Cybercriminals are exploiting Covid-19 concerns as situation worsens

Global Computer Emergency Response Teams (CERTs) have doubled down on their warnings for the public to be wary of scams and cyber-attacks referencing the coronavirus pandemic.

Attackers ranging from cybercriminals to suspected spies have cynically used alarm about the global health emergency as bait for phishing or malware-based attacks.

“Cyber actors may send emails with malicious attachments or links to fraudulent websites to trick victims into revealing sensitive information or donating to fraudulent charities or causes,” an advisory by US-CERT warned.

“Exercise caution in handling any email with a Covid-19-related subject line, attachment, or hyperlink, and be wary of social media pleas, texts, or calls related to Covid-19.”

The UK’s National Cyber Security Centre (NCSC) put out a similar warning that elaborates on the range of attacks being carried out by cybercriminals seeking to exploit Covid-19.

“These attacks are versatile and can be conducted through various media, adapted to different sectors and monetised via multiple means, including ransomware, credential theft, bitcoin or fraud,” according to the NCSC.

Litany of scams

The World Health Organization (WHO) recently warned of fraudulent emails being sent by criminals posing as the global health authority, as previously reported.

The alert followed a notice from the US Federal Trade Commission and Food and Drug Administration reporting the creation of fraudulent websites to sell fake antiviral equipment.

Cybercriminals have also impersonated the US Center for Disease Control (CDC), creating domain names similar to the CDC’s web address to request passwords and even bitcoin donations to fund a fake vaccine.

In January, attackers targeted users in Japan by disguising Microsoft Word documents infected with the Emotet banking trojan as messages from the state welfare provider.

More recently, Britons have been targeted with coronavirus-themed phishing emails with infected attachments containing fictitious “safety measures”, the NCSC reports.

In a more straightforward case of trying to take down a website, last weekend the US Health and Human Services Department, which is coordinating the US response to the unprecedented crisis, apparently suffered an attempted DDoS attack.

Phishing surge

The UK’s NCSC reports an increase in the registration of webpages relating to the virus and phishing attempts, adding that it is using pre-existing processes to automate the discover and takedown of such fraudulent sites.

The latest “safe browsing” data from Google indicating a surge in phishing sites, which have tripled in number since the beginning of February.

The Daily Swig asked Google whether the increase reflected a rise in coronavirus-themed scams or whether some other factor might be in play.

We’ll update this story as and when more information comes to hand.

Let’s be careful out there

Rather than simply warning about the threat from phishing campaigns and malware scams themed around Covid-19, the Canadian Centre for Cyber Security has offered a range of security tips and advice.

In New Zealand, CERT-NZ warns of fake coronavirus maps that actually offer a malware-riddled application, an apparent reference to a scam first reported by cybersecurity reporter Brian Krebs.

“An interactive dashboard of coronavirus infections and deaths produced by Johns Hopkins University is being used in malicious websites (and possibly spam emails) to spread password-stealing malware,” Krebs reported last week.

Over in Spain – which is entering day two of a national lockdown – data protection authorities are warning consumers to protect their data and safeguard themselves against phishing and malware scams.

CCN-CERT, Spanish police authorities, and the Ministry of the Interior warn against the perils posed by coronavirus-themed malware and disinformation about the pandemic.

Lures, lures, and more lures

Researchers at Proofpoint have observed credential phishing, malicious attachments, malicious links, business email compromise (BEC), fake landing pages, downloaders, spam, and malware, among others, all leveraging coronavirus lures.

More examples of how cybercriminals are taking advantage of Covid-19 for the furtherance of scams, fraud, and misinformation can be found in a blog post by threat intel agency Digital Shadows.

Alarmingly, it’s not only opportunistic cybercriminals who have latched onto coronavirus as a theme for attacks.

According to research from Check Point, Chinese spies are allegedly serving up fake documents supposedly from the Mongolian Health Ministry, in an attack against targets outside its borders in east Asia.

FireEye has said that Russian hacking groups are targeting Ukrainians in a similar manner.


This is a developing situation. The Daily Swig will be back this week with more coronavirus-related security news.


READ MORE DDoS suspicions: US health department investigating ‘significant increase’ in traffic