Much of the world has slowed down during the COVID-19 pandemic. On the other hand, cybercriminals have redoubled their efforts with attacks tied to fears of the virus.
According to many cybersecurity experts, phishing and ransomware attacks with messages designed to appeal to coronavirus anxiety have spiked during recent months.
Videoconferencing hiccups such as “Zoom-bombing” have attracted attention, but many security experts say that old-fashioned, email-based scams constitute a significant avenue for cybercriminals.
The message within those phishing and malware-filled emails are what’s new in recent months, said Cindy Murphy, president of digital forensics at Tetra Defense, a cybersecurity firm. The company observed emails purportedly from the U.S. Centers for Disease Control and Prevention asking for donations in bitcoin, emails sending recipients to a fake website to receive COVID-19 tax relief documents, and emails touting drug advice from the World Health Organization if recipients click on a link, she said.
“This is social engineering at its worst. And unfortunately, it’s more likely to work in these uncertain times,” Murphy said. “People haven’t become more gullible in the past three and a half months; they’ve become used to big changes in small messages. When the next news headlines could be a matter of safety or sickness, it’s much easier to believe information that appears right in your inbox.”
Computer users should be especially alert about particular links or emails from unknown senders, added Umesh Padval, a venture partner at Thomvest Ventures and a longtime cybersecurity executive.
Recipients should look carefully at the sender’s email address to see if it matches official information from the supposed organization.
He said that recent phishing scams are purportedly selling face masks and other protective gear and household goods such as cleaning supplies and antibacterial soap.
“Really, anything there in short demand gives these actors the opportunity to trick the general public,” he said. “Also, due to the stimulus check and (paycheck stimulus) program, hackers are using these angles to entice clicks to install malware to check the status of your refund.”
Malwarebytes Labs, another cybersecurity firm, saw a nearly 110% increase in detections of the AveMaria remote access Trojan between February and March, according to a recent company report. The malware, recently spread through emails claiming to contain information about effective face masks and through other COVID-19 themed-campaigns, can steal a victim’s passwords, log keystrokes, give attackers remote webcam control, and give them remote desktop access.
Attackers are also spreading the backdoor NetWiredRC malware through COVID-19-related emails purporting to be from UNICEF, Malwarebytes said. The company observed a 40% increase in NetwiredRC detections since the beginning of the year, and victims can have data on their hard drives downloaded by attackers or have their keystrokes logged.
Malwarebytes has observed significant increases in the use of several other malware packages, as well.
Meanwhile, VMware Carbon Black Cloud, an endpoint protection service, saw an overall increase in ransomware attacks of 148% between February and March. At the same time, there’s been an estimated 70% increase in remote work, and many cybersecurity experts said that data protection may not be as robust in home offices as it is in corporate settings.
Robert Siciliano, the chief security architect at the cybersecurity firm Protect Now, has seen several attempts to take advantage of the pandemic. Attackers using relief fund scams create emails that look like official government documents to trick people into giving up personal information.
In other cases, cybercriminals are creating coronavirus infection maps that copy legitimate maps. These fake maps are posted on websites that contain malware.
Other cybercriminals impersonate health organizations in phishing scams, and others are offering COVID-19 testing kits or medical supplies through email, robocalls, and texts.
“These days, even though we are all, for the most part, stuck at home, trying to be safe from COVID-19, that doesn’t mean that we are safe from cybercrime,” Siciliano said. “Cybercriminals continue to target victims, even in this environment, and many of these scams are related to COVID-19. This is pretty common when something like a crisis comes down, so you have to remain vigilant as you go through your daily life.
