RIYADH: Criminals have been exploiting fears over the coronavirus disease (COVID-19) pandemic to launch an “unprecedented wave” of cyberattacks around the world, experts have revealed.
Governments and law enforcement agencies are being urged to join forces to combat the hackers who have been using the fear and panic surrounding the global health crisis to run money making scams, spread false information, and steal data.
Thousands of incidents of digital crime related to the COVID-19 outbreak have been reported as countries battle to bring virus infections under control.
Mohammed Khurram Khan, a professor of cybersecurity at King Saud University in Riyadh, said: “Panic, fear and confusion due to the coronavirus pandemic has spurred cybercriminals to launch an unprecedented wave of cyberattacks around the world which have targeted medical facilities, vaccine testing centers, and general users.
“These unscrupulous cybercriminals range from individuals to organized criminal gangs and even nation-state sponsored threat actors who are exploiting the current chaotic situation for their monetary benefits and inhuman instincts.”
Khan, who is also CEO of the Global Foundation for Cyber Studies and Research in Washington, added: “COVID-19-themed cybercriminals recently registered thousands of web domains to launch their attacks via phishing emails, scams to plea for donations for vaccine development and research, and spread misinformation to create fear and panic among people.”
One tactic used by cybercriminals was to send out bulk emails with the aim of tricking users into opening attachments and documents claiming to contain protective information about COVID-19. When the files are accessed, damaging software (malware) is downloaded onto a computer, server, network or other device that is then capable of stealing sensitive information, spy on users, and surreptitiously extract important data.
The number of malicious mobile apps on COVID-19 had also rocketed, and Khan warned people to only download apps from official stores.
He said a ransomware hacking group had recently attacked the computer systems of Hammersmith Medicines Research (HMR), a coronavirus vaccine testing facility in London, and published personal details of thousands of former patients after the company declined to meet pay-off demands.
“To address these challenges, it is very important that governments and law enforcement agencies around the world work together for collective cybersecurity in order to suppress cybercriminals involved in launching attacks on critical infrastructure, medical facilities, vaccine testing centers and spreading fake news, misinformation and disinformation in the midst of COVID-19.
“Netizens (Internet users) should stay careful while trusting websites, mobile apps, and social media posts and only consult authentic sources such as WHO (World Health Organization) and official government websites to get authentic news and updates on COVID-19,” added Khan.
Daniel Markuson, a digital privacy expert at NordVPN Teams, a cybersecurity solution for businesses from the world’s most advanced VPN (virtual private network) service provider, said: “This may be the most dangerous time to be online and those least informed are in most danger.
“Hackers are exploiting very real fears about the coronavirus through fake emails and scam websites. People are giving up private information and downloading malware without a second thought.”
Some of the most common COVID-19 scams and security incidents have involved emails purporting to come from health authorities and claiming to contain instructions on how to prevent infection. Disguised as PDF, mp4, and docx files, the false instruction guides contain malware used to harvest data and take over infected devices. “That’s the granddaddy of coronavirus scams,” added Markuson.
Fake coronavirus maps have also been circulating. The now-famous Johns Hopkins University black world map with its expanding red dots has become a source of information available to all.
However, hackers used the university’s data to create malware-ridden apps and spread them all over the Internet to unsuspecting users. This resulted in cybercriminals gaining access to phone cameras, microphones, and text messages.
An ecosystem of scam websites also exists with thousands of fraudulent coronavirus websites being launched every day to host phishing scams, distribute malware, or sell non-existent cures and supplements.
Hackers prey on the fact that scared people tend to make irrational decisions and cybercriminals have been using COVID-19 conspiracy theories to grab attention and exploit fear.
By claiming to have a secret cure or new vaccine against COVID-19, they use social engineering to extract confidential data or bait users into downloading malware.