Aden and Sana’a.

 

Drugs, Treatments & Vaccines

New York to begin trials of plasma and antibody tests

Governor Andrew Cuomo announced that the state will begin trialling two new medical interventions. Firstly, blood plasma transfusions collected from COVID-19 patients will be tested for use on critically ill patients. Secondly, the state will focus on trialling an antibody test that could mean people would be able to return to work if their blood contained COVID-19 antibodies.  

 

San Diego scientists look for virus survivors whose blood might help in treatment

Scientists from Scripps Research and UC San Diego are looking for COVID-19 survivors willing to donate blood that would be screened for antibodies. If potentially useful antibodies are found, they will be cloned to produce a significant amount of research-grade antibodies.

 

Cybersecurity Impact

BlackNET RAT distributed via coronavirus-themed website

Researchers at Malwarebytes discovered a website that promotes a digital anti-virus that supposedly protects users against the actual COVID-19 virus. In actuality, the fake application delivers BlackNET RAT onto the target’s system. The malware, which is packed with the legitimate commercial packer Themida, is capable of stealing passwords, executing scripts, deploying DDoS attacks, and more.

 

Researchers analyse various APT campaigns using coronavirus-themed lures 

Researchers at Anomali observed a coronavirus-themed campaign targeting Taiwanese and Vietnamese users between late February and mid-March 2020. They have linked the campaign to Mustang Panda. Check Point Research also reported on a similar campaign targeting the Mongolian public sector around the same time. 

Another observed campaign uses C2 infrastructure that overlaps with the Korea-based APT group Higaisa. The campaign involves a lure document downloaded from the official World Health Organisation website, and is likely used to target English-speaking users. 

The researchers also observed mobile malware being spread via an Android application that updates COVID-19 statistics. Whilst the application does work as intended, it also downloads SpyNote RAT in the background. The Cerberus banking trojan was also observed being spread via websites supposedly containing information on coronavirus. 

 

Attackers hijack routers’ DNS setting to redirect users to malicious coronavirus applications

BleepingComputer reported that hackers are accessing routers’ DNS settings and altering them in order to redirect targets to a website that promotes a coronavirus-themed information application. The malicious application, which supposedly comes from the World Health Organisation, delivers Vidar malware onto the target’s device. It is not currently known how attackers are accessing the routers, however some users have stated that they were using a router with weak administration passwords.

 

Health insurance coverage lures use coronavirus theme 

Researchers at PhishLabs observed two new coronavirus-themed phishing campaigns using health insurance coverage as a lure to lead users to malicious sites and steal their Microsoft Office 365 login credentials. The first involves an email that appears to have been delivered from the victim’s health insurance provider, informing them of a recent purchase of ‘COVID-19 coverage.’ The second campaign, using a fake secure DocuSign notification and a spoofed sender address, claims to have information about the victim’s company’s health insurance plan, such as whether COVID-19 testing is covered. 

 

HHS[.]gov open redirect is used by hackers in coronavirus-themed malware attack

Security researcher SecSome discovered that an HHS[.]gov open redirect, which is connected to the website of the US Department of Health and Human Services (HHS), is being used to push malware payloads to victims by using coronavirus-themed phishing emails. The open redirect is present on the subdomain of HHS’s Departmental Contracts Information System. The redirect is used to link to a malicious attachment that downloads and executes Raccoon malware, which is capable of stealing credit card information, cryptocurrency wallets, browser data, and more.

 

World Health Organisation targeted in unsuccessful cyberattack 

Cybersecurity expert Alexander Urbelis observed an attempted attack on the World Health Organisation (WHO), after discovering a group of hackers activating a malicious site imitating the legitimate WHO internal email system on March 13th, 2020. WHO’s CISO Flavio Aggio confirmed the hacking attempt, stating that it had been an unsuccessful attempt to steal passwords from WHO staffers. Aggio added that hacking attempts and other cybersecurity incidents have more than doubled since the coronavirus outbreak. 

 

Global law enforcement operation targets counterfeit medicines sold online 

Authorities around the world seized nearly 34,000 counterfeit surgical masks as part of Operation Pangea, which was coordinated by INTERPOL and supported by Europol. The masks had become the most commonly sold medical product online. The operation revealed the high number of fake or illicit medical products being sold related to COVID-19, with more than 2,500 links taken down and 37 organised crime groups dismantled. 

 

Although Silobreaker has relied on what it regards as reliable sources while compiling the content herein, Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of such content and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content herein.

More News

  • COVID-19 Threat Digest – 07 April 2020

              Actions by Governments Belgium announced new measures to support both workers and those unemployed during the crisis. Chile stated...
  • Cyber Alert – 07 April 2020

    Cyber Alert: Ask the Experts: How can we help organizations report data breaches?...
  • COVID-19 Threat Digest – 06 April 2020

           Actions by Governments Greece extended its nationwide lockdown until April 27th. Guatemala banned domestic travel and all recreational activities, including the...
View all News

Request a demo

Get in touch