In brief:
- Hackers have changed their tactics to take advantage of the coronavirus.
- US and UK cybercrime officials warn of email phishing attempts and fake remote working solutions.
- Despite the changing methods, cybercrime levels stay the same.
We do the research, you get the alpha!
Per a joint advisory from US and UK cybersecurity officials issued April 8, hackers and other malicious actors are leveraging the coronavirus to their own gain.
The advisory from both the UK national cybersecurity centre (NCSC) and the US cybersecurity and infrastructure agency (CISA) urged caution—citing an uptick in scams since the pandemic broke out.
"Bad actors are using these difficult times to exploit and take advantage of the public and business," Bryan Ware, CISA's assistant director for cybersecurity, said in a statement.
These fraudsters, the advisory warns, are imitating remote workplaces—such as Zoom—to exploit the burgeoning demand in work-from-home solutions. Instead of the software, victims are lured into downloading malware.
Email scams are also rife, according to the agencies, who told of feigned emails from health officials, duping people into divulging personal information.
Phishing tactics are similarly being carried out via text messaging. Fraudsters often bait victims with tales of financial gain. Now, with a rise in coronavirus support packages worldwide, criminals are posing as officials charged with doling out financial aid—only to redirect victims to a phishing site.
A change in tactic
While there's been an uptick in coronavirus related scams, the advisory notes that levels of cybercrime haven't actually increased.
Microsoft echoed a similar sentiment in a blog published yesterday.
"Attackers don't suddenly have more resources they're diverting towards tricking users; instead they're pivoting their existing infrastructure, like ransomware, phishing, and other malware delivery tools, to include COVID-19 keywords that get us to click," said Rob Lefferts, corporate vice president of Microsoft 365 Security.
After analyzing millions of phishing emails, Microsoft revealed that only 60,000 included coronavirus-related malware.
"Our data shows that these COVID-19 themed threats are retreads of existing attacks that have been slightly altered to tie to this pandemic. This means we're seeing a changing of lures, not a surge in attacks," Lefferts added.
It looks like the coronavirus isn’t content with taking down the economy but wants the money in your wallet too.