Cyber criminals exploit COVID-19 fears by Chris Ross, SVP, Barracuda Networks on 28-Mar-2020

As much of the world grapples with the new coronavirus, COVID-19 and how to handle it, attackers are taking advantage of the widespread discussion around the problem in e-mails and across the web. Since the beginning of the year, there has been a surge in scam e-mails trying to sell Coronavirus protective facemasks and solicit donations from fake organisations, says Chris Ross, SVP of Barracuda Networks. Beware - protect yourself and your company!

Cyber criminals are cashing-in on the COVID-19 crisis by launching a wave of Coronavirus-related e-mail attacks, according to our new research. We have been monitoring global phishing activity around COVID-19 since the start of 2020, recoding 137 incidents in January, 1188 in February, rising to 9116 in March so far, an increase of 667% since the end of February. Between 1 March and 23 March 2020, our software detected a grand total of 467,825 e-mail attacks globally. Breaking down the data, 9116 of those detections were related to COVID-19, representing about 2% of attacks.

A variety of phishing campaigns are taking advantage of the heightened focus on COVID-19 to distribute malware, steal credentials and scam users out of money. The attacks use common phishing tactics that are seen regularly, however, a growing number of campaigns are using the coronavirus as a lure to try to trick distracted users and capitalise on the fear and uncertainty of their intended victims.

Our research team has seen three main types of phishing attacks using coronavirus COVID-19 themes: scamming, brand impersonation, and business e-mail compromise. Of the coronavirus-related attacks we have detected through to 23 March, 54% were scams, 34% were brand impersonation attacks, 11% were blackmail and 1% percent were business e-mail compromise.

The goals of the attacks ranged from distributing malware to stealing credentials and financial gain. One new type of ransomware our systems detected has even taken on the COVID-19 namesake and dubbed itself Coronavirus. Another scam e-mail claimed that they were looking to sell coronavirus cures or face masks or asking for investments in fake companies that claimed to be developing vaccines.

Additionally, scams in the form of donation requests for fake charities are another popular phishing method our researchers have seen taking advantage of Coronavirus. One example of a scam we caught claims to be from the World Health Community (which doesn't exist, but may be trying to take advantage of similarity to the World Health Organisation) and asks for donations to a Bitcoin wallet provided in the e-mail.

Phishing attacks using COVID-19 as a hook are quickly getting more sophisticated. In the past few days, we have seen a significant number of blackmail attacks popping up and a few instances of conversation hijacking. In comparison, until just a few days ago we were primarily seeing mostly scamming attacks. As of 17 March, the breakdown coronavirus phishing attacks was: 77% scams, 22% brand impersonation, and 1% were business e-mail compromise. We expect to see this trend toward more sophisticated attacks continue.

For example, researchers saw one blackmail attack that claimed to have access to personal information about the victim, know their whereabouts and threatened to infect the victim and their family with coronavirus unless a ransom was paid. We detected this particular attack 1008 times over the span of two days.

"This is a new low for cyber criminals, who are acting like piranha fish, cowardly attacking people on mass when they are at their most vulnerable", says Dean Russell MP for Watford and member of the Health and Social Care Select Committee. "It's vital that the public remains vigilant against scam e-mails during this challenging time."

Our research shows that cyber criminals are exploiting the COVID-19 crisis by launching thousands of sophisticated e-mail phishing attacks designed to trick unsuspecting workers into handing over passwords, log-in details and financial data. Many of these attacks are disguised as legitimate correspondence from organisations such as the World Health Organisation (WHO) and the National Health Service (NHS), offering help and advice, selling facemask protection and charitable payments to help victims.

How to Protect Yourself

While phishing e-mails leveraging coronavirus are new, the same precautions for e-mail security still apply:

• Be wary of any e-mails attempting to get users to open attachments or click links. Anti-malware and anti-phishing solutions can be especially helpful to prevent malicious e-mails and payloads from reaching intended recipients, but even with such protections in place caution should always be used since no solution catches everything.


• Watch out for any communications claiming to be from sources that you normally would not receive e-mails from. These are likely phishing attempts. While receiving coronavirus-related emails from legitimate distribution lists to which you belong is becoming common, e-mails from organizations that you do not regularly receive messages from should be scrutinized closely. For example, the CDC (US Center for Disease Control) is not going to be sending out e-mails to anyone who doesn't regularly receive e-mails from them already.


• Use caution with e-mails from organisations you regularly communicate with. Brand impersonation is quite prevalent in coronavirus-related e-mail attacks, so use caution opening e-mails with organisation from organisation you expect to hear from. This is especially true for those in the healthcare industry since it is being targeted by cyberattacks trying to capitalize on the pressure resulting from handling an influx coronavirus cases.


• Find credible charities and donate directly. A common tactic for coronavirus-related scams is asking for donations to help those affected by the pandemic. To avoid falling victim to one of these attacks, don't respond to e-mail requests for donations. Instead, find credible charities helping with coronavirus efforts and donate directly through them to help ensure that funds end up where they can do good rather than in the hands of scammers. It's also highly unlikely that any legitimate charities are taking donations through Bitcoin wallets, so seeing that in an e-mail should be a red flag.

It is absolutely vital that all employees are trained and supported to spot these scams, particularly at a time when they will be less vigilant and distracted due to working from home. All it takes is one mistake for the hackers to gain access to the company systems, allowing them to trigger a massive data breach and cause chaos.

For more information, please visit the Barracuda website at: barracuda.com.

Tweets by @biz_works