Cybercriminals Turn to Fake News, COVID-19 Hoax Websites & Email Scams
The spread of COVID-19 has led to a significant increase in cyber-attacks – cybercriminals are exploiting this ongoing global health emergency. They are launching more attacks using a host of scams, most notably fake news, ransomware and phishing campaigns, and fake COVID-19 websites. For anyone working in cybersecurity, this was expected, but for the general public, this has come as an unwelcome surprise. My firm, 4iQ, tracked cybercrime during COVID-19 and compiled the most salient findings into our recently released COVID-19 Threat Report. Simply put, as long as this pandemic continues to spread, we all must take heightened cyber precautions and be alert for exploitative threat actors.
Fake news, otherwise known as hoax news, made its way into every American’s vernacular leading up to the 2016 U.S. presidential election. Under the guise of authenticity, false information or propaganda about COVID-19 has circulated widely in recent months. Examples of misinformation include the promotion of fraudulent products that claim to “cure, treat, or prevent COVID-19,” which haven’t been evaluated by regulators for safety and effectiveness; ongoing social media campaigns that sow seeds of doubt regarding the severity of this novel virus and in some cases deny the very existence of the pandemic; and conspiracy theories surrounding the origin of the pandemic.
Learn More: Best Practices to Fight Phishing & Strengthen Cybersecurity in COVID-19 Era
Phishing campaigns have increased these past few months, as cybercriminals continue to fabricate virtual messages from legitimate organizations to capture the personal information of unsuspecting victims. These attacks sometimes target high-level employees with public-facing email accounts for these scams. For instance, we have observed victims in high-level finance roles, who are typically responsible for wire transfer payments on behalf of their company. Cybercriminals have impersonated the CEO of a company and requested a wire transfer from these individuals.
To protect yourself against this type of scam, be vigilant. It’s important to know the signs of a phishing email, from unsolicited requests for financial information to poorly written emails from supposedly credible individuals or organizations. Once you’ve identified suspicious activity, forward it to the Anti-Phishing Working Group and report the attack to the Federal Trade Commission (FTC).
Since the onset of the coronavirus outbreak, we have observed a proliferation of registered suspicious coronavirus-themed domains. In fact, we analyzed over 2,400 domain names with COVID-19 themes and extracted the most common terms used for domain registration. These included “virus,” “coronavirus,” and “corona.” We also saw a particular interest in domains related to personal protective equipment, test kits, and vaccines.
Learn More: 8 Step Guide to Defeating Cyber Threats
Cybercriminals have also turned to the black market to sell masks and tests, as well as “vaccines.” For instance, a cure is for sale in the Empire Market, only available in the UK, for $1,244. Further, on deep and dark web forums, we saw a significant rise in the number of threads, items offered for sale, and hacking information related to COVID-19. The most popular threads at this time are Cybercrime, Databases & Leaks, and Carding & Fraud, respectively.
To best prepare for cybersecurity threats, it is important to go beyond just understanding the type of threat your organization is facing. You must identify who is behind the attack and their motives to appropriately respond to an attack. Identity attribution is key, because if you act quickly, you will better position your organization for future attacks.
Learn More: How to Maintain AWS Cyber Hygiene in Quarantine Era
Based on our research, we have categorized the most common threat actors into three groups: script kiddies, professional hackers, and state-sponsored hackers. Script kiddies are individuals who lack the technical skills and understanding to develop their own malicious code and instead make use of existing malware. Professional hackers are more sophisticated and rely on phishing as an initial attack vector. State-sponsored hackers are reportedly targeting western organizations that are researching COVID-19, compromising systems and performing reconnaissance.
Looking ahead, research suggests that a resurgence in ransomware attacks is likely, and Google recently published similar findings for state-backed hacking and phishing campaigns related to COVID-19. We are at an inflection point, not just for cybersecurity, but for the globe, and these attacks are not going away. Although COVID-19 hysteria is beginning to wane, we must continue to prioritize cybersecurity and combat these threats.
Let us know if you liked this article on LinkedIn, Twitter, or Facebook. We would love to hear from you!
