The National Cyber Security Centre (NCSC) has urged the public to follow online safety advice to the letter as more evidence emerges of cyber criminal groups exploiting the Covid-19 coronavirus for malicious ends.
As extensively reported over the past few weeks, multiple criminal groups have ramped up their activity since the coronavirus began to spread beyond the confines of the Chinese city of Wuhan, where it first emerged, capitalising on people’s genuine fears.
Some of the more widespread threats seen to date have been bogus phishing emails with links claiming to have important updates on the virus, which if clicked lead to devices being infected with malware and ransomware.
The NCSC urged both businesses and members of the public to familiarise themselves on its online guidance on how to identify and deal with suspicious emails, and mitigate and defend against malware and ransomware.
“We know that cyber criminals are opportunistic and will look to exploit people’s fears, and this has undoubtedly been the case with the coronavirus outbreak,” said NCSC operations director Paul Chichester.
“Our advice to the public is to follow our guidance, which includes everything from password advice to spotting suspect emails. In the event that someone does fall victim to a phishing attempt, they should look to report this to Action Fraud as soon as possible.”
The NCSC said it was seeing an increase in the registration of websites relating to the coronavirus, and in the past few days it has introduced new automation measures to discover and remove sites are using the coronavirus as a lure to serve malware to unsuspecting visitors.
The attacks it has identified so far are versatile and can be conducted through various media, adapting to different sectors via multiple means, such as ransomware, credential theft, bitcoin scams or straight up fraud.
Among some of the more widespread campaigns spotted in the wild to date have been fraudulent emails purporting to be coming from the World Health Organisation (WHO) and the US Center for Disease Control (CDC), creating domain names that look similar to the CDC’s genuine web address to steal passwords, and even solicit bitcoin “donations” to fund a fake vaccine.
Other attacks have seen the Emotet banking trojan pressed into service to distribute infected Microsoft Word documents in Japan – in this case, impersonating a state welfare provider. Copycat operations have also been spotted in Indonesia, Italy and the US using different strains of malware.
In the UK, the NCSC said it had seen an uptick in targeted phishing emails, with cyber criminals paying particular attention to businesses in sectors more likely to be heavily affected by the coronavirus, such as shipping, transport and retail.
The UK’s National Fraud Intelligence Bureau has identified multiple reports of fraud involving coronavirus links to date, with losses to victims totalling close to £1m.
Many of the victims reported they had attempted to buy protective face masks from fraudulent online sellers, with one losing more than £15,000 when they purchased products that were never delivered.
