Cybercrime and Covid-19
With the appearance of the SARS-COV2 virus, which causes Covid-19 disease, many work activities have been forced to transfer online. We spend significantly more time on computers, mobile devices using the Internet first for business purposes, but also communication, shopping, and to inform on all relevant topics. Given all these activities, we also need to take certain actions to best protect our computers, especially when we are connected to a company network.
As Covid-19 is currently the number one topic in the world, hackers are making extensive use of the situation, leading to a significant increase in cybercrime. Many hackers use the Covid-19 situation to get users to install a variety of malicious software, all to retrieve sensitive user data, passwords, monitoring user activity on the system and the like.
We have gathered information from several sources, how hackers are most likely to act and what are the cybercrime activities that we need to pay attention to.
The name Covid-19 is especially used for Spam, Malware files and Malicious domains.
RiskIQ analyzed the spam box feed for the period March 30th– March 31st 2020. During this period, 217.169 spam emails containing either “corona” or “covid” in the subject line were analyzed.
There are different ways that hackers use to put their actions into action, just some of them are:
Phishing campaigns and malware distribution by seemingly genuine websites or documents that provide information or advice on COVID-19 are used to infect computers and download user credentials. (SOURCE)
Spam – Special attention should be paid to the emails we receive from a variety of sources, as hackers most commonly use this type of attack on a user’s computer, using the name Covid-19 to induce the user to open mail or download a brochure from the mail.
Malicious websites – Also, hackers use and market a variety of malicious websites that users will recklessly click and compromise their computer to inform. Through botnet, threat actors can launch DDoS attacks, download files from your computer, execute scripts, capture screenshots, steal bitcoin wallets, and collect browser cookies and passwords.
Examples of such sites are the antivirus-covid19 [.]site and corona-antivirus [.]com, which promote an application that supposedly protects the user from the Covid-19 virus, whereby when a user installs the application, his system attacks BlackNET Rat malware. (SOURCE)
Ransomware – The attack that was alleged to have caused the ransomware has hit the University Hospital Brno in the Czech Republic, a test center for COVID-19. The hospital’s computer systems were shut down due to an attack, delaying the release of COVID-19 test results. (SOURCE)
Fraud – placement of the products that are necessary for the event of a pandemic, such as masks, disinfectants or other medical preparations, without ever physically getting the products ordered, all to raise money for customers. (SOURCE)
Placing false information is also a form of cybercrime aimed at creating panic in people. (SOURCE)
Some of examples of malware are:
- “Corona Virus” Trojan – targeting Windows, this Trojan mimics a real map of the global locations of COVID-19 infections to trick users into downloading the malware which then steals user credentials and other personal data
- CovidLock Android Ransomware – an Android app that pretends to give users a way to find nearby COVID-19 patients and track the virus’s spread across the world. Installing the app locks the device and asks the user to pay $250 in ransom in bitcoins
- Corona Safety Mask SMS Scam – pretending to be an app that help users find safety masks, this info-stealer obtains contacts and SMS messages then sends fraudulent messages to the victim’s contacts.
Cybercrime protection measures:
(Adapted from source)
- Be careful with the emails and files you receive from unknown senders, especially if they offer you special offers or discounts
- Be careful with links in emails as well as files that come to you from unknown sources
- Order products online from proven sources
- You should only search for information on Covid-19 on verified and official sites intended for this purpose
- Do not divulge your data such as your username, password, or your credit card information, as official institutions will never ask you to do so, especially not by e-mail.
- Provide adequate tools to protect against various cyber attacks (https://saga.rs/cybersecurity/?lang=en)
