Cybercriminals have always used major news events as a trigger for campaigns and the COVID-19 Coronavirus outbreak is an opportunity like never before. It’s a unique set of circumstances on an unprecedented scale – ripe for exploitation by anyone with malicious intent.
Right now, many businesses are having to adapt to rapidly evolving restrictions; others are struggling just to survive. Not surprisingly, security might not be foremost in their minds. Yet there are growing signs that it’s business as usual for cybercrime, even though it’s anything but for everyone else.
Europol has warned that criminals will look to profit from the pandemic. In a new report, it said the number of cyberattacks against organisations and individuals is likely to increase. “Criminals have used the COVID-19 crisis to carry out social engineering attacks themed around the pandemic to distribute various malware packages,” Europol said.
Reporting from the front lines
Researchers at Proofpoint have seen attackers using the crisis as a pretext for launching business email compromise attacks. They’ve also identified Coronavirus-themed credential phishing attacks and spam campaigns.
Recorded Future has observed “an extensive list” of malicious actors using phishing scams and similar techniques. It has published a report from its investigation into technical threats that have emerged from COVID-19.
Similarly, Malwarebytes tracked Coronavirus-themed updates and advice that criminals have made to look like they come from official sources. Again, this is a classic psychological ploy that works on two levels. It preys on people’s natural hunger for information during a rapidly unfolding global news event. It also exploits their trust in familiar names. Mocking up messages to seem like they’re from the World Health Organisation, for example, makes it more likely that people will click the links or attachments. Those lures then infect victims’ with malware or steal their login details.
Another tactic is to appeal to people’s decency and impersonate charities or other figures to steal money. RTE reported that scammers set up a fake Instagram account using the name of singer Daniel O’Donnell, with a bogus appeal for donations to help fight Coronavirus.
Taking extra care
Businesses and organisations need to be extra vigilant for risks at a time like this. With widespread restrictions on movement during COVID-19, many people are working from home – often for the first time. Greater numbers of people connecting remotely to their companies’ systems is creating more ways for criminals to attack, Europol said.
What’s more, most people’s focus is understandably elsewhere at a time like this. They might be struggling to get their regular work done, dealing with connectivity issues, VPN problems and login difficulties. They might be balancing home schooling duties with work or keeping in touch with extended family who may be vulnerable. From the cybercriminals’ perspective, that adds up to ideal conditions to exploit for their own gain.
As BH Consulting CEO Brian Honan told InfoSecurity magazine: “In normal circumstances when you’re working from home you may have a dedicated office space, the children may be at school and your partner may be working elsewhere… During a pandemic, people are a lot more distracted, stressed out, worried and anxious for information, so it’s not really working from home: it’s working through a pandemic. Criminals will be leveraging off that.”
Health hazard: the ransomware risk for hospitals
Hospitals and healthcare organisations are especially vulnerable because their resources are understandably focused on dealing with the pandemic. Data Breach Today reported that malware including ransomware attacks are continuing against healthcare groups. “Some of those facilities are not only treating patients with the disease but also serving as frontline virus-testing labs,” it said.
A big risk for hospitals is becoming infected with crypto-locking malware that could cripple their ability to provide critical services just when they’re needed most. In the Czech Republic, a cyberattack on Brno University Hospital forced the hospital to shut down its entire IT network. It also had to postpone urgent surgical interventions and re-route new acute patients to a nearby hospital.
Panic is my business, and business is good
Brian Honan also commented for the Data Breach Today article, noting that COVID-19 is a business opportunity to criminals. “Every time there is a crisis we can see that cybercriminals are in reality ruthless and heartless individuals looking to inflict suffering on their victims in whatever way they can, and if a global crisis, such as COVID-19, plays to their advantage they will do so,” he said.
“I expect many medical facilities and emergency services will be targeted by criminals with ransomware attacks demanding large ransoms as the criminals know how critical those services are now,” Brian added. “We should not relax any of our defences but be more aware of criminals looking to leverage the crisis to spread misinformation, set up scams, launch phishing attacks and launch cyberattacks. Contrary to popular belief, there are no common, decent criminals in the online world.”
Even though some distraction is a natural response at times like these, no-one can drop their guard. If anything, the COVID-19 crisis calls for higher levels of vigilance and security awareness from everyone. A little extra care when opening emails or clicking on links will go a long way. That way, the only virus we need to focus on is the one harming people, and not our IT systems.