The novel coronavirus has impacted the global economy, daily life, and human health around the world, changing how people work and interact everyday. But in addition to the pressing threat the virus poses to human health, these rapid changes have also created an environment in which hackers, scammers, and spammers all thrive.
Coronavirus phishing scams started circulating in January, preying on fear and confusion about the virus—and they’ve only proliferated since. Last week, Brno University Hospital in the Czech Republic—a major Covid-19 testing hub—suffered a ransomware attack that disrupted operations and caused surgery postponements. And even sophisticated nation state hackers have been using pandemic-related traps to spread their malware. The conditions are ripe for cyberattacks of all sorts.
More people than ever are working from home, often with fewer security defenses on their home networks than they would have in the office. Even in critical infrastructure and other high-sensitivity environments where it would be impossible to securely work from home, skeleton crews at the office and general distraction can create windows of vulnerability. And in times of stress or distraction, people are more likely to fall for malicious scams and tricks.
“This global crisis is an emergent vulnerability in the broadest sense possible,” say Lukasz Olejnik, an independent cybersecurity researcher and consultant who has been analyzing the digital security risks posed by the pandemic. “The current situation poses enough challenges. Any additional undesirable events would just make it more difficult. So one worst case consequence of a cyberattack could be slowing down crisis response, for example in the health care sector.”
That’s exactly what has played out at Brno University Hospital, where the Czech National Cyber Security Center and Czech law enforcement still have not fully restored digital services. Ransomware attacks on hospitals are common, because scammers hope that the urgent need to function will push administrators to simply pay the ransom. Such attacks always pose a potential threat to the health and safety of patients, but are especially horrific during a pandemic that is straining the world’s health care systems. On Wednesday, the incident remediation firm Coveware and the malware defense firm Emsisoft began offering free ransomware response services to healthcare organizations for the duration of the pandemic, warning that a digital attack on a healthcare provider during this time would have real-world kinetic consequences.
Meanwhile, phishing and scam websites themed around the pandemic are exploding on the web; some reports estimate thousands of new domains cropping up every day. Crane Hassold, senior director of threat research at the email security firm Agari, says that his team is particularly wary of the threat phishing poses to people working remotely. Home Wi-Fi often doesn’t have the same defenses—think firewalls and anomaly detection monitoring—of corporate environments. And it doesn’t help that some leading corporate VPNs have major vulnerabilities that companies don’t always take the time to patch.
Hassold, formerly a digital behavior analyst for the Federal Bureau of Investigation, also notes that even extra cautious employees may be more likely to take phishing emails at face value, since it’s not as easy to call across the room to a colleague and check whether they really initiated that payroll payment reroute. “All of this is a perfect storm,” he says.
Covid-19 scams aren’t just being used by criminals for monetary gain, but are showing up in more insidious operations. Mobile security firm Lookout published findings on Wednesday that a malicious Android application has been posing as a Covid-19 tracking map from Johns Hopkins University, but actually contains spyware connected to a surveillance operation against mobile users in Libya.
And then there are the nation state hackers, who know full well that home networks simply aren’t as secure as those in offices. Remote connections in particular make it more difficult, if not impossible, for most threat detection tools to differentiate legitimate work from something suspicious.
“There’s no question that some intelligence agencies are going to take advantage of this,” says Jake Williams, a former NSA hacker and founder of the security firm Rendition Infosec. “Whatever your baselines are, you’ve probably departed from them now with all of this remote access. So anything you thought you were going to get out of certain tools you’re not going to get anymore—and a lot of times everything, every connection is just lighting up like a Christmas tree. Plus, everybody is just so distracted. It definitely presents an opportunity for attackers to be a little bit noisier and a little more aggressive. I would be very surprised if they don’t take advantage of that.”
Overall daily internet usage has increased around the world during the pandemic, but John Graham-Cumming, chief technology officer of the internet infrastructure company Cloudflare, says that he and other infrastructure providers he’s spoken to aren’t concerned about handling the load. But Cloudflare’s protective mechanisms have blocked between 50 and 70 percent more assaults, like distributed denial of service attacks, in recent weeks compared to January. Graham-Cumming largely attributes this spike to amateur experimentation.