Cybersecurity Awareness: How Cybercriminals Weaponize COVID-19 To Perpetrate Scam

Image credit: scmagazine.com

Preamble: According to worldometers.info/coronavirus, there are currently 335,366 coronavirus cases in 191 countries and territories around the world. Out of this number, about 97,595 (87%) of COVID-19 patients recovered and 14,611 deaths (13%) were recorded as at 2200Hours GMT, 22/03/2020. This suggests that a coronavirus infection is not necessarily a death sentence as people actually recover from it. On the economic side, the United Nations Secretary-General Antonio Guterres warned on Thursday that a global recession "is a near certainty" and current national responses to the coronavirus pandemic "will not address the global scale and complexity of the crisis." Corroborating the assertion of the UN Secretary General, Nigeria’s Presidential Economic Advisory Council (PECA) warns that Nigeria could slip into another recession sequel to the impact of coronavirus on global economy, which includes the crash of oil price.

On the cybercrime implications, as home working becomes the new normal, fraudsters are increasingly capitalizing on the infodemic cum pandemic, widespread hysteria to deploy mixed bag of coronavirus-themed phishing emails, messages, social engineering schemes, ransomware attacks to scam vulnerable people. This is because many people out there are hyper-anxious and now have heightened interest in news and latest development especially on how to prevent and cure coronavirus. For instance, in Nigeria, Chloroquine was sold out in drugstores after President Trump opined that the drug is a potential cure for COVID-19. Some of the scam formats already spreading like wild fire are in the form of email phishing campaigns soliciting for donations to help fund COVID-19 vaccine, offer of over-the-counter prescriptions touted to treat or cure Coronavirus or supplies such as face masks, hand sanitizers, hand gloves for sale, and unsolicited remote working emails.

Cybersecurity experts warn of the security implications of working from home, that the trend may put some companies at higher risk of phishing, ransomware and other cyber-attacks. This is because mobile or home WIFI and networks seldom have strong firewalls and protections compared to corporate networks. For instance, more than one-third (36%) of senior technology executives surveyed by CNBC say that cybersecurity risks have increased as a majority of their employees work from home as cybercriminals increasingly take advantage of the COVID-19 pandemic to attack remote workforces and corporate systems. Healthcare devices are said to be at higher cybersecurity risk now due to the COVID-19 pandemic. This is because a survey of 1.2 million Internet of Things (IoT) devices used in scores of healthcare organizations across the United States found that 56% of devices were still running on the Windows 7 operating system, which Microsoft stopped supporting in January, 2020. Apparently tech vendors, such as SaaS providers, are less able to respond promptly in the current situation. While one of the respondents said their organization has seen phishing and other cyber scams rise 40%, other experts stated that the true level of hacking risk is likely much higher than even these numbers indicate. According to Miriam Wugmeister, partner and co-chair of law firm Morrison & Foerster's global privacy and data security group, "The bad guys know that every IT department and every cybersecurity group is currently overwhelmed and stretched." Folks working from home must adhere to the company security policies and protocols, always use two-factor authentication for personal and work accounts and deploy a VPN (virtual private network) if provided or available. A VPN helps to encrypt data, hide and mask an IP address to keep prying eyes from seeing what you are doing and who you are.

Nation States, COVID-19 And Finger-pointing

Apart from cybercriminals who exploit the COVID-19 pandemic to perpetrate scams, make money, there’s a slew of scaremongering, alleged disinformation campaigns, finger-pointing and buck-passing amongst nation states. A case study is an advanced persistent threat ascribed to a group of Chinese hackers, dubbed Vicious Panda by an Israeli-based technology company, Check Point. The European Union recently claimed that Russian media deployed a “significant disinformation campaign” against the West to worsen the impact of the coronavirus, generate panic and sow distrust’’. The EU cited examples from Lithuania to Ukraine, including false claims that a U.S. soldier deployed to Lithuania was infected and hospitalized. The Russian government denied the allegation. Tensions between the United States and China heightened after senior officials of both countries spewed verbal attacks at each other about the origin of coronavirus. In his tweets, Zhao Lijian, a spokesperson of China's Ministry of Foreign Affairs (MOFA), accused the United States of spreading the virus to the city of Wuhan, the epicenter of coronavirus pandemic. China insinuated that coronavirus is an American disease that might have been introduced by members of the United States Army who visited Wuhan in October. Recall that prior to the Chinese claim, President Donald Trump referred to the coronavirus as “the Chinese virus”, escalating a deepening US-China diplomatic spat over the outbreak.

Typical COVID-19 Fraud Schemes Include:

1.       Cybercriminals spoofing government, humanitarian agencies and appealing for COVID-19 emergency funds: Multiple reports assert that cybercriminals are now creating and launching thousands of coronavirus-related websites on a daily basis. According to a security researcher, cybercriminals created more than 3,600 new domains that contain the "coronavirus" term between March 14 and March 18. The researcher only scanned for new domains containing the term coronavirus. If the scan is broadened to include other phrases like COVID-19, pandemic, virus, or vaccine, the results will certainly be bigger. A cybersecurity company, RiskIQ reportedly ‘’saw more than 13,500 suspicious domains on Sunday, March 15; more than 35,000 domains the next day; and more than 17,000 domains the day after that’’. Amazon says it removed over 1 million products claiming to treat coronavirus by the end of February. Granted there are legitimate coronavirus inspired domains or websites in the mix, but nine out of ten of them were said to be fraudulent. For instance, hackers reportedly cloned the website of the World Health Organization’s COVID-19 Solidarity Response Fund appealing for funds, donations and tenably to spread malware. This prompted the WHO to issue a warning on 16 February, on the trend of fraudulent emails sent by criminals disguising themselves as the World Health Organization with the intention to steal money or sensitive information from individuals or organizations. Fundraising scammers will spin emotional narratives and use pictures of real people to try to raise funds, employing genuine fundraising platforms such as GoFundMe to amass donations. Be wary of individuals asking for donations.

