3 Ways Cybercriminals Are Exploiting Coronavirus (COVID-19)

Publication date: Mar 26, 2020

Last Published: Jun 25, 2020

Table of Contents
Read Time : 5 minutes
how cyber criminals are taking advantage of coronavirus fears

While the COVID-19 outbreak, caused by the new coronavirus (SARS-CoV-2), is bringing the global economy to a grinding halt, cybercriminals are attempting to exploit the growing uncertainty and fear for their personal gain. 

The COVID-19-related cyber-crimes are conducted through various media, and they target both the private and the public sector. Unless cybersecurity experts fight them with the same sense of urgency as policymakers and medical professionals fight the virus itself, they could dangerously hamper the efforts to stop the pandemic.  

cyber crime and coronavirus

Additional Reading: Why a 24×7 SOC is an Essential Component to Your Cyber Security Program

Threats on All Fronts 

Even though some governments are still coming to terms with the monumental task ahead of them, cybercriminals have already launched offensive campaigns on all fronts.

Here are the 3 main forms of cyber attacks criminals are using to prey on consumer fears:

  • Phishing Attacks
  • Malicious Websites
  • Misinformation

Phishing Attacks 

Due to their effectiveness and ease of implementation, phishing attacks and social engineering scams were among the first cyber-crimes attempting to exploit the COVID-19 emergency. Since many businesses have adopted new work-from-home policies, hackers have been quick to exploit insecure home networks as well.

Typically, cybercriminals send fake email messages that appear to come from a trustworthy organization, such as a government agency or healthcare provider. These emails often contain various lure documents, whose purpose is to infect the victim’s computer with information-stealing malware. 

After discovering that cybercriminals had been sending phishing emails with its name, the World Health Organization (WHO) issued a warning, advising all recipients of WHO-branded emails to verify the sender by checking their email address, check suspicious links, and be careful when providing personal information, among other things.

“Criminals are disguising themselves as WHO to steal money or sensitive information.  If you are contacted by a person or organization that appears to be from WHO, verify their authenticity before responding,” states WHO on its website. 

Similar warnings have also been issued by the US Cybersecurity and Infrastructure Security Agency (CISA), the UK’s National Cyber Security Centre (NCSC), the Canadian Centre for Cyber Security (CCCS), and New Zealand’s Computer Emergency Response Team (CERT)

Additional Reading: 4 Ways to Spot a Phishing Attack

Malicious Websites

Whereas panic-buyers have emptied toilet paper aisles in stores around the world, Check Point’s Global Threat Index shows that cybercriminals have been busy registering coronavirus-related domain names. 

“In the past three weeks alone (since the end of February 2020), we have noticed a huge increase in the number of domains registered – the average number of new domains is almost 10 times more than the average number found in previous weeks,” explains the Israel-based software company. 

We know that the sudden demand for coronavirus-related is caused in large part by criminal activity because data from Check Point reveal that coronavirus-related domains are 50% more likely to be malicious than other domains registered during the same period.

For example, cybercriminals on the prestigious Russian-language forum XSS can now purchase a malicious version of the  map created by the Johns Hopkins Center for Systems Science and Engineering (CSSE). The malicious map sells for $200 (or $700 with a Java CodeSign certificate), and it can be used to deliver malware. 

Additional Reading: 7 Ways to Prevent Cyber Attacks in 2020

Misinformation 

Most cybercriminals are in it to make a profit, but some are interested in spreading misinformation and sowing discord. The impact of this criminal activity is difficult to quantify because it doesn’t directly impact the bottom line of businesses, organizations, and individuals. Instead, it causes panic, fuels racism, and promotes potentially dangerous home remedies. 

The WHO calls the over-abundance of information—some accurate and some not—that makes it hard for people to find trustworthy guidance as an “infodemic.” The organization is trying to refute online myths with evidence-based information, encouraging official government entities and social media platforms to follow in its footsteps. 

Unfortunately, government propaganda machines understand the power of misinformation in the times of crisis just as well as edgy cybercriminals who take pleasure in causing chaos. Recently, an EU monitoring team collected 80 examples of misinformation from pro-Kremlin media and claimed that its purpose had been to aggravate the public health crisis in the west. 

The sophisticated nature of misinformation campaigns like this one, which relied mainly on the amplification of bogus news stories that originated from elsewhere, allows those who are behind them to avoid accusations and escape consequences of their actions.

Additional Reading: Top Cybersecurity Threats to SMBs in 2020

cyber attacks and coronavirus

Be Aware of Coronavirus Cyber Crimes

COVID-19 is one of the most severe challenges humanity has ever faced, presenting a significant risk to individuals and organizations across the world. The activity of opportunistic cybercriminals can make this challenge even more difficult to overcome by destabilizing critical infrastructure and creating panic.  

Related Posts:

CONFIGURATOR

Tell us about your organization.

What services are you interested in (select all that apply)?

CONFIGURATOR

IT Support for1 users

required licensing for remote control, patch management, and asset management at $6/user.

Remote Monitoring & Management

Retainer Plans

Subscription Plan

Unlimited remote, onsite, or after hours support $150 /user

CONFIGURATOR

Cloud Solutions

Private Cloud Hosting

Do you need an Application server (finance, AMS, CRM, Remote Desktop)? Includes 100GB hard drive, 8GB RAM, 1 CPU, Windows Server 2019, monitoring and patch management.

Yes No

Do you need a web server? Includes 100GB hard drive, 8GB RAM, 2 CPU, Windows Server 2019, monitoring and patch management.

Yes No

Do you need a Database server? Includes 200GB hard drive, 10GB RAM, 2 CPU, Windows Server 2019, monitoring and patch management.

Yes No

CONFIGURATOR

Enhanced Security Services

Includes:

Yes No

CONFIGURATOR

Equipment Lifecycle Management Subscription based equipment provided at monthly fee.

Do you need workstations?

Yes No

Do you need core infrastructure?

Yes No

CONFIGURATOR

Ready to get started?




















    View Itemized List

    Summary

    Organization
    IT Support
    Cloud Solutions
    Cloud Solutions2
    Enhanced Security Services
    Equipment Lifecycle Management
    Final

    Total Monthly Recurring Cost:$500

    SUMMARY

    Services

    • IT Support
    • Cloud Solutions
    • Enhanced Security Services
    • Equipment Lifecycle Management

    IT Support

    • RMM licensing $6/user per month

    Cloud Solutions

    Enhanced Security Services

    • + Email Security
    • + Multi-Factor Authentication
    • + Security Awareness Training

    Equipment Lifecycle Management

    • Core Infrastructure $175.00/mo
    Back to Form

    summaryTotal Monthly Recurring Cost:$