Dr Abhaya Induruwa examines cyber security during the COVID-19 pandemic.

The COVID-19 pandemic has brought unprecedented levels of fear, uncertainty and insecurity to the society we live in. It has affected not only individuals and families, but industries and organisations, both large and small. There is one small section of the modern society though, that stands to profit from this fear and uncertainty. They are the cyber criminals. In situations such as these, they play on human emotions like fear and urgency and the most vulnerable in our society falls prey to their scams.

Many countries went into lockdown without much advance notice and preparation, leaving a large cross section of our society to depend on computers, mobile devices, and the internet to work, shop, educate and keep in touch with friends and family in an attempt to mitigate the impact of social distancing. What is forgotten is the fact that, except for large corporates, most individuals and some SMEs did not have a chance to deploy and properly manage remote access to the workplace.    

There is growing evidence that cyber criminals are actively exploiting the instability caused to their advantage. Proofpoint[1] reports that they have detected 300+ COVID-19 related criminal campaigns in cyber space since the beginning of the pandemic. It is interesting that the cyber criminals employ known tactics such as distributing malicious attachments or URLs, credential phishing, email fraud, business email compromise (BEC) etc. to mount these campaigns leveraging the COVID-19 based themes.

Type of Covid-19 specific attacks  

The lures used by cyber criminals during this pandemic situation are not necessarily new.  According to Council of Europe[2] these criminals exploit the following old and known vulnerabilities but customised to Covid-19:

  • Phishing campaigns and malware distribution through seemingly genuine websites or documents providing information or advice on Covid-19 are used to infect computers and extract user credentials.
  • Ransomware shutting down medical, scientific or other health-related facilities where individuals are tested for Covid-19 or where vaccines are being developed in order to extort ransom.
  • Offenders obtaining access to the computer systems of companies or other organisations by targeting employees who are teleworking.
  • Fraud schemes where people are tricked into purchasing goods such as masks, hand sanitizers, but also fake medicines claiming to prevent or cure SARS-CoV-2.

COVID-19 specific threat actors

During the COVID-19 pandemic attackers are actively engaging in credential phishing, malware, spam email and business email compromise campaigns to manipulate all types of industries but notably healthcare, hospitality, media and advertising, education, manufacturing. Proofpoint reports that the following types of COVID-19 based lures have become prominent during the period February to May 2020.

  • COVID-19 fake bill – delivering unique malware payloads in high volume campaigns.
  • COVID-19 face masks/forehead thermometer offer – fraudulent and bogus websites, e-commerce platforms and social media accounts created by fraudsters pretending to sell and deliver face masks, surgical masks and thermometers.  Scammers may use names of legitimate companies or names very similar to give the illusion of authenticity.
  • COVID-19 fake online map – email campaigns that deliver information stealing malware such as AZORult Trojan which can infiltrate a variety of sensitive data.
  • COVID-19 WHO directive – these emails claim to come from local medical professionals with an attachment that deemed to have come from the WHO containing an update on infection cases in their area. The attachment is typically a malicious Word macro document, and if the recipient enables macros it would run a JavaScript which then downloads the malicious payload on to the victim’s device.
  • BEC (Business Email Compromise) attacks are launched in multiple stages to lure the victim to finally fall into the trap. The first email sent is typically harmless as they do not contain the attacker’s end goal but is worded to convey a sense of urgency due to COVID-19 situation. The attacker hopes that some recipients will reply to this email which appear to have come from real people known to the recipient but takes precautions to eliminate the possibility of voice verification by stating that their phone is faulty.  Those who respond will be taken to the next stage and will be asked to buy gift cards, send money through wire-transfer, etc.

There are literally hundreds of scams utilised by cyber criminals to con unsuspecting online users. One type offers phony medicines claiming to cure COVID-19, hand sanitisers, face masks, COVID-19 test and even vaccines for cOVID-19.  Those who make on-line purchases will either receive phony/substandard goods or nothing at all. The damage caused by such scams is typically the financial loss to the individual who got scammed. 

EUROPOL has reported[3] that during operation “Pandea”, a recent global sting operation, the police had identified 2000 websites offering useless anti-coronavirus pills, sprays and salves.

Phishing, the type of scam that aims to extract personal credentials, is more dangerous because the scammers not only use the passwords and pins collected to siphon money from your bank or use credit cards to make purchases but also to compromise the digital assets belonging to your workplace and cause criminal damage to the corporate enterprise.


[1] https://www.proofpoint.com/

[2] https://www.coe.int/

[3] https://www.dw.com/en/europol-warns-against-coronavirus-scams/a-52944888

Dr Abhaya Induruwa is a Principal Lecturer at the School of Engineering, Technology and Design.

You can follow Edge Hub on twitter @CCCUEdgeHub.