Coronavirus has been a boon for cybercriminals
Fake online shops, malware, phishing emails and ransomware attacks on hospitals have been among the scams perpetrated by bad actors during the pandemic
Credit: Alberto Pezzali/NurPhoto/PA Images
The UK was just a few days into lockdown when a senior officer at the National Crime Agency warned the public that “criminals are exploiting the Covid-19 pandemic to scam people in a variety of ways – and this is only likely to increase”.
That warning, from Graeme Biggar of the NCA’s National Economic Crime Centre – was the first of many that have been issued in the weeks since.
In any walk of life, crises are a fertile breeding ground for opportunism. And cybercriminals are an unusually opportunistic group to begin with.
The NCA’s initial warning, issued on 26 March, highlighted a number of potential threats it urged the public to look out for.
“Criminals are targeting people looking to buy medical supplies online, sending emails offering fake medical support and scamming people who may be vulnerable or increasingly isolated at home,” the agency said. “Reports from the public have already included online shopping scams where people have ordered protective face masks, hand sanitiser, and other products, which have never arrived and a number of cases have been identified where fake testing kits have been offered for sale.”
- Virtual voting, remote working and fake news – the tech legacy of coronavirus
- Cyber national security: how the UK has prepared itself for major attacks
- ‘The stakes feel higher but, with good practice, it need not be scary’ – NHS.UK design lead on responding to coronavirus
Fraudsters were also appropriating government branding, included some who purported to represent HMRC in phishing-scam phone calls, texts, and emails sent to citizens, according to the NCA.
In addition to exploiting people’s health and financial concerns, criminals also saw an opportunity in the sudden prevalence of homeworking.
“Huge increases in the number of people working remotely mean that significantly more people will be vulnerable to computer service fraud where criminals will try and convince you to provide access to your computer or divulge your logon details and passwords,” the NCA said.
It is often noted that cybercrime knows no boundaries and, not long after the warning from UK authorities, European agency Interpol issued its own guidance: “Cybercriminals are attacking the computer networks and systems of individuals, businesses and even global organisations at a time when cyber defences might be lowered due to the shift of focus to the health crisis.”
Interpol picked out several types of attack that bad actors might look to perpetrate in the midst of the pandemic.
The first was the use of “malicious domains”, with many criminals attempting to exploit those looking for information or assistance online by registering domain names including terms such as ‘coronavirus’ or ‘covid-19’.
The use of malware, through spam emails or embedding in online tools such as “interactive coronavirus maps and websites” was another attack method picked out by Interpol.
Perhaps most worryingly of all, the agency noted an uptick in healthcare facilities being targeted with ransomware – the same form of malicious program used in the WannaCry attack that brought huge disruption to the NHS in 2017.
“Hospitals, medical centres and public institutions are being targeted by cybercriminals for ransomware attacks – since they are overwhelmed with the health crisis and cannot afford to be locked out of their systems, the criminals believe they are likely to pay the ransom,” Interpol said. “The ransomware can enter their systems through emails containing infected links or attachments, compromised employee credentials, or by exploiting a vulnerability in the system.”
To help combat the increased threat, in April the UK National Cyber Security Centre launched its Cyber Aware campaign to provide advice to the public on how to stay safe online during the coronavirus pandemic.
The initiative sought to promote simple best practice, including six top tips: create a separate password for your email; create a strong password using three random words; save your passwords in your browser; turn on two-factor authentication; update your devices; and turn on backup.
The campaign came on the back of the NCSC having taken down more than 2,000 online scam operations during the opening weeks of the crisis.
This included 471 fake online stores purporting to sell coronavirus-related goods, 200 phishing sites, 555 sites distributing malware, and 832 frauds in which an initial payment is sought in return for a large sum of money.
"Criminals are seeking to exploit our greater use of emails, video conferencing and other technologies for their advantage. It’s despicable that they are using the coronavirus outbreak as cover to try to scam and steal from people in their homes."
Security minister James Brokenshire
To help it detect and disable even more threats, the NCSC also launched a service through which the public can report suspected phishing attempts and other suspicious emails, by forwarding the messages in question to email@example.com.
Security minister James Brokenshire said: “Criminals are seeking to exploit our greater use of emails, video conferencing and other technologies for their advantage. It’s despicable that they are using the coronavirus outbreak as cover to try to scam and steal from people in their homes. We all have a part to play in seeing they don’t succeed.”
Brokenshire urged the public to read the NCSC’s guidance and make use of the email-reporting service.
“They provide important new ways in which we can protect ourselves as well as our families and businesses,” he said.
Coronavirus has provided further proof, as if it were needed, that cybercriminals are also pretty good at finding new ways of doing things.
Whistleblower raised concerns about practice that went unheeded
Scottish institutions to work with consenting older citizens to track energy usage
Cabinet Office offers those affected a one-year subscription to a credit-checking service
Johnson and Dyson’s text exchange shows need for new rules, believe ex-cabinet secretaries
Higher Education institutions are some of the most consistently targeted organisations for cyberattacks. CrowdStrike explores the importance of the right cybersecurity measures.
With the backdrop of the COVID-19 pandemic, every disaster now entails responding to at least two emergencies. Dataminr explains how organisations can best prepare.
There are many reasons to keep your Oracle workloads running on local servers. But there are even more reasons to move them to the cloud as part of a wider digital transition strategy. Six Degrees...
Engage Process explains how to ensure that process remains at the heart of your management programs - and how to keep undue pressure from those processes