FBI warns of Kwampirs attacks, COVID-19 scams

Cybercriminals and nation-state actors alike are leveraging the COVID-19 pandemic to weasel personal informational, financial data, dollars and access to systems from their victims, from consumers to healthcare organizations and supply chain companies, the FBI warned this week in a pair of alerts.

For the third time in as many months, the FBI called out state-sponsored hackers who are using Kwampirs malware in supply chain and healthcare-related attacks. In a two-phase campaign the miscreants launch a broad attack on a network, where they’ve been found to reside for as long as three years, delivering and executing secondary malware payloads. During the second phase the campaign delivers additional Kwampirs components or malicious payloadsallow.

“The FBI assesses Kwampirs actors gained access to a large number of global hospitals through vendor software supply chain and hardware products,” the alert said. “Infected software supply chain vendors included products used to manage industrial control system (ICS) assets in hospitals.”

The frequent alerts portend a serious problem. “The fact that the FBI would be sending out a third warning in the span of three months means that now more than ever organizations should take security seriously and review their incident response plans,” said Dean Ferrando, systems engineer manager - EMEA at Tripwire. “The FBI is telling us that the threat is real and likely to hit soon. Organizations must make sure that their third-party suppliers are vetted and reviewed regularly, and should limit the access they provide to external contractors.”

In another alert the FBI warned consumers that "scammers are leveraging the COVID-19 pandemic to steal your money, your personal information, or both" through fake CDC and phishing emails and by offering counterfeit treatments or equipment."

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.