Apart from the huge health and economic crisis that the COVID-19 pandemic is causing, this situation is deeply affecting the global panorama of cyber threats. This is evidenced by a report carried out by Interpol in which they surveyed 48 member countries and 4 private partners of said institution in relation to the consequences that this pandemic is having on cybercrime.
According to information provided by the partners of this police institution, between January and April of 2020, there were 907,000 spam emails, 737 incidents with malware and 48,000 malicious URLs detected, all of them related to COVID-19.
Cybercriminals are modifying their modus operandi in this crisis, replacing the attack on individuals for large companies, governments and essential infrastructures that, given the situation of overburdening and collapse, have become more vulnerable and profitable victims. However, this doesn't mean that private users are being spared from these attacks.
The proliferation of remote work is also another target of mass attacks, due to the need of companies and employees to rapidly implement remote applications, networks and systems.
As explained in a previous post cybercriminals are always active and monitoring different conditions that may facilitate their criminal activity, this crisis being one of the most profitable for the criminal world since the origin of cybercrime.
This pandemic will continue to accompany us in the coming months, so it's very possible, according to Interpol, that cybercrime in this area will continue to grow and worsen as the economic deterioration becomes more palpable in the most affected countries.
It's possible that attackers will continue to exploit the vulnerabilities that companies may generate in the increasingly widespread implementation of teleworking, in addition to deploying phishing campaigns on the public, masquerading as administrative or health agencies that allow them to steal bank information and data.
The study and production process for the vaccines may also be affected by ransomware attacks or the theft of information that affects the development of the vaccine itself or hijacks the logistics or manufacturing processes.
The participants in this Interpol survey painted us a picture of the main cybercrimes related to the pandemic:
- Internet scams and phishing.
- Disruptive malware.
- Data theft.
- Evil domains.
Source: Interpol 2020
As we can see, cybercrime continues to base its attacks on its most traditional types, scamming its victims from different approaches, in particular through phishing.
However, ransomware is gaining more and more importance, as it represents a very lucrative element of attack in this area when it attacks health centers or companies in the pharmaceutical sector that aren't able to pause their activity and end up paying the proposed ransom.
In mid-March, practically at the beginning of the pandemic, a cyber attack paralyzed a university hospital that was conducting tests on the transmission of the coronavirus. Months later, Europe's largest hospital operator was attacked by the Snake ransomware.
Internet scams and phishing
Since the start of the pandemic, the inboxes of millions of users have been filled with fraudulent emails promoting fake drugs, medical and disinfection supplies, fiscal packages, emergency services or other services to help people get through lockdown.
Another type of phishing are the emails that impersonate government and health authorities, pretending to give information and recommendations related to the pandemic and that ultimately lead to the theft of information and economic fraud.
The extreme need for supplies, fear and the crisis itself have made all of us pay less attention to email addresses that mimic the originals.
Interpol member countries have reported a considerable increase in attacks with malware on the essential infrastructures of government agencies, hospitals and medical centers, which are so overwhelmed by their management of the pandemic that they can't be investing resources in cybersecurity work.
These attacks are intended to disrupt the operation of systems or access to data, which aggravates the collapse of these places. To return to normalcy, many of those who are in charge end up paying the ransoms, since urgency takes precedence and, ultimately, it's preferable to succumb to the demands of these cyber kidnappers.
Domain registrations with keywords like "COVID" or "Corona" have grown enormously in recent months. In June 2020, the Global Task Force on Malicious Domains of INTERPOL's Cybercrime Directorate identified and analyzed 200,000 malicious domains that had targeted more than 80 member countries. At the end of March 2020, 116,357 new domain registrations on COVID had been detected, of which 2,022 were identified as malicious and 40,261 as "high risk".
These domains are used to create fake websites that supposedly offer updated information, tracking services or statistics on the pandemic, hiding their true objective, which is none other than to obtain personally identifiable information that will later be used to scam users.
Then there are other malicious websites that are pure scams, which sell masks, personal protective equipment, virus detection kits or medical supplies. To do this, they clone legitimate websites and sell unauthorized or counterfeit items in the best of cases, with the most common thing being that they don't deliver any product at all.
In a crisis where so much data and news is being searched for and managed, manipulating information is also a lucrative business. As the WHO pointed out in February, this virus has been accompanied by an "infodemic" of misinformation that also poses a serious risk to citizens. The wave of fake news infects all the issues of particular relevance in this situation: number of infected people, political measures adopted, medical news, development of the vaccine, conspiracy theories…
This fake news has been spread mainly through WhatsApp, Facebook or Twitter.
In addition to the malware and illegal trade that usually accompanies this fake news, the authorities have expressed their concern because it also tends to generate panic and public disorder in the population.
When this pandemic is over, many things will have changed and others will have to change and be updated. Beyond health crisis management protocols and international coordination, a risk analysis of "cyber threats" will be necessary. The opportunities of a digital world are also taken advantage of by new criminals and these cyber threats will be increasingly dangerous for our way of life. Sooner or later, the COVID-19 vaccine will arrive, but will we have learned anything from this crisis?