While many communities around the world have started to ease their stay-at-home orders, hackers are still running spearphishing and misinformation campaigns exploiting the COVID-19 pandemic.
The Internet Crime Complaint Center (IC3) of the Federal Bureau of Investigation (FBI) said it received over 20,000 reports so far this year regarding cyber threats connected to the ongoing coronavirus outbreak. These complaints include various kinds of internet fraud such as scams, computer viruses, and malicious emails.
Hackers continue to ran scams during the coronavirus pandemic
Adam Meyers, vice president of intelligence at cybersecurity firm CrowdStrike, says nation-state and criminal spearphishing activities that exploit COVID-19 thematic lures are still on the rise.
"We've been seeing an increase of [social engineering behavior] where they're [copying government agencies], hospitals, healthcare [entities], and insurance companies to entice people to click links and open files," Meyers said.
And as the pandemic continues to affect economies around the world, hackers also continue to spoof government relief packages in their spearphishing efforts, Meyers added.
According to deputy assistant director Tonya Ugoretz of the FBI's Cyber Division, the IC3 received as many complaints in the second week of June this year compared to all cases in 2019.
The cyber threats came from both foreign actors pursuing COVID-19 research and cybercriminals seeking to exploit weaknesses in data protection among newly-worked computer users from home. Health departments have also dealt with ransomware attacks on their networks by hackers who attempt to lock up or erase confidential health information unless organizations pay exorbitant amounts.
An increase in phishing emails
Researchers at the cybersecurity company Barracuda Networks reported an increase in "phishing" emails by 667% near the start of the epidemic, NewsWeek reported. Cybercriminals encouraged recipients in the emails to click links or download attachments that would infect computers with viruses.
Every day, Ugoretz reported in mid-April, the IC3 received between 3,000 and 4,000 complaints of cyber-threats. Before the start of the epidemic, the IC3 received only about 1,000 complaints per day.
Meanwhile, The Hill reported that both the World Health Organization and the Department of Health and Human Services were targeted by such attacks. Coronavirus-related scams, on the other hand, have targeted federal relief funds.
However, the attacks on both parties were unsuccessful. They were identified in an investigation of the Cybersecurity and Infrastructure Security Agency (CISA) of the Department of Homeland Security.
In a joint statement, the FBI and CISA reported that Chinese cyber villains and non-traditional collectors have been locating and illegally procuring valuable intellectual property (IP) and public health data relating to vaccines, therapies, and testing from COVID-19-related research networks and staff."
The FBI and CISA advised coronavirus-based healthcare, pharmaceutical, and research industries to "maintain dedicated cybersecurity and insider threat activities" to prevent possible hackers and cyber-thieves.
Also, the agencies recommended that companies repair all internet-connected computers, internet data processing tools, and other essential vulnerability programs.
They also urged the agencies to regularly scan web applications for unauthorized access, changes, or suspicious behaviors, and to also enhance credential standards for users, and require multi-layer authentication.