While the world is focused on the health and economic threats posed by COVID-19, cybercriminals are undoubtedly capitalising on this crisis to inflict harm on organizations, their staff, and even customers.
There has been a spike in phishing attacks, malware, and ransomware attacks as invaders continue to use COVID-19 as bait to impersonate brands thereby misleading employees and customers.
This has resulted in more infected personal computers and phones. Not only are institutions and businesses being targeted, end-users who download COVID-19 related applications are also being tricked into downloading ransomware disguised as legitimate applications.
For instance, in the third week of April, the World Health Organisation (WHO) reported that some 450 of its active email addresses and passwords were leaked online along with thousands belonging to others working on the novel coronavirus response. The attack impacted on an older extranet system, used by current and retired staff as well as partners.
Scammers impersonating WHO in emails have also increasingly targeted the general public in order to channel donations to a fictitious fund and not the authentic COVID-19 Solidary Response Fund. The number of cyber-attacks is now more than five times the number directed at the Organization in the same period last year.
In addition to directly generating or diverting currency transactions, cybercriminals have also compromised people’s emails to fraudulently purchase gift cards, divert tax returns, and even transfer millions of dollars’ worth of hardware and equipment.
Research by cybersecurity company Check Point recently showed a 30% increase in COVID-19 related cyber-attacks over the first two weeks of May, many of which involved email scams. On average, there were 192,000 coronavirus-related cyber-attacks documented per week.
According to assessments by the World Economic Forum (WEF), hacking and phishing attacks are likely to become the new norm.
Multiple surveys have established the vulnerability of the public sector, mostly government agencies who, while attempting to procure medical equipment, transferred funds to fraudulent brokers prior to receiving the items, only to learn that the equipment did not exist and that the funds are unrecoverable.
CyberArk survey last year of security professionals in Australia, the UK, the US, France, Germany, Israel, and Singapore found that 47% of public sector respondents have experienced at least one cyberattack that impacted operations during the past three years.