Large swaths of the global economy have shut down during the global COVID-19 pandemic, but cybercriminals haven't been taking any time off. On the contrary, cyberattacks actually spiked during the first half of 2020 with attackers finding new ways to exploit the conditions brought on by widespread lockdowns.
In a statement before the Senate Judiciary Committee, an FBI spokesperson said that the agency has seen a dramatic increase in the number of cyberattack reports. "As of May 28, 2020, the Internet Crime Complaint Center (IC3) received nearly the same amount of complaints in 2020 (about 320,000) as they had for the entirety of 2019 (about 400,000)," said Calvin A. Shivers, assistant director of the FBI's Criminal Investigative Division. Shivers noted that as the federal government has responded to the pandemic with new initiatives like the Paycheck Protection Program, stimulus checks, and enhanced unemployment checks, criminals have launched new fraud efforts aimed at diverting the funds associated with those programs into their own pockets.
He warned, "The repercussions of the COVID-19 pandemic have not and will not end any time soon."
Those repercussions are particularly significant for businesses. The combination of increased attacks and more employees working from home puts companies at a much higher risk. And unfortunately, most of those employees are not well-informed about the nature of the threat.
A survey conducted by security vendor CrowdStrike found "59% of respondents believe that their business is roughly the same or less likely to experience serious cybercrime in the wake of COVID-19, yet CrowdStrike has confirmed a 100X increase in COVID-19-themed malicious files from February to April 2020."
Given these realities, most security experts recommend that enterprise IT teams increase their vigilance and training related to cybersecurity during the pandemic. The following slides detail 10 types of cyberattacks that have been on the rise since February and that cybersecurity personnel should be watching for.
1. Donation Scams
Dramatic headlines often evoke compassionate responses, spurring activities such as making charitable donations to organizations focused on alleviating suffering. This year has seen a large number of email fraud campaigns designed to solicit donations for healthcare-related organizations that don't actually exist. Individuals and businesses alike can fall victim to these scams that prey on people's desire to do something good. One particularly popular organization to spoof has been the World Health Organization, which warned, Scammers impersonating WHO in emails have also increasingly targeted the general public in order to channel donations to a fictitious fund and not the authentic COVID-19 Solidary Response Fund. The number of cyberattacks is now more than five times the number directed at the organization in the same period last year."
2. Mobile Apps
One of the more effective ways to combat COVID-19 is through contact tracing, which involves finding and testing all the individuals that infected patients came into contact with while contagious. News outlets have carried reports of tech companies like Apple and Google developing mobile apps to help with these efforts, and several countries have rolled out these contract tracing apps with various levels of success.
However, not all the contact tracing apps available are actually legitimate. Security researchers have discovered at least 12 malicious apps that pretended to be contract-tracing apps but really downloaded malware onto a user's device.
Cyberattackers also seem to have stepped up the number of distributed denial of service (DDOS) attacks against a wide variety of websites. In a DDOS attack, cyber criminals flood a website with so much traffic that the website cannot respond, generating a "miss" on the domain-name system (DNS) server. Vendor Farsight Security told Dark Reading that the number of misses increased by four to seven times as the pandemic lockdowns began. Some of that traffic could have resulted from a larger number of people working from home, but the company believes a widespread DDOS attack is likely to blame. Researchers need more information before they will be able to determine the cause.
The pandemic also coincided with a very sharp rise in the number of malicious email attacks, more commonly known as phishing. Quite a few of these malicious emails have been disguised in emails that include pandemic maps or other content related to the coronavirus. According to a United Nations official, phishing attacks have increased 600% during the COVID-19 crisis. The representative said, "Growing digital dependency has increased the vulnerability to cyberattacks, and it is estimated that one such attack takes place every 39 seconds." When people are working from home, they are necessarily conducting more business by email. And that increases the likelihood that employees will inadvertently click on a malicious message that they believe is from a legitimate source.
Cybercriminals aren't only sending generic phishing messages to large numbers of people; they are also increasing the targeted attacks known as "spear-phishing." In its COVID-19 briefings, CrowdStrike wrote, "Despite the impact of COVID-19 on their respective countries, CrowdStrike Intelligence has observed multiple nation-state-affiliated targeted intrusion adversaries remaining active with spear-phishing campaigns throughout the last few months." The firm has also seen an uptick in targeted phishing campaigns seeking to extract information from health care organizations and non-profits involved in the coronavirus response.
Long before email existed scammers were using old-fashioned landlines for fraudulent purposes, and those techniques haven't gone away. During the COVID-19 pandemic, many voice phishing, or vishing, scams have centered around technical support. As employees work from home, callers pretend to be from workplace technical support and convince employees to disclose passwords or to enter authentication information into malicious websites. According to CrowdStrike, other vishing schemes have used "the COVID-19 outbreak as a theme," and some have been "combined with smishing (text message phishing) in order to perpetrate such scams or load malicious content onto mobile devices."
Even before the pandemic, ransomware had become a particularly popular technique for cyberattackers. With organizations more dependent on their electronic systems than ever, those attacks have only increased. Knowing that society is already in a fairly vulnerable situation, some cybercriminals have chosen this time to focus on critical infrastructure, launching attacks on energy companies and other vitally important organizations. In many cases, they are using COVID-19 themed emails or websites to lure employees into downloading malicious content that locks up digital systems until the victim pays a ransom.
8. Malicious Resumes
The economic fallout from the coronavirus has resulted in layoffs for millions of people. Record-breaking unemployment numbers mean that employers are receiving more resumes than ever from job seekers -- and not all of those resumes are as innocent as they seem. According to vendor Check Point Software, the number of CVs and medical leave forms hiding malware has doubled since the pandemic began. In addition, the company noted that a number of recently registered domains that include the word "employment" hosted malicious content. Organizations need to make sure their human resources personnel are aware of these potential attacks.
9. Malicious COVID-19 Websites
As people began searching for information about the pandemic, literally millions of new websites devoted to COVID-19 cropped up almost overnight. Researchers from Palo Alto Networks report that out of 1.2 million new domain names containing keywords related to the pandemic, " 86,600+ fully qualified domain names are classified as 'high-risk' or 'malicious' (C2, malware, or phishing)." It added, "On average, 1,767 high-risk or malicious COVID-19 themed domain names are created every day." And many of these malicious sites are using techniques like many-to-many mapping that can make it difficult for some firewalls to block them.
10. Nation-State-Backed Hacking
Not all the cyberattacks occurring during the pandemic have been perpetrated by cybercriminals. Nation-states engaged in cyberespionage account for a significant number of the attacks. As reported by The Washington Post and others, some countries are launching attacks against healthcare facilities, either as a means to attack enemies by putting patients' lives at risk or in attempts to steal information about research into coronavirus cures. The United Nations has issued a call for a cease-fire, but the attacks have continued. And in general, these nation-state attacks are more sophisticated and more difficult to prevent and mitigate than other types of attacks.Cynthia Harvey is a freelance writer and editor based in the Detroit area. She has been covering the technology industry for more than fifteen years. View Full Bio