Brno University Hospital, a key Covid-19 testing site in the Czech Republic, was one of the first medical facilities forced to turn away patients suffering serious conditions and postpone surgeries as the hospital endured a cyber attack that shut down their computer systems.
A complex attack on the WHO was identified in early March. The agency helping to lead the global response against Covid-19 is reporting a two-fold increase in cyber attacks.
The Maze ransomware group published the personal information of thousands of former patients of the Hammersmith Medicines Research (HMR) of the UK, after the company refused to pay a ransom. HMR, a leading health care researcher, is preparing to carry out eventual Covid-19 vaccine trials.
Using the web to harm
As the number of those who contracted coronavirus continues to surge by the thousands in the real world, harmful cyber campaigns including spam emails, phishing, malware, ransomware, and malicious domains that use the disease as a bait increase likewise in the virtual world.
Businesses, irrespective of size, are facing increased pressure to overcome the challenges of these cyber threats exploiting Covid-19. Phishing is still the most effective practice that hackers use to compromise accounts and gain access to company data and resources.
In fact, every day the attackers are creating new ways to attack and scam that attempt to take advantage of the fear and uncertainty surrounding the ongoing pandemic. Staying ahead of these threats can help businesses protect themselves from these spammers and attackers.
Google says its Gmail service has been detecting more than 100 million phishing emails and 18 million daily malware related to Covid-19. This is in addition to more than 240 million coronavirus-related daily spam messages.
These phishing attacks and scams use both fear and financial incentives to create urgency to try to prompt users to respond. Following are some examples:
Soliciting fraudulent donations or distributing deceptive malware in the guise of government authorities or organizations like the World Health Organization (WHO) is a common practice. This includes mechanisms to distribute downloadable files that can install backdoors on a computer or smartphone.
A survey in early April by IBM Security and Morning Consult shows that consumers’ and small-business owners’ expectations and attitudes toward government communications could make them more susceptible to coronavirus-related cybercrime.
Since WHO declared Covid-19 as pandemic on March 11, IBM X-Force has seen an increase of more than 6,000% in Covid-19-related spam. The one big takeaway from this poll is that consumers and small-business owners lack skepticism and are keen to engage with the emails, and their misunderstanding of how they would receive communications from the authorities.
Crisis events such as the current Covid-19 pandemic often lead to a change in habits that captures the attention of cybercriminals. For example, with the lockdown measures imposed in many countries, online shopping has soared, and along with it, credit card frauds.
According to the latest Malwarebytes statistics, March saw an increase of web-skimming by 26% over the previous month. Another finding is how the number of web-skimming increased steadily from January to February (by 2.5%), but then went up sharply from February to March (by 26%). While this is still a moderate rise, Malwarebytes believes it shows a trend that will be more evident in the coming months.
Putting education at risk
As the pandemic rages, education is at risk too. Recently homebound students have been taking classes via online edtech platforms, e-learning environments, and video-conferencing. Several incidents have happened when malicious actors hijacked video and teleconference calls (aka Zoom-bombing) in order to deliver offensive or threatening content.
There have been issues like one where an unauthorized party interrupted a school lesson to shout profanity and yell out a teacher’s home address, and another where an unidentified person showed off swastika tattoos.
It is recommended that educational institutions minimize private information contained within e-learning platforms, opt for a software-as-a-service (SaaS) solution over a local client, block third-party providers from direct access, and audit vendors and their security documentation on a regular basis.
There have been reports of a coronavirus-themed malware that overrides a computer’s Master Boot Record (MBR), making it unbootable. The malware file has “Coronavirus Installer” written in the description.
Another Coronavirus-themed malicious HTA file (HTML executable file) is using Covid-19 as a trap. It is probably from the notorious SideWinder group known for targeting military entities. This HTA file contains a pop-up PDF lure displaying click-bait titles and images of the Pakistan army.
