Image credit: scmagazine.com |
Preamble: According to worldometers.info/coronavirus, there are
currently 335,366 coronavirus cases in 191 countries and territories around the
world. Out of this number, about 97,595 (87%) of COVID-19 patients recovered
and 14,611 deaths (13%) were recorded as at 2200Hours GMT, 22/03/2020. This suggests
that a coronavirus infection is not necessarily a death sentence as people
actually recover from it. On the economic side, the
United Nations Secretary-General Antonio Guterres warned on
Thursday that a global recession "is a near certainty" and current
national responses to the coronavirus pandemic "will not address the
global scale and complexity of the crisis." Corroborating the assertion of the UN Secretary General, Nigeria’s Presidential Economic
Advisory Council (PECA) warns
that Nigeria could slip into another recession sequel to the impact of coronavirus
on global economy, which includes the crash of oil price.
On the cybercrime implications,
as
home working becomes the new normal, fraudsters are increasingly capitalizing
on the infodemic cum pandemic, widespread hysteria to deploy mixed bag of coronavirus-themed
phishing emails, messages, social engineering schemes, ransomware attacks to scam
vulnerable people. This is because many people out
there are hyper-anxious and now have heightened interest in news and latest
development especially on how to prevent and cure coronavirus. For instance, in
Nigeria, Chloroquine was sold out in drugstores after President Trump opined
that the drug is a potential cure for COVID-19. Some of the scam formats already
spreading like wild fire are in the form of email phishing campaigns soliciting
for donations to help fund COVID-19 vaccine, offer of over-the-counter
prescriptions touted to treat or cure Coronavirus or supplies such as face
masks, hand sanitizers, hand gloves for sale, and unsolicited remote working emails.
Cybersecurity experts warn of the
security implications of working from home, that the trend may put some
companies at higher risk of phishing, ransomware and other cyber-attacks. This is because
mobile or home WIFI and networks seldom have strong
firewalls and protections compared to corporate networks. For instance, more
than one-third (36%) of senior technology executives surveyed by
CNBC say that cybersecurity risks have increased as a majority of their
employees work from home as cybercriminals increasingly take advantage of the
COVID-19 pandemic to attack remote workforces and corporate
systems. Healthcare devices are said to be at higher cybersecurity risk now due
to the COVID-19 pandemic.
This is because a survey of 1.2
million Internet of Things (IoT) devices used in scores of healthcare
organizations across the United States found that 56% of devices were still
running on the Windows 7 operating system, which Microsoft stopped supporting
in January, 2020. Apparently tech vendors, such as SaaS providers, are less
able to respond promptly in the current situation. While one of the respondents
said their organization has seen phishing and other cyber scams rise 40%, other
experts stated that the true level of hacking risk is likely much higher than
even these numbers indicate. According to Miriam Wugmeister, partner and
co-chair of law firm Morrison & Foerster's global privacy and data security
group, "The bad guys know that every IT department and every cybersecurity
group is currently overwhelmed and stretched." Folks working from home
must adhere to the company security policies and protocols, always
use two-factor authentication for personal and work accounts and deploy a VPN (virtual private network) if provided or available. A
VPN helps to encrypt data, hide and mask an IP address to keep prying eyes from
seeing what you are doing and who you are.
Nation States, COVID-19 And Finger-pointing
Apart from cybercriminals who
exploit the COVID-19 pandemic to perpetrate scams, make money, there’s a slew
of scaremongering, alleged disinformation campaigns, finger-pointing and buck-passing
amongst nation states. A case study is an advanced persistent threat ascribed to
a group of Chinese hackers, dubbed Vicious Panda by an Israeli-based technology
company, Check Point. The European Union recently claimed that
Russian media deployed a “significant disinformation campaign” against the West
to worsen the impact of the coronavirus, generate panic and sow distrust’’. The
EU cited examples from Lithuania to Ukraine, including false claims that a U.S.
soldier deployed to Lithuania was infected and hospitalized. The Russian
government denied the allegation. Tensions between the United States and China
heightened after senior officials of both countries spewed
verbal attacks at each other about the origin of coronavirus. In his tweets,
Zhao Lijian, a spokesperson of China's Ministry of Foreign Affairs (MOFA), accused
the United States of spreading the virus to the city of Wuhan, the epicenter of
coronavirus pandemic. China insinuated that coronavirus is an American disease
that might have been introduced by members of the United States Army who
visited Wuhan in October. Recall that prior to the Chinese claim, President Donald
Trump referred
to the coronavirus as “the Chinese virus”, escalating a deepening US-China
diplomatic spat over the outbreak.
Typical COVID-19 Fraud Schemes Include:
1.
Cybercriminals
spoofing government, humanitarian agencies and appealing for COVID-19 emergency
funds: Multiple reports assert that cybercriminals are now creating and
launching thousands of coronavirus-related websites on a daily basis. According
to a security researcher, cybercriminals created more
than 3,600 new domains that contain the "coronavirus" term between
March 14 and March 18. The researcher only scanned for new domains containing
the term coronavirus. If the scan is broadened to include other phrases like
COVID-19, pandemic, virus, or vaccine, the results will certainly be bigger. A
cybersecurity company, RiskIQ reportedly ‘’saw more than 13,500 suspicious
domains on Sunday, March 15; more than 35,000 domains the next day; and more
than 17,000 domains the day after that’’. Amazon says
it removed over 1 million products claiming to treat coronavirus by the end of
February.