Recommendation: Be aware of cloned or phoney websites – cybercriminals often clone or use a domain name or web address which looks almost identical to the legitimate one, e.g. ‘www.who.com’ instead of the correct one - ‘www.who.org’. Don’t let anyone rush you into making an online donation.

2.     Phishing and social engineering schemes – These are basically emails or text messages claiming to emanate from national or global health authorities, with the aim of tricking victims to provide personal credentials or payment details, or to open an attachment containing malware. More often than not, the fraudsters pose as reputable or legitimate organizations, using similar designations, websites, social media accounts and email addresses in their attempt to trick unsuspecting members of the public into parting with their hard earned money. Recently, The United States Federal Bureau of Investigation (FBI), the Federal Trade Commission (FTC) and attorneys general’s office reported a rise in fraudulent activity exploiting confusion around Covid-19. Individuals should expect to see a bustling range of coronavirus-related phishing emails, smishing (text message phishing), and phone fraud scams over the coming weeks.

Recommendation: Exercise caution in handling any message with a COVID-19-related topics, such as email attachments and hyperlinks. As a rule of thumb, don’t click on links from sources you don’t know. They could download viruses onto your computer or device. Perform due diligence of any social media plea, text, or call related to COVID-19. As they say, if it sounds too good to be true, it is.

3.     Malicious COVID-19 interactive map: In a related development, a weaponized coronavirus map found to infect victims with a variant of the information-stealing AZORult malware was reportedly sold online by Russian language cybercrime forums. The malicious online map found at www.Corona-Virus-Map[.]com, looks very convincing, showing an interactive map of the world and a summation of confirmed COVID-19 cases, total deaths and total recoveries, by country, and cities. Problem is, the so-called tracking map dashboard is said to be part of an infection kit designed for a Java-based malware deployment operation. Such weaponized coronavirus links, maps can spy on someone through an android phone’s microphone and Camera.

4.     Increased cyberattacks on financial institutions: The European Central Bank warned banks to prepare for a possible jump in the number of cyber attacks as part of the fallout from the coronavirus. The United Kingdom’s intelligence agency – the National Cyber Security Centre (NCSC) also corroborated how criminals spread malware via emails purporting to contain important updates about the COVID-19 outbreak, and that attempts have also been made to scam unsuspecting users and phish passwords and sensitive information. The UK National Fraud Intelligence Bureau estimates that victims lost over £800,000 to coronavirus scams in February in the United Kingdom. The INTERPOL warns that criminals are capitalizing on the current COVID-19 pandemic to run a range of financial scams. According to INTERPOL’s Secretary General, Jürgen Stock, ‘’criminals are exploiting the fear and uncertainty created by COVID-19 to prey on innocent citizens who are only looking to protect their health and that of their loved ones’’. INTERPOL’s Financial Crimes Unit says it is receiving information from member countries on a near-daily basis regarding fraud cases and requests to assist with stopping fraudulent payments.

Recommendations: The INTERPOL admonishes us to be wary if someone asks us to make a payment to a bank account located in a different country than where the supposed company is located. If you believe you have been the victim of fraud, alert your bank immediately so the payment can be stopped.

5.     Telephone fraud – The United States Federal Communication Commission (FCC) received reports of robocalls purporting to offer bogus coronavirus vaccines and free test kits, in an effort to collect consumers' personal and health insurance information.

Recommendation: Do not respond to calls or texts from unknown numbers, or any others that appear suspicious. Your bank/account officer will never ask for your account, or pin number when they call you. Anyone who does is a scammer.

6.     Scammers posing as door-to-door COVID-19 testers: South London's Lambeth force said they had reports that "individuals may be taking advantage of the vulnerable by posing as door-to-door coronavirus testers in order to gain access to people's properties". Similarly, the Canadian Anti-Fraud Centre (CAFC) warns that, innovative scammers are using the coronavirus pandemic to come up with new scam techniques, capitalizing on prevailing fears and anxieties about the disease to cheat Canadians out of their money and personal information. The Central Bank of South Africa warned South Africans against scammers visiting homes to “recall” banknotes and coins they said were contaminated with the novel coronavirus. The criminals carried fake identification badges and provided false receipts to victims, who were told they could exchange the slips for “clean” cash at any bank. The bank said in a statement issued late Monday that it had “neither withdrawn any banknotes or coins nor issued any instruction to hand in banknotes or coins that may be contaminated”.

Please let's stay safe! Observe social distancing, good hygeine and follow advise to contain the spread of this deadly virus.

©Don Okereke is a security analyst, thought leader, writer, active citizen and ex-serviceman. He’s a passionate advocate for cyber/security awareness.

March 22, 2020