Attacking mobile users
Coronavirus-related malware and fraudulent schemes are not only targeting desktop users; mobile users are just as affected. The most significant of all campaigns targeting Android users is a ransomware strain that locks user devices after users install a coronavirus tracker app. Fortunately, a universal unlock code (4865083501) has been discovered that lets users regain access to their smartphones without needing to pay the ransom demand.
Setting up fake online stores offering in-demand products can be a common ploy of the scammers. Checking out the seller by searching online for the person or company’s name, phone number, and email address, plus words like “review,” “complaint,” or “scam” can be a good way of protection from fraud. Until everything checks out, no payment should be made.
Fake charities are also a common way to take advantage of generous people who might be looking for ways to help in these troubled times. Some scammers use names that sound a lot like the names of real charities. This is one reason it pays to do some research before making any donation. Money lost to bogus charities means less assistance to those in need.
Scammers also use fake emails or SMS to get you to share valuable personal information -- like account numbers, login IDs, and passwords/PINs. Often the hackers use phishing emails to get access to a computer or network. Clicking on a link allows them to install ransomware or other programs that can lock out the computer and expose the data in it.
Scammers often use familiar company names or pretend to be a known person. Sometimes scammers use real information to infect computers with malware. For example, malicious websites may use real information and statistics of Covid-19 infections and deaths with interactive features to spread password-stealing malware.
Keeping operating systems and anti-virus programs up-to-date by using multi-factor authentication and by backing up data regularly can provide protection from these attacks.
Scammers can also use robocalls or telemarketing agents to pitch everything from sham Covid-19 cures to work-at-home money-earning schemes. The caller might say that pressing a number will let you speak to a manager or a live operator or remove you from their call-list; but it might lead to more such calls, instead. Hanging up immediately without pressing any numbers is the best way to avoid these attacks.
To limit the spread of Covid-19 related hoaxes and misinformation, Facebook and Instagram have started removing posts that could contribute to imminent physical harm or that make false claims about cures, treatments, the availability of essential services, or the location and severity of the outbreak on guidance from WHO and other health authorities.
For example, ads that imply a product that guarantees a cure or prevents people from contracting Covid-19 have been banned.
WhatsApp and Messenger have clear labels showing users when they receive a forwarded message, or chain message, so they know when they are receiving something that was not written by their immediate contacts. They have also set a limit on the number of times messages can be forwarded on WhatsApp to reduce the spread of viral messages and use advanced machine learning to identify and ban accounts engaged in mass messaging.
Scammers, and sometimes well-meaning people, share information that hasn’t been verified. Before sharing or passing on any messages, news, audio, or video clips, and certainly before paying someone or sharing any personal information, some fact-checking by contacting trusted sources must be done. For information related to the coronavirus in Bangladesh, corona.gov.org is an authentic portal and the official hub of verified information and tools.
Proactive monitoring with up-to-date security software can prevent coronavirus-related malware and phishing across computers and networks. In many cases, these threats are not new -- rather, they are existing malware campaigns that have simply been updated to exploit the profound attention on Covid-19.
Safe browsing helps protect users by showing warnings when they attempt to navigate to unscrupulous sites or download harmful files. A good security or antivirus software should be able to route emails that match phishing and malware traits to a quarantine folder.
These tools can identify emails with unusual attachment types and choose to automatically display a warning, send them to spam, or quarantine the messages. Properly configured security software can block unauthenticated emails trying to spoof the domain name and protect against documents that contain malicious scripts.
For a more robust protection against the Covid-19 themed scams and malware, it is recommended to complete a full system-wide security audit at regular intervals. Users should be prevented from downloading unknown files. They should check the integrity of URLs before providing login credentials or clicking on a link; fake URLs generally imitate real URLs and include additional words or domains.
All in all, malware campaigns and online fraud leveraging and focusing on the Covid-19 pandemic are expected to continue in the coming months, as hackers and fraudsters are known to not let a tragedy go to waste. However, constant vigilance makes it difficult for malicious cybercriminals to circumvent.
Syed Almas Kabir is President, Bangladesh Association of Software & Information Services (BASIS).