Coronavirus Cyber Attacks

From Critical Infrastructure to Leaked Video Conferences

As the weeks become months and it remains unclear how long the coronavirus pandemic will disrupt business ‘as we knew it’, one thing remains a constant: cyber criminals are all too eager to exploit a crisis to meet their nefarious goals.

With huge portions of the public now working remotely (when possible), the threat to information security is clear. From issues of confidentiality to basic communications, there are many organisations that have been caught less than perfectly prepared.

Dominating both news and board meetings, the pandemic has highlighted many of our strengths and weaknesses. Though despite the vast array of instances of human kindness, it’s also unsurprising there are those amongst us looking to scam, cheat and steal.

With this in mind, we asked what are some of the main ways that cyber criminals are exploiting the coronavirus, and what can be done to protect yourself and the information security of your organisation?

Rush to Find Vulnerabilities

Organisations may be rushing to find out-of-office solutions to facilitate continued operations, but cyber criminals are likewise racing to find vulnerabilities and weaknesses within these products to exploit.

Perhaps the most prominent example of newly popular software attracting the attention of criminals and information security specialists alike is Zoom. The remote conferencing service software has seen a 1900% rise in daily active users over the last three months, and with this rise in usage came a degree of security scrutiny for which the company was arguably unprepared.

Among issues highlighted include the company’s blatantly misleading claim that conferencing is secured with end-to-end encryption, as well as reports claiming ‘meeting keys’, a type of security protocol, are being unnecessarily passed through servers located in China.

Despite having now been banned in several organisations and governments, the use of the software in UK cabinet meetings has supposedly been defended by the National Cyber Security Centre (NSCS), though whether its use will continue, is uncertain.

"Covid-19 has created - and continues to create - awe-inspiring intelligence-collection opportunities."

Thomas Rid, Johns Hopkins University

Regardless of Zoom's use within certain institutions, it is invariably wise to avoid using software, the security of which is unverified, to discuss or exchange sensitive information.

In accordance with general information security advice, neither organisations nor individuals should be putting confidential or sensitive information at unnecessary risk with unsecure software. Given the potential for an information security compromise, finding reliable and secure communication channels should be a priority.

Phishing Attacks

The coronavirus outbreak and response has, according to the World Health Organisation (W.H.O), been accompanied by a “massive infodemic”, in other words a flood of both accurate and inaccurate information.

Both the supply and demand for information regarding the pandemic creates the ideal situation for phishing attacks. From the offering of fake cures or treatments, to appeals to people’s charitable instincts, the spate of coronavirus related phishing attacks is taking many forms.

The W.H.O released a specific warning regarding scammers disguising themselves as the health authority, whilst many other information and cyber security experts advised that users take particular care when dealing with communications relating to the virus.

Action Fraud, the UK’s fraud reporting centre has recorded nearly £970,000 in total losses as a result of coronavirus related fraud since the beginning of February, an amount which is likely to rise significantly over the coming months.

Although the scam subject may be new, phishing is not a novel threat and the methods of defence and mitigation remain the same. Given the necessary human interaction, it is paramount that employees and users are educated in how to avoid phishing emails.

Targeting Healthcare Institutions

Since the crisis began, INTERPOL’s Cybercrime Threat Response team has issued a warning to hospitals and other institutions working to fight the outbreak following a significant increase in the number of detected ransomware attack attempts.

Being so critical to the global response to Covid-19, these institutions are being targeted in the hopes of locking hospitals etc. out of critical systems and away from vital information in the hopes of extorting payments.

“As hospitals and medical organizations around the world are working non-stop… they have become targets for ruthless cybercriminals who are looking to make a profit at the expense of sick patients”

Jürgen Stock, INTERPOL Secretary General,

As the international policing organisation’s website advises, key preventative measures for ransomware attacks include keeping both hardware and software up to date, as well as the adequate backing up of essential information and files.

Like most ransomware, the attacks targeting health institutions are frequently via email, and the standard advice to avoid phishing attacks is again applicable here.

For our comprehensive guide to phishing avoidance techniques, click here.

Please remember, cyber criminals and phishers rely on curiosity, response to authority and most importantly, individuals not taking the proper time to assess communications for authenticity. Although it may not seem an immediate area of focus, those few extra moments needed to avoid a ransomware attack, are even more critical than ever.

Stay Safe, Stay Vigilant

As with the danger of the coronavirus itself, users and individuals are strongly advised to take the proper precautionary measures to avoid unnecessary risks. Phishing attacks, ransomware and unsecure software all pose serious and important information security threats, at this time particularly.

Just as we are called upon to take measures to protect ourselves and other from physical ailments, so should we remain vigilant to the pernicious intentions of cyber criminals wishing to exploit us at our moments of weakness.

From everyone at Hut Six, stay safe, stay secure, and be prepared.