Online criminals exploiting Covid-19 crisis, security firm warns

Main threats to organisations during the pandemic stem from phishing

With large numbers of staff working from home, there may be additional vulnerabilities. Photograph: Getty Images

With large numbers of staff working from home, there may be additional vulnerabilities. Photograph: Getty Images

 

Fresh evidence has emerged that cyber criminals are working together to develop ways to exploit the coronavirus pandemic.

Criminals have used Dark Web forums to share ways that consumers’ efforts to stay safe could be used against them, according to Raluca Saceanu, the general manager of Irish-based cybersecurity firm Smarttech247

She said her company had recorded “a significant increase in targeted malicious activity” in recent days. “Many consumers are moving money onto bank card accounts to cut down on using cash at the moment,” she said.

“As a result, posters on the forum were chatting about how it’s a good time to run ‘carding’ scams, and even offering discounts on the technology used for these crimes,” she said. Carding is a form of credit card fraud in which a stolen credit card is used to charge prepaid cards.

In another example highlighted by Ms Saceanu, a workplace email scam falsely claimed to have originated at the World Health Organisation and asked recipients to click on a link to access safety measures regarding the spreading of coronavirus. When the link was clicked it activated malware to infect devices.

“The approach being taken clearly seeks to take advantage of the level of concern around public health at the moment. There is so much going on but it’s vital that people don’t unwittingly let their guard down,” she said.

Her comments echo those made by the National Cyber Security Centre (NCSC) late last week when it issued a warning about cybercriminals actively exploiting the coronavirus pandemic to target the general public and businesses

Its guidance said the move “has created a considerable amount of concern amongst the cybersecurity community” due to the various approaches being taken by criminals.

While it is not uncommon for cybercriminals to seek to exploit events for their own profit, the NCSC said the speed and scale at which they were doing so during the crisis was of great concern.

The NCSC, which is responsible for advising the Government on cybersecurity issues, highlighted methods used including targeting the organisations whose staff are working remotely and the singling out of healthcare services that are under stress. It also notes a sharp increase in malware that has Covid-19 themes.

“The key threats to organisations during the response to Covid-19 stem from the phishing, social engineering and remote access threat,” the centre warned. “These are not new threats, but with large numbers of staff working from home, there may be additional vulnerabilities where existing IT security services do not extend to remote devices, and where remote working was implemented under time pressure,” it adds.

With a range of financial and other Covid-19 supports now available for people and businesses impacted by the pandemic, the Banking and Payments Federation of Ireland (BPFI) has also warned that fraudsters will “target victims via email, text, phone and social media by posing as genuine organisations including government, banks and health care providers in an attempt to get victims to disclose personal or financial information”.