Coronavirus has been a boon for cybercriminals
Fake online shops, malware, phishing emails and ransomware attacks on hospitals have been among the scams perpetrated by bad actors during the pandemic
Credit: Alberto Pezzali/NurPhoto/PA Images
The UK was just a few days into lockdown when a senior officer at the National Crime Agency warned the public that “criminals are exploiting the Covid-19 pandemic to scam people in a variety of ways – and this is only likely to increase”.
That warning, from Graeme Biggar of the NCA’s National Economic Crime Centre – was the first of many that have been issued in the weeks since.
In any walk of life, crises are a fertile breeding ground for opportunism. And cybercriminals are an unusually opportunistic group to begin with.
The NCA’s initial warning, issued on 26 March, highlighted a number of potential threats it urged the public to look out for.
“Criminals are targeting people looking to buy medical supplies online, sending emails offering fake medical support and scamming people who may be vulnerable or increasingly isolated at home,” the agency said. “Reports from the public have already included online shopping scams where people have ordered protective face masks, hand sanitiser, and other products, which have never arrived and a number of cases have been identified where fake testing kits have been offered for sale.”
- Virtual voting, remote working and fake news – the tech legacy of coronavirus
- Cyber national security: how the UK has prepared itself for major attacks
- ‘The stakes feel higher but, with good practice, it need not be scary’ – NHS.UK design lead on responding to coronavirus
Fraudsters were also appropriating government branding, included some who purported to represent HMRC in phishing-scam phone calls, texts, and emails sent to citizens, according to the NCA.
In addition to exploiting people’s health and financial concerns, criminals also saw an opportunity in the sudden prevalence of homeworking.
“Huge increases in the number of people working remotely mean that significantly more people will be vulnerable to computer service fraud where criminals will try and convince you to provide access to your computer or divulge your logon details and passwords,” the NCA said.
It is often noted that cybercrime knows no boundaries and, not long after the warning from UK authorities, European agency Interpol issued its own guidance: “Cybercriminals are attacking the computer networks and systems of individuals, businesses and even global organisations at a time when cyber defences might be lowered due to the shift of focus to the health crisis.”
Interpol picked out several types of attack that bad actors might look to perpetrate in the midst of the pandemic.
The first was the use of “malicious domains”, with many criminals attempting to exploit those looking for information or assistance online by registering domain names including terms such as ‘coronavirus’ or ‘covid-19’.
The use of malware, through spam emails or embedding in online tools such as “interactive coronavirus maps and websites” was another attack method picked out by Interpol.
Perhaps most worryingly of all, the agency noted an uptick in healthcare facilities being targeted with ransomware – the same form of malicious program used in the WannaCry attack that brought huge disruption to the NHS in 2017.
“Hospitals, medical centres and public institutions are being targeted by cybercriminals for ransomware attacks – since they are overwhelmed with the health crisis and cannot afford to be locked out of their systems, the criminals believe they are likely to pay the ransom,” Interpol said. “The ransomware can enter their systems through emails containing infected links or attachments, compromised employee credentials, or by exploiting a vulnerability in the system.”
To help combat the increased threat, in April the UK National Cyber Security Centre launched its Cyber Aware campaign to provide advice to the public on how to stay safe online during the coronavirus pandemic.
The initiative sought to promote simple best practice, including six top tips: create a separate password for your email; create a strong password using three random words; save your passwords in your browser; turn on two-factor authentication; update your devices; and turn on backup.
The campaign came on the back of the NCSC having taken down more than 2,000 online scam operations during the opening weeks of the crisis.
This included 471 fake online stores purporting to sell coronavirus-related goods, 200 phishing sites, 555 sites distributing malware, and 832 frauds in which an initial payment is sought in return for a large sum of money.
"Criminals are seeking to exploit our greater use of emails, video conferencing and other technologies for their advantage. It’s despicable that they are using the coronavirus outbreak as cover to try to scam and steal from people in their homes."
Security minister James Brokenshire
To help it detect and disable even more threats, the NCSC also launched a service through which the public can report suspected phishing attempts and other suspicious emails, by forwarding the messages in question to firstname.lastname@example.org.
Security minister James Brokenshire said: “Criminals are seeking to exploit our greater use of emails, video conferencing and other technologies for their advantage. It’s despicable that they are using the coronavirus outbreak as cover to try to scam and steal from people in their homes. We all have a part to play in seeing they don’t succeed.”
Brokenshire urged the public to read the NCSC’s guidance and make use of the email-reporting service.
“They provide important new ways in which we can protect ourselves as well as our families and businesses,” he said.
Coronavirus has provided further proof, as if it were needed, that cybercriminals are also pretty good at finding new ways of doing things.
PublicTechnology research shows a big spike in the number of contracts awarded to IT security specialists by public-sector buyers
Cabinet Office annual report shows digital agency also brought in more than £2m in extra revenue
The invalidation of the EU-US data-protection agreement could have major ramifications for UK organisations’ legal responsibilities
Use of kits supplied by Randox has been paused ‘until further notice’