“…Every country in the world has seen at least one COVID-19 themed attack… Our data shows that these COVID-19 themed threats are retreads of existing attacks that have been slightly altered to tie to this pandemic… This means we’re seeing a changing of lures, not a surge in attacks.”
— Rob Lefferts, Corporate VP, Microsoft 365 Security
“…Malicious cyber actors are continually adjusting their tactics to take advantage of new situations, and the COVID-19 pandemic is no exception… Malicious cyber actors are using the high appetite for COVID-19-related information as an opportunity to deliver malware and ransomware, and to steal user credentials. Individuals and organizations should remain vigilant.”
— US Cybersecurity and Infrastructure Security Agency (CISA)
What could possibly be worse than getting infected by malware or computer virus?
It’s getting infected by malware or computer virus while feeling vulnerable, because of a worldwide pandemic caused by a deadly biological virus. You’re already worried about your job and finances during a lockdown and here they are, hackers out to steal what’s left of your hard-earned money.
It’s highly unfortunate that many businesses are forced to operate remotely without a security infrastructure in place, making users prone to threat actors. Below are how hackers are taking advantage of the coronavirus pandemic:
Email and SMS Phishing
Hackers have stepped up email phishing scams, taking advantage of the pandemic panic by including coronavirus-related subjects and headings. In the world’s current state, users are bound to click anything related to the pandemic with some masquerading themselves as advisories from the World Health Organization.
Now these emails of course come with payloads embedded in their attachments. According to cybersecurity firm Group-IB, these emails are said to be loaded with malware such as LokiBot, Netwire and AgentTesla, designed to steal personal and financial data. SMS Phishing related to the pandemic has also become rampant with texts containing links to phishing sites according to US Cybersecurity and Infrastructure Security Agency (CISA) and the UK’s National Cyber Security Centre (NCSC).
Also, because people are forced to work from home through apps like Teams and Zoom, hackers are sending phishing emails containing files related to these applications pretending to be add-ons or plug-ins in a bid to trick users into installing malware.
Because there’s an app for everything, hackers will try any avenue to exploit the current situation and have released mobile apps that claim to have important information about the pandemic. These malware-embedded apps are also designed to steal users’ personal and financial information.
Face Mask and Sanitizer Scams
Because everyone is scrambling for face masks, hand sanitizers and toilet paper during the pandemic, people are bound to take advantage. Several individuals and a major pharmaceutical company in Europe were scammed out of millions through email, as these items were ordered but never delivered.
Also, fake medicine purported to help with coronavirus symptoms are circulating on the net. Europol managed to seize over 13 million euros worth of such drugs.
Hospitals unfortunately have been the usual victims of malware and ransomware attacks. Cybercriminals are unfortunately devoid of altruism during these trying times as hospitals remain fare game, despite them being the most critical of all establishments. The Interpol has issued a warning to hospitals to be very wary of ransomware.
We know we already have plenty on our plate during this pandemic, unfortunately, we must remain wary of cybercriminals who constantly take advantage of any situation, no matter how dire. One thing they deserve credit for, they’re optimistic enough for the pandemic to end, and make use of any earnings they make.