With the COVID-10 pandemic increasing online dependency of businesses and forcing them to deploy remote systems and networks, cyber criminals have quickly shifted their attention from individuals to major corporations, governments, and critical infrastructure, says Interpol.
While much has been written about cyber criminals using COVID-19-themed phishing techniques to con individuals and businesses, Interpol said in a new report that since the pandemic spread around the world, there has also been a major rise in the use of disruptive malware, malicious domains, data harvesting malware, and DDoS attacks by cyber criminals.
Interpol said that lured by the potential for high impact and financial benefit, cyber criminals are now using disruptive malware and ransomware against critical infrastructure and healthcare institutions, with a majority of hackers estimating quite accurately the maximum amount of ransom they could demand from targeted organisations.
Major rise in disruptive malware attacks on organisations in the middle of the pandemic
Using COVID-19 related information as a lure, hacker groups are also injecting data harvesting malware such as Remote Access Trojan, info stealers, spyware and banking Trojans into corporate IT networks to compromise networks, steal data, divert money and build botnets.
Since the pandemic took shape, Interpol also observed a major rise in the setting up of fraudulent and malicious web domains that have COVID-19-related keywords such as “coronavirus” or “COVID”. Between February and March, A private sector partner of Interpol reported a 569 percent growth in malicious registrations, including malware and phishing and a 788 percent growth in high-risk domain registrations.
Between January and April, Interpol's private sector partners also observed as many as 907,000 spam messages, 737 incidents related to malware, and 48,000 malicious URLs that were related to COVID-19.
“Cybercriminals are developing and boosting their attacks at an alarming pace, exploiting the fear and uncertainty caused by the unstable social and economic situation created by COVID-19,” said Jürgen Stock, Secretary General of Interpol.
“The increased online dependency for people around the world, is also creating new opportunities, with many businesses and individuals not ensuring their cyber defences are up to date. The report’s findings again underline the need for closer public-private sector cooperation if we are to effectively tackle the threat COVID-19 also poses to our cyber health,” he added.
While phishing scams formed 59 percent of all cyber threats since the arrival of the coronavirus, malware and ransomware infections formed 36 percent, malicious domains formed 22 percent, and 14 percent of threats were instances of misinformation and fake news related to the pandemic.
Instances of misinformation and fake news included conspiracy theories, illegal trade of fraudulent medical commodities, as well as 'too good to be true' offers such as free food, special benefits, or large discounts in supermarkets. A majority of emails and text messages that disseminated misinformation or fake news concealed malware or malicious domains.
Hackers are likely to continue proliferating coronavirus-themed online scams
Interpol believes that threat actors are likely to continue proliferating coronavirus-themed online scams and phishing campaigns to leverage public concern about the pandemic and will continue to exploit vulnerabilities related to working from home for financial benefit, developing more advanced and sophisticated modi operandi in the process.
Commenting on Interpol's assessment, Jonathan Miles, Head of Strategic Intelligence and Security Research at Mimecast, told TEISS that it o surprise to see that Interpol believe there will be further cyberattacks in the coming weeks, as the pandemic has created increased opportunities globally for malicious activity to take place.
“To defend and mitigate the threats, it is key that organisations build a layered approach to cybersecurity resilience, including cybersecurity responsibility and awareness embedded deeply throughout all sectors of organisational culture. Offering regular remote working cybersecurity awareness training to employees will be crucial, with organisations recommended to take the initiative on keeping their employees informed about current and prevailing threats.
“Doing so will ensure employees are aware of good cyber hygiene practices and will help bolster physical security resilience, especially as our research shows that employees not undertaking Mimecast awareness training are 5 times more likely to click on a malicious link than those who do receive training,” he added.