The Covid-19 coronavirus pandemic has forced much of the world to adapt to a new way of life – and for cybercriminals it is no different. According to cybersecurity firm Proofpoint, 80% of scams, hacks and cyberattacks are now coronavirus-themed.
Since the security firm began monitoring for coronavirus scams on 29 January, it has observed over 500,000 messages, 300,000 malicious URLs and 200,000 malicious attachments with coronavirus themes.
And as the virus has spread, the volume of coronavirus scams has exploded.
“Coronavirus-related threat volumes continue to be high, attacks are broad in both nature and scope, and the threat actors behind these attacks are wide and varied,” the Proofpoint report notes. “Most importantly, these campaigns continue to grow, literally by the minute.”
In one credential phishing campaign a scammer pretending to be Microsoft Customer Support asks recipients to download a malicious attachment to “follow the company’s new protocol” in light of an employee testing positive for the virus.
Proofpoint also says infamous threat groups, such as TA542 – the gang behind banking trojan Emotet – and APT36 have pivoted to coronavirus themed cyberattacks.
A number of other security firms have seen similar trends during the pandemic. Finnish security company F-Secure has witnessed a “significant amount” of protective mask scams. The banking industry has warned of a rise in smishing scams, in which criminals exploit pandemic fears with text messages impersonating financial institutions.
Combating coronavirus-themed scams
In response to the sharp rise in coronavirus-themed attacks, thousands of people in the cybersecurity community have pooled their knowledge and resources into analysing threats and providing advice to health agencies, businesses and consumers.
Some security companies, such as Coveware and Emsisoft, are offering free ransomware decryption tools to healthcare providers.
Cybersecurity company Bitdefender, which observed a 475% increase in coronavirus-related cyber threats, has offered free enterprise-grade security solutions to all healthcare organisations worldwide.
Ed Bishop, chief technology officer at cybersecurity firm Tessian, says that employees working from home during the pandemic should be “even more vigilant when it comes to phishing attacks”.
“Hackers love emergencies and times of uncertainty, because people are scared, distracted, and vulnerable. This makes them ideal targets,” he said.
The State of Technology This Week
For more advice on staying safe online during the pandemic check out our top ten tips from cybersecurity experts.