Cyber criminals and Internet scammers take advantage of global pandemic

Much has been said about the global pandemic – the toll exacted on human lives and economies has set a new record in modern history. While healthcare professionals have cautioned against over-enthusiasm to swiftly re-open business and return to some form of normalcy, business leaders and honchos of corporations all over the world are struggling to find their footing amid the financial freefall.

This current state of fear, confusion and uncertainty has created many opportunities for cyber criminals. As a cyber-intelligence research company, we have seen a multi-fold increase in cybercrime since the middle of January 2020.

Cyber criminals are capitalizing on the COVID-19 pandemic to achieve financial, geopolitical supremacy and reputational objectives. Cyber threats are unseen but they can wreak havoc to social systems and cause emotional and financial pain to communities, businesses and governments.

Observations on type of attacks and how hackers attack

With the pandemic raging, cyberattacks have not only increased in volume but also in the level of sophistication and creativity. Between February to early March, we saw a massive increase in cyber threat indicators (these are made up of conversations observed and uncovered in the dark web, hackers’ forums, and closed communities) related to the Coronavirus pandemic. Based on our researchers’ observations, these numbers would have easily accelerated in recent weeks.

The methods used by hackers for data breaches and exploits are varied, with the most common being spear-phishing campaigns targeting at unsuspecting individuals. To lure individuals into opening malware-laced emails or clicking hyperlinks on fake websites, social engineering and impersonation tactics have been most commonly used.

Phishing emails with ‘coronavirus’, ‘pandemic’, ‘Covid-19’ and their variations in the subject header have been making their rounds in email servers globally. To increase the perception of authenticity, these malicious emails would impersonate the senders (often figures of authority), tricking recipients into opening them and launching malware into machines and network. Fake emails claiming to represent the Centers for Disease Control (CDC) and the World Health Organization (WHO) have been rampant. The subject line and content of these emails lure recipients with pandemic news updates and cures.

Hackers’ ammunition also includes impersonating companies’ leaders and sending these fake emails far and wide. These phishing emails are conduits for scammers to extract personal and financial details. Emails purported to raise funds in support of medical and healthcare professionals and various charities are out in cyberspace.

Fake websites peddling face masks, hand sanitizers, cures and vaccines have sprouted in the last couple of months. Over 1,24,600 domain names with pandemic related keywords have been registered. A sample of these domain names is ‘COVID-19’, ‘COVID’, ‘Corona’, ‘CVD-19’, ‘C-Virus’, ‘MASK’, ‘C-COVID’, ‘WUHAN’, ‘HYDROXYC’, ‘KIT’ and ‘HYDROXYCHLORO’. These are significant indicators that scammers are hard at work.

We investigated the dark web marketplace and uncovered illicit groups selling organic medicine claiming to cure and eradicate the COVID-19 virus. Vaccine scams are of particular interest to hacker groups especially with the number of infections continuing to climb and the uncertainty of re-infection. Beyond financial repercussions, fake vaccines can cause actual loss of lives should family and loved ones infected with Covid-19 seek out these fictitious remedies.

With a vast majority of people working remotely and accessing corporate data and assets using an unprotected home network, cyber criminals have found it lucrative to launch spear-phishing campaigns using both new strains of malware as well as commodity ones. We have noticed hackers discussing the use of fake VPN clients to trick employees into disclosing credentials that would give criminals access to companies’ network and sensitive data. The VPN brands which have been copied and impersonated include FreeVPN, ExpressVPN, PrivateVPN, PandaVPN and more.

Misinformation

While the pandemic fracas persists, hackers are also fanning geopolitical tensions by defacing websites to cause negative social sentiments towards specific communities. The WorldofMeters website was hit with a DDoS attack as well as a breach where hackers grossly inflated the figures of coronavirus deaths. By causing misinformation, criminals aim to spread fear and incite unrest.

The United Nations have called the current situation a ‘dangerous epidemic of misinformation’. Falsehoods hate speech and myths are moving like wildfire in social media and the Internet. These could be planted by various groups, ranging from state-sponsored threat actors to politically motivated hacktivists.

State actors

The pandemic creates a favourable environment for nation-states to further their campaigns and agendas. State-sponsored or affiliated groups have been observed to be behind a spat of cyber activities since the beginning of the crisis.

Our researchers have uncovered a group from Hong Kong hatching a plan to create a new phishing campaign targeting mainland China. The group aimed to create distrust and incite social unrest by attributing the pandemic to the Chinese Communist Party. A deeper analysis of hackers’ conversations also revealed groups from Taiwan discussing similar phishing and smear campaigns, specifically targeting influential persons in mainland China to cause further unrest.

Another study revealed, Pakistani state actors, planning cyberattacks against the Indian Ministry of Health and conglomerates. The conversations in the hackers’ forums indicated the hackers’ intention is a combination of financial gain, reputational damage and national supremacy.

Industries impacted

No industry is completely immune to cyberattacks but in this pandemic situation, healthcare providers such as hospitals and medical research laboratories are especially vulnerable. Manufacturing, logistics, financial services (banks and insurance), e-commerce, hospitality, retail and F&B too are targets of hacker groups.

Businesses who are rapidly digitizing their systems and processes in their efforts to support telecommuting may not have given cybersecurity due consideration. These companies will pay a high price when a weak link in the ecosystem of employees, suppliers, clients and service providers is exploited by threat actors.

The post-pandemic world may look quite different from what we are familiar with. It has reinvented business models and redefined how work is carried out. Manufacturing and factory processes will move towards AI, RPA and robotics to minimize human interaction; supply chain and logistics industries would accelerate their adoption of blockchain and commercial drones, also to remove the added layer of human contact.

Airline, hospitality and tourism industries will return to their heydays once people feel safe to travel again. But changes will have to be made in terms of how services are rendered. This requires innovation and creativity.

One thing we know for sure – the brave new post-pandemic world will be highly digital and deeply interconnected. And this will post interesting challenges ahead for CIOs and CISOs.

By Kumar Ritesh, CEO, Cyfirma