This post is also available in: 日本語 (Japanese)
If you told me at the start of 2020 that for the first time in the history of cybersecurity, we’d see every industry and every type of device across the globe targeted by attacks based around a single theme, I wouldn’t have believed you. If you told me this theme would hinge on exploiting a global pandemic and attackers would target even medical researchers on the front lines trying to stop this disease, I wouldn’t have believed that either. Yet, here we are, and our reality indeed includes a cybercrime gold rush aimed at taking advantage of COVID-19.
Just last week, the United Kingdom’s National Cyber Security Centre, Canada’s Communications Security Establishment and the United States National Security Agency issued a joint advisory detailing how Cozy Bear (APT29) were employed by the Russian government to target organizations involved in COVID-19 vaccine development within those three countries.
The researchers on the Unit 42 threat intelligence team at Palo Alto Networks are closely tracking a plethora of COVID-19-themed cyber attacks that have emerged around the world over the past few months. Since the beginning of this year, we’ve identified more than 40,000 newly registered websites, using a coronavirus-related name, which we’d classify as “high-risk” sites due to the scams and malware being pushed onto unsuspecting consumers.
The global impact of the COVID-19 pandemic, coupled with a lack of trust in the government and media as reliable sources of information, has ultimately created a perfect storm for cybercriminals to have greater success. People are constantly looking for new sources of supplies and information, and cybercriminals have taken the opportunity to exploit this.
Attackers have honed in on the opportunity around people searching for COVID-19 updates and shopping for essential goods online by creating profit-motivated attacks.
We’ve found:
We’ve also uncovered – and blocked – a wide variety of cyber threats globally that are recklessly targeting government healthcare agencies, local and regional governments, and large universities that are dealing with the critical response efforts of the COVID-19 pandemic. Regions impacted include the US, Canada, Germany, Turkey, Korea and Japan.
While it’s not surprising that cybercriminals are seizing this opportunity to exploit the pandemic for their personal gain, it’s clear the criminals who profit from cybercrime are going to any extent to succeed and are in it for the long haul.
We’re continuing to monitor and protect against these threats, but it’s important to note that these shifts in behavior highlight that cybercriminals are investing time and resources to bolster their attacks.
With COVID-19 cases continuing to rise in certain countries, and a second wave of the virus anticipated to hit later this year, we'll continue to see evolving themes from attackers related to news of the pandemic. For example, toward the end of June, we picked up malicious emails with the subject "Supplier-Face Mask/Forehead Thermometer" and "Supply medical mask, protective glasses and temperature gun." These are both topics that are more related to preparing for and returning to going out into the world, rather than staying home. I expect this evolving trend will continue based on the news and business priorities.
Additionally, we also anticipate that the U.S. will likely be targeted more by attackers compared to countries that no longer have COVID-19 causing an impact on daily life (such as New Zealand).
We also expect to see a spike in cybercrime as economies go into recessions. With unemployment numbers around the world dramatically growing, some people will inevitably turn to cybercrime, as typically happens in economic downturns.
Lastly, given that more of the workforce is now working remotely from home, we anticipate an increase in attackers targeting home routers and other Internet of Things (IoT) devices to compromise home networks.
These devices are already frequently targeted, especially since 98% of all IoT device traffic is unencrypted, exposing personal and confidential data on the network and allowing attackers the ability to listen to unencrypted network traffic and collect personal or confidential information. While we don’t have the data to show this is currently happening, a very likely scenario of the next step for attackers would be to shift their focus on home routers to do more than just mine for cryptocurrency or launch DDoS attacks, as they have in the past. With more employees working from home and no longer being protected by an enterprise security tool and corporate firewall, attackers may begin trying to steal sensitive corporate data that they couldn’t typically access as easily before. Consumers should make sure that their physical router isn’t using the default password that comes with the router (often just “Admin”). They also should update it to the latest firmware version. Too often, consumers create a password for only their wireless network and do not realize that the physical device also needs to have a unique password.
Here are our recommended tips for consumers and businesses to stay safe during this time:
By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.