News

Hackers Exploit COVID-19 'Fear and Uncertainty' INTERPOL Says

• By David Ramel
• 08/12/2020

Many organizations have highlighted the increased cybersecurity threats accompanying the COVID-19 pandemic, and now international police organization INTERPOL has followed suit, warning of more attacks and new targets.

"Cybercriminals are developing and boosting their attacks at an alarming pace, exploiting the fear and uncertainty caused by the unstable social and economic situation created by COVID-19," said Jürgen Stock, INTERPOL Secretary General, in discussing an assessment made by the inter-governmental body (standing for International Criminal Police Organization) with 194 member countries.

Furthermore, investigators have detected a shift in targeting on the part of the attackers, who have moved from preying on individuals and small businesses to major corporations, governments and critical infrastructure.

As with other reports, the increase in cybersecurity attacks and threat vectors is compounded by the surge in remote work -- especially in major organizations -- amid stay-at-home and shelter-in-place directives. Some of those prime attack vectors are associated with increased use of email and remote connections.

For example, we recently reported on a VMware study that found 89 percent of U.S. enterprises had been attacked by COVID-19-related malware. Another recent report, again from VMware, also mentioned "fear and paranoia" caused by COVID-19 contributing to cybersecurity threats. The VMware Carbon Black study warned of overloaded security teams amid the pandemic, a sea of distracted new remote workers exposing more vulnerabilities and new attack vectors to worry about. "The fear and paranoia coursing through the world left organizations particularly vulnerable to cyberattacks -- which shot up by an estimated 66 percent" after the pandemic hit, said that report.

The INTERPOL report reveals similar findings.

"With organizations and businesses rapidly deploying remote systems and networks to support staff working from home, criminals are also taking advantage of increased security vulnerabilities to steal data, generate profits and cause disruption," INTERPOL said.

"In one four-month period (January to April) some 907,000 spam messages, 737 incidents related to malware and 48,000 malicious URLs -- all related to COVID-19 -- were detected by one of INTERPOL's private sector partners."

Highlights of the assessment findings include:

• Online Scams and Phishing: Threat actors have revised their usual online scams and phishing schemes. By deploying COVID-19 themed phishing emails, often impersonating government and health authorities, cybercriminals entice victims into providing their personal data and downloading malicious content.
• Disruptive Malware (Ransomware and DDoS): Cybercriminals are increasingly using disruptive malware against critical infrastructure and healthcare institutions, due to the potential for high impact and financial benefit.
• Data Harvesting Malware: The deployment of data harvesting malware such as Remote Access Trojan, info stealers, spyware and banking Trojans by cybercriminals is on the rise. Using COVID-19 related information as a lure, threat actors infiltrate systems to compromise networks, steal data, divert money and build botnets.
• Malicious Domains: Taking advantage of the increased demand for medical supplies and information on COVID-19, there has been a significant increase of cybercriminals registering domain names containing keywords, such as "coronavirus" or "COVID."
• Misinformation: An increasing amount of misinformation and fake news is spreading rapidly among the public. Unverified information, inadequately understood threats, and conspiracy theories have contributed to anxiety in communities and in some cases facilitated the execution of cyberattacks.

The organization called for businesses and individuals to ensure their cyberdefenses are up to date and highlighted the need for closer public-private sector cooperation to tackle the threats.

The organization also made some projections concerning future areas of concern:

• A further increase in cybercrime is highly likely in the near future. Vulnerabilities related to working from home and the potential for increased financial benefit will see cybercriminals continue to ramp up their activities and develop more advanced and sophisticated modi operandi.
• Threat actors are likely to continue proliferating coronavirus-themed online scams and phishing campaigns to leverage public concern about the pandemic. Business Email Compromise schemes will also likely surge due to the economic downturn and shift in the business landscape, generating new opportunities for criminal activities.
• When a COVID-19 vaccination is available, it is highly probable that there will be another spike in phishing related to these medical products as well as network intrusion and cyberattacks to steal data.

INTERPOL in May launched an awareness campaign about COVID-19 cyberthreats. "The key message of the campaign, which focuses on alerting the public to the key cyberthreats linked to the coronavirus pandemic, is to #WashYourCyberHands to promote good cyber hygiene," the organization said at the time.