Granted there are legitimate coronavirus inspired
domains or websites in the mix, but nine out of ten of them were said to be
fraudulent. For instance, hackers reportedly cloned the website of the World
Health Organization’s COVID-19 Solidarity Response
Fund appealing for funds, donations and tenably to spread malware. This
prompted the WHO to issue a warning on 16
February, on the trend of fraudulent emails sent by criminals disguising
themselves as the World Health Organization with the intention to steal money
or sensitive information from individuals or organizations. Fundraising scammers
will spin emotional narratives and use pictures of real people to try to raise
funds, employing genuine fundraising platforms such as GoFundMe to amass donations.
Be wary of individuals asking for donations.
Recommendation: Be aware of cloned or phoney websites
– cybercriminals often clone or use a domain name or web address which looks
almost identical to the legitimate one, e.g. ‘www.who.com’ instead of the correct
one - ‘www.who.org’. Don’t let anyone rush you into making an online donation.
2.
Phishing
and social engineering schemes – These are basically emails or
text messages claiming to emanate from national or global health authorities,
with the aim of tricking victims to provide personal credentials or payment
details, or to open an attachment containing malware. More often than not, the
fraudsters pose as reputable or legitimate organizations, using similar
designations, websites, social media accounts and email addresses in their
attempt to trick unsuspecting members of the public into parting with their
hard earned money. Recently, The United States Federal Bureau of Investigation
(FBI), the Federal Trade Commission (FTC) and attorneys general’s office reported a rise
in fraudulent activity exploiting confusion around Covid-19. Individuals should
expect to see a bustling range of coronavirus-related phishing emails, smishing
(text message phishing), and phone fraud scams over the coming weeks.
Recommendation: Exercise caution in handling
any message with a COVID-19-related topics, such as email attachments and
hyperlinks. As a rule of thumb, don’t click on links from sources you don’t
know. They could download viruses onto your computer or device. Perform due
diligence of any social media plea, text, or call related to COVID-19. As they
say, if it sounds too good to be true, it is.
3.
Malicious
COVID-19 interactive map: In a related development, a weaponized
coronavirus map found to infect victims with a
variant of the information-stealing AZORult malware was reportedly sold
online by Russian language cybercrime forums. The malicious online map found at
www.Corona-Virus-Map[.]com, looks
very convincing, showing an interactive map of the world and a summation of confirmed
COVID-19 cases, total deaths and total recoveries, by country, and cities.
Problem is, the so-called tracking map dashboard is said to be part of an
infection kit designed for a Java-based malware deployment operation. Such
weaponized coronavirus links, maps can spy on someone through
an android phone’s microphone and Camera.
4.
Increased cyberattacks
on financial institutions: The European Central Bank warned banks
to prepare for a possible jump in the number of cyber attacks as part of the
fallout from the coronavirus. The United Kingdom’s intelligence agency – the
National Cyber Security Centre (NCSC) also corroborated how
criminals spread malware via emails purporting to contain important updates
about the COVID-19 outbreak, and that attempts have also been made to scam
unsuspecting users and phish passwords and sensitive information. The UK National
Fraud Intelligence Bureau estimates
that victims lost over £800,000 to coronavirus scams in February in the United
Kingdom. The INTERPOL warns that
criminals are capitalizing on the current COVID-19 pandemic to run a range of
financial scams. According to INTERPOL’s Secretary General, Jürgen Stock, ‘’criminals are exploiting the fear and uncertainty created
by COVID-19 to prey on innocent citizens who are only looking to protect their
health and that of their loved ones’’. INTERPOL’s Financial Crimes Unit says it
is receiving information from member countries on a near-daily basis regarding
fraud cases and requests to assist with stopping fraudulent payments.
Recommendations: The INTERPOL admonishes us to be wary if someone asks us to make a
payment to a bank account located in a different country than where the
supposed company is located. If you believe you have been the victim of fraud,
alert your bank immediately so the payment can be stopped.
5.
Telephone
fraud – The United States Federal Communication Commission (FCC) received
reports of robocalls purporting to offer bogus coronavirus vaccines and free
test kits, in an effort to collect consumers' personal and health insurance
information.
Recommendation: Do not respond to calls or
texts from unknown numbers, or any others that appear suspicious. Your bank/account officer will never ask for your account, or pin
number when they call you. Anyone who does is a scammer.
6.
Scammers posing as door-to-door COVID-19 testers: South London's Lambeth force said they had reports that
"individuals may be taking advantage of the vulnerable by posing as
door-to-door coronavirus testers in order to gain access to people's
properties".
Similarly, the Canadian Anti-Fraud Centre (CAFC) warns that,
innovative scammers are using the coronavirus pandemic to come up with new scam
techniques, capitalizing on prevailing fears and anxieties about the disease to
cheat Canadians out of their money and personal information. The Central Bank of
South Africa warned
South Africans against scammers visiting homes to “recall” banknotes and coins
they said were contaminated with the novel coronavirus. The criminals carried fake identification
badges and provided false receipts to victims, who were told they could
exchange the slips for “clean” cash at any bank. The
bank said in a statement issued late Monday that it had “neither withdrawn any
banknotes or coins nor issued any instruction to hand in banknotes or coins
that may be contaminated”.
Please let's stay safe! Observe social distancing, good hygeine and follow advise to contain the spread of this deadly virus.
©Don Okereke is a security
analyst, thought leader, writer, active citizen and ex-serviceman. He’s a
passionate advocate for cyber/security awareness.
March 22, 2020
Very much possible. Such vital information is one of the numerous defence gears that the nation need to effectively tackle the pandemic and it's associated problems.
ReplyDeleteWe can't overlook it's capacity to create criminal loopholes.
Thanks for your feedback, Ebuka. Stay safe
Delete