11 Oct Cyber Threats during the Covid-19 Pandemic
These are the most common cyber threats during covid-19 times
The Covid-19 pandemic was a curveball that led to a global crisis on a number of fronts including cyber security. When a crisis emerges criminals are on the forefront to exploit such situations, both in the offline and digital world. Prevention and awareness are the two most efficient methods to counteract such malicious actors.
The pandemic brought around change, expedited change, which led to cybercriminals to capitalise on these changes. The Covid-19 outbreak led to more hours online and a rapid shift to remote working of entire workforces. Cyberthreats evolved fast to take advantage of online behaviour and trends.
Cyber Threats that plagued the digital world during the pandemic
Cyber criminals exploited weaknesses brought about by the new challenges of remote working and the emotional rollercoaster of users. Attacks were in general devastating with victims, both individuals and corporate, losing funds and falling victim to data breaches.
Following are the main Cyber Threats that gained notoriety during the pandemic.
Malicious Email Campaigns
Pre-Covid email was already the biggest threat vector for individual users and businesses, and during the pandemic its use increased exponentially by cyber criminals mostly for phishing scam campaigns.
Several emails with infected attachments disguised as a legit map of the virus outbreak were circulated worldwide. The malware infected unpatched operating systems paving the way for hackers to exploit such weaknesses. Various Covid-19 themes were (and are still being!) used to enhance the click-rate of these campaigns. Popular themes were health advice from official health departments, latest news and reports about the pandemic. Emails either included links to malware-infected fake websites or malware attachments. The malicious attachments range from keyloggers to ransomware and anything in between.
Another trending theme was the advertisements of corona virus related products such as facemasks and hand sanitizers. Emails would have a link to a malicious web shop that steals credit card information (and gathers other personal information) or sells fake medical supplies. The volume of Covid-19 related emails by far is the highest ever experienced in Cyberspace. Users are concerned, so they click without thinking about the legitimacy of the sender and the links within the email message. Similarly, in the past, cyber criminals had used HIV related emails with fake test results to target sectors such as healthcare and insurance.
These malicious actors have a clear strategy – that of benefitting from the health-related alarm factor and the generic panic caused by the pandemic. Receivers of these emails will have the perception that these emails are a means of help and a source of information. Emails are often personalised to generate more curiosity from the receiving end. Personal data would have been acquired through data hacks, databases transacted in the Dark Web or from public sources.
The spread of Malware
Cyber criminals masked malware, spyware and Trojans and embedded them in websites and spam emails tricking users to click on links that download malware on their devices (computers and smartphones). The level of unknown is high so users in general were eager to discover more and learn more about the virus, so click-throughs tended to be on the high side.
Health institutions became a prime target by cybercriminals for ransomware attacks. The rationale behind such attacks is that since these entities were overwhelmed, they wouldn’t be in a position to be locked out of their systems and thus hackers believed they would be more likely to pay the ransom money. Workers at health entities were overworked therefore more prone to human error in the form of clicking through infected links, downloading infected attachments, not changing credentials periodically and sharing personal information.
Hacking groups registered a vast amount of domains that include trending keywords such as ‘covid19’, ‘covid-19’, and ‘coronavirus’. Subsequently thousands of websites were launched on a daily basis to carry out spam campaigns, spread malware and phishing. These sites have ill-intentions and mostly include fake news content. It is estimated that around 9000 domains were activated with the Covid-19 theme since Q1 2020. Some of these sites are spoof sites which impersonate official websites such as a health department or a disease control centre. A common trend was that of asking for bitcoin payments to get a preferential timeline for the vaccine.
Another common practice of cyber criminals was to create these websites that are full of malware programmes that exploit vulnerabilities of operating systems and steal data such as credit card numbers, bank account details and so on. A spike was also seen in malicious software gathering cryptocurrency wallets data. Lastly, these domains had websites publishing adverts of fake services and products. A strong fake campaign, set up by hackers, asked users to donate their computing power towards Covid-19 research.
Malware via Social Media and Chatting Apps
The use and reliance on social media and chatting apps has grown exponentially. On a regular basis people use these means to consume information and news, communicate with their circle of friends and relatives and for work. This led to malicious actors launching regular campaigns contextualised around the Covid-19 theme, always putting click-bait. Some studies estimate that Whatsapp, Facebook, WeChat and Instagram experienced a 40% increase in overall usage.