The novel coronavirus has impacted the global economy, daily life, and human health around the world, changing how people work and interact everyday. But in addition to the pressing threat the virus poses to human health, these rapid changes have also created an environment in which hackers, scammers, and spammers all thrive.
Coronavirus phishing scams started circulating in January, preying on fear and confusion about the virus—and they’ve only proliferated since. Last week, Brno University Hospital in the Czech Republic—a major Covid-19 testing hub—suffered a ransomware attack that disrupted operations and caused surgery postponements. And even sophisticated nation state hackers have been using pandemic-related traps to spread their malware. The conditions are ripe for cyberattacks of all sorts.
More people than ever are working from home, often with fewer security defenses on their home networks than they would have in the office. Even in critical infrastructure and other high-sensitivity environments where it would be impossible to securely work from home, skeleton crews at the office and general distraction can create windows of vulnerability. And in times of stress or distraction, people are more likely to fall for malicious scams and tricks.
“This global crisis is an emergent vulnerability in the broadest sense possible,” say Lukasz Olejnik, an independent cybersecurity researcher and consultant who has been analyzing the digital security risks posed by the pandemic. “The current situation poses enough challenges. Any additional undesirable events would just make it more difficult. So one worst case consequence of a cyberattack could be slowing down crisis response, for example in the health care sector.”
That’s exactly what has played out at Brno University Hospital, where the Czech National Cyber Security Center and Czech law enforcement still have not fully restored digital services. Ransomware attacks on hospitals are common, because scammers hope that the urgent need to function will push administrators to simply pay the ransom. Such attacks always pose a potential threat to the health and safety of patients, but are especially horrific during a pandemic that is straining the world’s health care systems. On Wednesday, the incident remediation firm Coveware and the malware defense firm Emsisoft began offering free ransomware response services to healthcare organizations for the duration of the pandemic, warning that a digital attack on a healthcare provider during this time would have real-world kinetic consequences.
Meanwhile, phishing and scam websites themed around the pandemic are exploding on the web; some reports estimate thousands of new domains cropping up every day. Crane Hassold, senior director of threat research at the email security firm Agari, says that his team is particularly wary of the threat phishing poses to people working remotely. Home Wi-Fi often doesn’t have the same defenses—think firewalls and anomaly detection monitoring—of corporate environments. And it doesn’t help that some leading corporate VPNs have major vulnerabilities that companies don’t always take the time to patch.
Hassold, formerly a digital behavior analyst for the Federal Bureau of Investigation, also notes that even extra cautious employees may be more likely to take phishing emails at face value, since it’s not as easy to call across the room to a colleague and check whether they really initiated that payroll payment reroute. “All of this is a perfect storm,” he says.
Covid-19 scams aren’t just being used by criminals for monetary gain, but are showing up in more insidious operations. Mobile security firm Lookout published findings on Wednesday that a malicious Android application has been posing as a Covid-19 tracking map from Johns Hopkins University, but actually contains spyware connected to a surveillance operation against mobile users in Libya.
