- Security TWENTY
- Women in Security
Cyber criminals are opportunistic and will look to exploit people’s fears, and this has undoubtedly been the case with the coronavirus outbreak, according to the UK official National Cyber Security Centre (NCSC). For example, bogus emails claim to have important updates, only once links are clicked on, lead to devices being infected.
Paul Chichester, Director of Operations at the NCSC, said: “Our advice to the public is to follow our guidance, which includes everything from password advice to spotting suspect emails. In the event that someone does fall victim to a phishing attempt, they should look to report this to Action Fraud as soon as possible.”
The NCSC says that it has seen an increase in the registration of webpages relating to the virus. These attacks are versatile and can be conducted through various media, adapted to different sectors and monetised via multiple means, including ransomware, credential theft, bitcoin or fraud, according to the NCSC.
Among examples, in February, the World Health Organisation (WHO) warned of fraudulent emails sent by criminals posing as the WHO. This followed a warning from the US Federal Trade Commission about scammers spreading phishing ‘clickbait’ via email and social media, as well as creating fraudulent websites to sell fake anti-viral equipment. Also impersonated is the US Center for Disease Control (CDC), whereby scammers have created domain names similar to the CDC’s web address to request passwords and bitcoin donations to fund a fake vaccine.
Jake Moore, at the cyber-security company ESET, said: “The spread of fear is just as contagious as COVID-19 and people are falling for these scams in panic mode. Cyber criminals are relying more on social engineering, which is the practice of deceiving or manipulating someone. Right now this tactic is proving very popular; people feel they have limited time to research the background and validation of sites. Panic is a psychological feeling that threat actors use widely, especially when there is a pandemic. I’m also seeing a huge increase in texting scams. I’ve seen employees targeted with texts which are supposedly from their boss, requesting that they send Amazon vouchers to their business partners to apologise for business inconvenience. Employees need to verify these requests by phoning their management on the number they know to be correct before any financial transactional is made.”
Jens Monrad, Head of Mandiant Threat Intelligence, EMEA, at the cyber firm FireEye says that since January, the firm has noticed both cyber-criminals “and what we believe are state-sponsored espionage campaigns using COVID-19 / Coronavirus themed lures in phishing emails. We encourage users to remain vigilant about socially engineered campaigns and disinformation related to the coronavirus. People should use government trusted sources for any information related to the current situation and, in the cases where they receive coronavirus related emails and were not expecting them, they should carefully examine why they are receiving them and consider not engaging with the emails.”
And Sherrod DeGrippo, Senior Director, Threat Research and Detection at Proofpoint says: “For more than five weeks our threat research team has observed numerous COVID-19 malicious email campaigns with many using fear to try and convince potential victims to click. Criminals have sent waves of emails that have ranged from a dozen to over 200,000 at a time, and the number of campaigns is trending upwards. Initially we were seeing about one campaign a day worldwide, we’re now observing three to four a day. This increase underscores just how appealing global news can be for cybercriminals.
The COVID-19 lures we’ve observed are truly social engineering at scale. They know people are looking for safety information and are more likely to click on potentially malicious links or download attachments. Approximately 70 per cent of the e-mails Proofpoint’s threat team has uncovered deliver malware and a further thirty per cent aim to steal the victim’s credentials. Most of these emails are trying to steal credentials using fake landing pages like Gmail or Office 365 and ask people to enter their username and password.”