Online scammers leveraged government coronavirus announcements, sometimes within just a matter of hours, to exploit unprecedented cyber security weaknesses during the pandemic, new research shows.
A study by experts at Abertay, Strathclyde, Kent, Oxford and Warwick universities found home working created “a level of cyber security concerns and challenges never faced before”, and reveals how the situation was seized upon by cyber criminals.
The study, seen in full by us, highlights a pattern between new cyber campaigns and key events, such as announcements of spending or health policies, illustrating how scammers manipulated briefings to exploit the anxieties of the public.
Researchers tracked instances of cyber attacks inspired by Covid-19 from the first example around 30 days after the first confirmed case of the virus in China and found the timeframe between events and linked attacks reduced dramatically as time went on.
“Attackers are clever and like to stay a step ahead.”
Dr Xavier Bellekens
Their timeline, which sometimes includes multiple major new campaigns on a single day, maps instances across the world against the spread of the virus and key public health measures, such as the first UK lockdown in March last year.
They found scammers expanded their attacks as it became clear Covid-19 was set to become a global event and used “traditional trickery” to prey on heightened levels of stress, anxiety and worry that created a greater likelihood of success.
‘Quite exceptional’ problems
The paper states the extent of cyber security-related problems in the UK was “quite exceptional” and researchers found there was a “loose correlation” between policy announcements by the UK Government and subsequent cyber crime campaigns.
By early May, more than 160,000 suspect emails had been reported to the National Cyber Security Centre and by the end of the same month £4.6 million had been lost to Covid-19-related scams.
The research team found events such as the March 11 budgetary announcement increased the likelihood of a positive response to a cyber criminal campaign and that perpetrators were “very likely to hook on to events” when coming up with scams.
Dr Xavier Bellekens, a leading cyber security expert at Strathclyde University and one of the authors of the paper, said criminals had adapted their approach to include themes such as jobs support, protective equipment or support for the NHS.
“Attackers are clever and like to stay a step ahead,” he said. “They will make sure they use emails that are believable and in line with the current threats or messaging.
“They might see a government announcement or event during the pandemic and they will send well-crafted emails tricking you into entering your credit card details, possibly to support NHS workers or purchase PPE that is in short supply.
“There is also always going to be an increased risk when people are working from home. During the pandemic people have their children to deal with, they have their work to deal with. It creates that extra stress.
“It might make you not focus 100% of the time and you might end up clicking a link you wouldn’t click on otherwise.”
The study, entitled Cyber Security in the Age of Covid-19: A Timeline and Analysis of Cyber-Crime and Cyber-Attacks during the Pandemic, found scams targeted members of the public generally, as well as millions of people working from home.
Critical national infrastructure, such as healthcare services, have also been attacked, and incidents using ransomware – a type of software that blocks access to files and then demands payment to release them – have been reported in a number of countries.
The paper states home working has revealed a “general unpreparedness” among software vendors for these kinds of attacks.
It states: “The outbreak has caused mass disruption worldwide, with people having to adapt their daily routines to a new reality: working from home, lack of social interactions and physical activity, and fear of not being prepared.
“These situations can overwhelm many, and cause stress and anxiety that can increase the chances to be victim of an attack.”
Criminal gangs have been observed impersonating official bodies, such as the World Health Organisation, the NHS or the legitimate Johns Hopkins University Covid-19 information dashboard, to seize control of sensitive data.
A large number of website domains containing the words ‘covid’ or ‘coronavirus’ have also been registered by apparent scammers, along with attempts to impersonate communications platforms such as Zoom, Microsoft and Google.
In other instances, criminals have been known to offer bogus coronavirus cures, false advice on effective treatments or pose as health officials requesting donations to help develop a vaccine.
The paper suggests government events should be accompanied by a note or a disclaimer outlining how legitimate information relating to the announcement will be relayed.
“The best thing for us to do is to increase education.”
Dr Bellekens believes governments in the UK have responded well overall to threats of cyber crime since the beginning of the pandemic but stressed the study shows the need to find new ways to keep the public safe.
“Both sides will have learned from the pandemic,” he said. “It would be foolish to believe that only the people thinking about security will have learned from this.
“Scammers and hackers will have learned their lessons. They will find new ways. We’re going to be stuck in a mouse and cat chase game because the public is slower and is the one reacting to the attack.
“The best thing for us to do is to increase education. Companies will have learned their lessons on how to protect their infrastructure for remote working.
“I think the pandemic has demonstrated a number of issues but it has also demonstrated that we can react very fast to any set of events.”
Dr Lynsay Shepherd, of Abertay University’s division of cybersecurity, said: “Cybercrime is a highly sophisticated and organised activity and it will not come as a surprise to anyone in the cybersecurity industry that these individuals and groups used the Covid-19 pandemic as a vehicle to launch attacks.
“It is unlikely there will ever be a time when we can eradicate cybercrime. Therefore we must continue to educate everyone from as early a stage as possible, train our graduates to understand the mindset of cybercriminals, as we do at Abertay, and to continue to invest in research, development, innovation and infrastructure.”