In an alarming turn of events, security agencies in the U.S. and U.K. revealed that cybercriminals and other malicious online groups are exploiting the COVID-19 outbreak for their own gain.
On April 8, the top cybersecurity agencies of the U.S. and the U.K. released a report regarding ransomware and malware attacks on individuals and organizations.
The U.K.’s National Cyber Security Centre (NCSC) and the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Agency (CISA) advised citizens from both countries to take precautions when dealing with suspicious emails.
Tactics used by these cyber threat groups included the usage of emails that contained malware that appear to have come from WHO’s top officials, as well as other forms of electronic communication that offered thermometers and face masks to unsuspecting victims.
Cybersecurity intelligence agencies on the lookout
Both the NCSC and CISA were keeping tabs on cybercriminals scanning for vulnerabilities in software and remote working tools, even as more people began work from home setups during the pandemic.
Furthermore, both agencies emphasized the need for implementing best practices in cybersecurity such as setting up strong alphanumeric passwords and two-factor authentication systems.
These measures intended to reduce the risk of cybercriminals acquiring sensitive personal information from both individuals and institutions alike.
Phishing scams in the time of COVID-19
With the novel coronavirus (COVID-19) situation rapidly spreading, malicious cyber groups have been reported to send emails that claim to have a “cure” for the virus, offer a financial reward, or encourage a person to donate.
These are all examples of a phenomenon called “phishing,” in which criminals try to convince a person to click on hyperlinks within a scam email or text message, or to give sensitive information away (such as bank details).
Like many phishing scams, these emails are preying on real-world concerns, and as a result, are hard to spot for the common user even in the 21st century.
Relatively stable trends
While the agencies are not anticipating an upward trend in overall levels of cybercrime cases and attempts, they are seeing a growing use of themes related to the novel coronavirus pandemic by malicious cyber actors from all over the world.
Some of the malware programs and codes being used by cybercriminals include the Agent Tesla keylogger, as well as the TrickBot and GraceWire 2 malware programs.
It is interesting to note that while the increase in COVID-19 scams has been largely reported in the U.S. and the U.K., there have also been several cases both in Europe and elsewhere.