Cyber Security centres worldwide warn that cyber security criminals are actively exploiting the coronavirus pandemic. While it is common for cyber criminals to attack during global events, the time and pace in which they are doing so is causing great concern. With social distancing measures enforced amongst our societies, many employees have been asked to work from home to ensure their safety. However , working from home is known to make employees more vulnerable to attack as discussed in our recent blog.
1. Distribution of malicious files
It appears that cyber criminals are distributing malicious files claiming to to hold information regarding the Covid-19 virus.
“They’re using mainly the fear that people have and the need for knowledge and using that for their types of attacks”
– Etay Maor
Interpol suggest that hospitals are under increased threat from cyber criminals looking to exploit them. For example in recent weeks they have large numbers of attempted ransomeware attacks which look to hold hospitals and other medical institutions digitally hostage until the ransom is paid.
2. Fraudulent offers of PPE
To further prevent the spread of Covid-19 hospitals rely on essential PPE equipment. Similarly, as lockdown restrictions begin to lift in several countries organisations are actively trying to make their workplace safe for their staff. Exploiting the vulnerability of such organisations, there have been cases of cyber attackers cloning PPE websites.
For example, According to Mc Cann and Fitzgerald the police in the republic of Ireland were investigating an irish national involved in an international PPE scam. The attackers had cloned the website of a reputable Dutch supplier with one german company proceeding to place a down payment of 1.5 million euros.
3. Formbook and Trickbot campaigns
According to Sentinel Labs the last 2 weeks have seen a rise in Covid-19 themed campaigns. For example Trickbot and Formbook. The formbook campaigns specifically target teachers and those working in educational institutes. These are phishing messages with trojanized applications for teachers. Like many cases, these attacks focus on obtaining personal data.
Simlarly, Trickbot phishing emails appear to have surfaced in the last 2 weeks. These focus on impersonating offical details such as the family medical leave act and other similar lures.
4. Phishing attacks- contact tracing
As Etay Maor said in the above quote cyber attacks are exploiting the fear of internet users during this pandemic. According to Matt Bennet, Asia Pacific and Japan vice president at VMWare Carbon Black phishing emails around contact tracing are a popular way of attackers delivering malicious files to a persons device.
“Basically you receive an email, which says ‘Hey, you’ve been in contact with patient X, we need to determine XYZ about you, please go to this portal,’”
Of course, these types of attacks are not new however it appears that they are more sucessful in the fearful times of the Covid-19 pandemic. Matt Bennet states that in a fearful climate people tend to do things that they probably shouldnt.
5. Impersonating video confercing apps
With working from home becoming the new norm for many, it appears that cyber attackers are actively ready to exploit these users. According to Check Point cyber criminals are now using fake Zoom domains for their phishing activities. In fact, in the last 3 weeks alone it is believed that up to 2,500 Zoom related domains were registered, 1.5% malicious with 13% raising suspiscion.
Of course with many organisations opting to use Google Meets and Microsoft Teams it appears that such platforms are been used to attack users too. In recent examples attackers claim a user had been added to a new microsoft team with the subject line as “You have been added to a team in Microsoft Teams“ alongside a malicious url.
Cyber Science 2020
With Cyber Science 2020 going virtual this June we would like to ensure you that we will actively trying to make our conference cyber safe. All links for our conferences will be placed in our exclusive Cyber Science members area and will not be displayed in a public forum. For more on how to mitigate risks of cyber attacks while working from home, check out one of our recent blog posts. With less than 3 weeks to go until our first virtual conference, tickets can be purchased below.