The combination of public uncertainty, increased internet traffic, and the mass move to remote working, is providing a happy hunting ground for cybercriminals.
Historic cybercrime pandemic event
"There is a digitally historic event occurring in the background of this pandemic, and that is there is a cybercrime pandemic that is occurring."
This is the warning from VMware cybersecurity strategist, Tom Kellermann, and many of his fellow cybersecurity colleagues around the world agree.
Cyber attacks spiked sharply last month as the coronavirus swept the globe. Almost every country has been the target of a Covid-19-related attack.
Ransomware attacks rose 148% in March over the previous month according to data collected by VMWare Carbon Black; while Microsoft released a map showing 241 countries impacted by cyber attacks.
The FBI has reported a 300-400% increase in reports of attacks in the United States, and the Australian Signals Directorate has warned Australians about the launch of thousands of fake websites looking to trick them into revealing credentials.
Attackers target coronavirus epicentres
A pattern has also emerged which shows the volume of attacks and successful breaches is directly aligned with Covid-19 pandemic hotspots.
Rob Lefferts, Microsoft 365 security VP, told the New York Times that cyber attacks are following the pandemic around the world with criminals deliberately targeting communities that are most impacted.
"The volume of successful attacks is correlated with the volume of virus impact.
"Countries with the highest outbreak numbers are also the most affected by these COVID-themed lures.
"Confusion, concern, and fear are driving people to click and that's what attackers are taking advantage of," said Lefferts.
The magnet for hackers is locations where anxious people are turning to the internet for information and reassurance.
Web pages offering information about the coronavirus, aim to trick people into parting with their credentials. The offer of 'miracle cures', the sale of personal protective equipment or at home testing kits, and even fake charities asking for donations, are all used by scammers to lure unsuspecting users.
Australian Signals Directorate warns of fake websites
The Australian Signals Directorate has issued its own warning about "thousands of Covid-19 websites being registered," of which "many are being created by malicious cyber actors seeking to exploit Australians during this difficult time."
"Opportunistic malicious actors are exploiting people’s concerns and desire for information about the COVID-19 pandemic by directing them towards websites designed to either install malicious software or steal personal information.
"The malicious COVID-19 websites are designed to look legitimate or impersonate well-known organisations, making it difficult for individuals to detect. Cybercriminals use them to install computer viruses onto people’s devices, such as banking Trojans or different variants of ransomware, in order to generate profit
"In other cases, they seek to harvest user credentials, such as personal identification, passwords and bank details, which are then used to gain access to the user’s networks, devices or online financial accounts."
People working from home also at risk
The Directorate has also singled out people who are suddenly and unexpectedly working from home for the first time, advising them to increase their online vigilance.
"The COVID-19 pandemic has resulted in many people working from home for the first time. Working from home has specific cyber security risks, including targeted cybercrime. When compromised, unauthorised access to your stored information can have a devastating effect on your emotional, financial and working life.
"Malicious cyber actors are actively targeting individuals and Australian organisations with COVID-19 related scams and phishing emails. These incidents are likely to increase in frequency and severity over the coming weeks and months. This is due, in part, to the ease in which existing scam emails and texts can be modified with a COVID-19 theme."
MobileCorp is a Sydney-based communications technology company. We support companies by providing managed mobility and ICT services including mobile device security, mobile device management, expense management and managed connectivity solutions.
Have some time to invest in knowledge-building during lockdown?