Cybercriminals exploit coronavirus vulnerabilities
Amidst the turmoil of the coronavirus pandemic, scammers and cybercriminals have been exploiting new areas of vulnerability. Remote working employees, businesses and health organisations alike have been experiencing a spike in threats to cybersecurity.
Over the past two months, cybercriminals and hacking groups have been exploiting vulnerabilities that have arisen as a result of coronavirus disruptions. Cybersecurity companies have seen a spike in coronavirus-related attacks, ranging from phishing scams, to malware attacks and fraudulent impersonations of governing organisations.
The Register reported that “coronavirus-related fraud reports have spiked by 400%” since February, according to UK police forces.
Google recently announced that it had blocked 126 million COVID-19 phishing scams over last week, with an average of 18 million being sent per day via Gmail – in addition to more than 240 million COVID-related daily spam messages.
According to Britain’s National Cyber Security Centre (NCSC) director of operations Paul Chicester, “The NCSC has seen an increase in the registration of web pages relating to the coronavirus, suggesting that cybercriminals are likely to be taking advantage of the outbreak”.
National Cyber Security Centre warnings
In a recent blog on these attacks, it the NCSC lists ransomware, credential theft, bitcoin, fraud and phishing scams as common modes of COVID-19 media targeted by fraudsters.
The NCSC has warned that coronavirus-related cyber attacks are likely to increase over the coming weeks, targetting the public’s heightened anxieties and increased need for information.
NCSC and the US Department of Homeland Security (DHS) have published a joint advisory on ‘exploitation by cyber criminal and advanced persistent threat (APT) groups of the current coronavirus disease 2019 (COVID-19) global pandemic’. Included is advice against mitigation, along with a list of primary indicators of compromise (IOCs) for detection.
The GCHQ-owned organisation has also recommended the public read NCSC general advice on mitigating malware and ransomware attacks and phishing attacks to help protect against more generic forms of hacking.
World Health Organisation fraud
Armen Najarian, chief identity officer at email security firm Agari, told the BBC, “We have seen a disproportionate amount of attack volume targeting [the healthcare] sector”. Even the World Health Organisation (WHO) has come under attack from cybercriminals.
“The WHO, as a brand, has been exploited for attacks to the enterprise [...] and we are seeing inbound attacks to the WHO reaching officials, impersonating municipalities that might need help”, said Najarian.
NCSC also warned against fraudulent emails impersonating the WHO “with links claiming to have important updates, which once clicked on lead to devices being infected." Others advertise the locations of nearby coronavirus cases for a fee where credentials are stolen when the email link is opened, before targets are able to pay for the ‘service’.
The BBC has been tracking several of the most successful COVID-19 phishing scams where official organisations have been impersonated.
Risks of working from home
Despite being warned not to use personal devices for work purposes, working from home cybersecurity practices are exposed to fewer restrictions and greater cyber risks than working from the office through the company’s network with regulated VPNs, endpoint verification and so on.
Those working from home are more likely to use personal devices to access business information. These devices are exposed to a wider variety of vulnerabilities, such as being shared with family members or having deficient cybersecurity tools like VPNs, firewalls and antivirus protection.
Malicious coronavirus disinformation campaigns
Organisations, such as the NHS have been working with social media companies like Facebook and Twitter to prevent the spread of fake news regarding the current pandemic. However, despite attempts to promote government news to the top of searches, disinformation campaigns on COVID-19 remain a current issue.
Zoom falsely advertises end-to-end encryption
Amongst a variety of criticism, video conferencing service Zoom has also faced a backlash from cybersecurity research group Citizen Lab. With its usage number jumping from 10m to 200m during the imposed government isolations, Citizen Lab published a report exposing the lack of security in the apps framework.
The report revealed that Zoom’s "network architecture makes it susceptible to pressure for data demands from Chinese authorities". The report also discloses that the app falsely claims to offer end-to-end encryption – a claim overtly advertised by Zoom.
Zoom admitted, "While we never intended to deceive any of our customers, we recognize that there is a discrepancy between the commonly accepted definition of end-to-end encryption and how we were using it."