How cybercrime has changed in the wake of COVID-19

How cybercrime has changed in the wake of COVID-19
(Image credit: Shutterstock)

1. How has cybercrime changed in the wake of Covid-19?

COVID-19 hasn’t necessarily changed how cybercriminals operate, but it has radically shifted where and when we’re seeing spikes in cybersecurity attacks. As the pandemic has developed and moved across the world, the cyber threat ecosystem of related attacks has closely followed suit. Attacks related to Coronavirus initially appeared in Asia before similar attacks occurred in Eastern and subsequently Western Europe.

About the author

Dr Alex Tarter is Chief Cyber Consultant & CTO at Thales.

What’s clear is that hackers are hoping to capitalize on public fear. As a global population we have proactively sought out as much information as we can find to help inform our day-to-day lives, but also make us to feel safe. Many of instances of cybercrime in the wake of COVID-19 have been designed with this fear in mind, making it more important than ever that we approach cybercrime as a global issue which impacts healthcare organisations, individuals and businesses.

2. What attacks are hackers launching?

Whether it is for financial gain, data hoarding or espionage, hackers are targeting individuals and institutions through a huge range of attack methods related to COVID-19 to satisfy these motivations.

From the start of 2020 through to the end of March, around 16,000 domains related to COVID-19 were created globally. Some of these were created to genuinely provide information or guidance about the virus, while some were designed to appear under the guise of more altruistic platforms. 

It appears that 50% of the COVID-19-related domain names created since December have the capacity to inject malware, with some of these masking the malicious software by duplicating genuine information websites. These including luring in users to websites that let them track the progress of the virus on an interactive map.

We have also seen a rise in scam and spam attacks. Scam campaigns or Business Email Compromises (BECs) don’t necessarily distribute malware, but request that users to pay a certain sum of money, whether that’s the mask of penury or to under the guise of a charitable donation.

Evidently, many of the COVID-19-related attacks we are seeing are hoping to tap into the concern and fear we are all feeling. Separately, we have observed the development of new Android apps allowing users to follow the propagation of the virus in the world, such as CovidLock. Many of these are corrupt and contain ransomware or ask for banking details. Meanwhile, major spam campaigns have also been launched, deploying ransomware, stealers (data thief) or banking malware (e.g. TrickBot, Agent Tesla, etc.).

It’s also understandable that much of the cybercrime over the last few months has sought to hijack many aspects of government response, whether that’s advice from the Government for self-employed workers looking to obtain financial support, or advice from healthcare providers on how we can keep ourselves and our families safe.

In addition to this, there has been a significant rise in the attacks led by state-funded groups of hackers (Advanced Persistent Threat), who have used COVID-19 as a pretext for wider espionage campaigns. If we look back to mid-February, the Hades Group, who is believed to operate from Russia and is linked to APT28 and APT41, were one of the first state-funded groups to coordinate such an attack. The group hid a C# Trojan Horse in emails which were seemingly from the Ukrainian Ministry of Health’s Public Health Centre and contained the latest news about COVID-19.

4. Has cybercrime increased because more people are working from home?

As the world has worked to combat COVID-19 and mitigate its impact, large amounts of us have started working from home. With more people having turned to remote working, often with little notice or preparation as Government’s have implemented travel bans or lockdowns, the risk associated with Shadow IT has increased significantly. Companies work hard to ensure their office IT systems are secure and robustly protected, but with some workers now reliant on unknown personal devices or unsecured networks – known as Shadow IT – they could effectively become a backdoor to their wider company’s IT network. This makes them a big target for those with malicious intent.

5. What can businesses and workers do to protect themselves better? What are the ground rules?

There are numerous steps businesses and workers can take to keep themselves as safe as possible. Initially, it’s essential that, where possible, workers only use their company’s own IT devices, software and tools. These devices should have secure VPNs built-in. Workers must also enact their own responsibility to protect themselves and the data they work with, primarily by not downloading any unknown apps or software.

There’s always the potential that any additional software downloaded, which isn’t incorporated into the company’s wider security system, might not be secure enough, downloaded too quickly, or malicious in itself. Finally, it’s the age-old-adage, but employees must also be careful to only use USB sticks or connected devices of known origins, and also ensuring that they’re keeping their devices regularly updated with the latest security software.

6. When the world returns back to ‘normal’, what lessons should businesses learn from this crisis?

Ultimately, the last few months have served as a stark reminder of the importance of cybersecurity preparedness, for both businesses and employees. Part of this is about education, ensuring that we’re all up to speed as to how cybercriminals are operating, how they’re working to take advantage of what else is going on in the world, and how we as individuals fit into this. However, the second, and potentially even more crucial aspect of this preparedness, is inbuilt protection.

Looking ahead, it is paramount that our IT systems, devices and users are equipped with the security they need, such an encryption and multi-factor authentication, to not only protect us from cyber-harm, but give us the peace of mind we need to continue our day-to-day lives with a small sense of normality.

TOPICS
Alex Tarter

Dr Alex Tarter is Chief Cyber Consultant & CTO at Thales. He is a senior manager with extensive experience in the development and implementation of strategic plans and technology roadmaps that meet both long-term aims and tactical objectives. He is also a leading subject matter expert on the cyber-physical protection of critical infrastructure and industrial automation systems, with a strong background in cyber security, encryption & key management, risk assessment, and industrial automation. He ensures cyber security is a risk driven discipline instead of a technology driven one. He helps customers achieve the right degree of security for their mission, and that fits with their operational priorities and environment. He is a specialist in making complex technical concepts understandable and relevant to both internal and external stakeholders, to enable informed decision-making and business planning. He likes working in fast-paced rapidly changing technical fields, to generate solutions that are both effective and applicable to the environments they will be used in.