Dr Abhaya Induruwa looks at the ways cyber criminals are exploiting the current pandemic.

The Covid-19 pandemic has brought unprecedented levels of fear, uncertainty and insecurity to the society we live in. It has affected not only individuals and families, but industries and organisations, both large and small.

There is one small section of the modern society though, that stands to profit from this fear and uncertainty. They are the cyber criminals. In situations such as these they play on human emotions like fear and urgency, and the most vulnerable in our society falls prey to their scams.

Many countries went into lockdown without much advance notice and preparation, leaving a large cross section of our society to depend on computers, mobile devices, and the internet to work, shop, educate and keep in touch with friends and family in an attempt to mitigate the impact of social distancing.

What is forgotten is the fact that, except for large corporates, most individuals and some SMEs did not have a chance to deploy and properly manage remote access to the workplace. There is growing evidence that cyber criminals are actively exploiting the instability caused to their advantage. Proofpoint, a company providing enterprise level cybersecurity solutions, reports that they have detected 300+ Covid-19 related criminal campaigns in cyber space since the beginning of the pandemic.

The lures used by cyber criminals during this pandemic situation are not necessarily new.  According to Council of Europe these criminals exploit the following old and known vulnerabilities but customised to Covid-19.

The techniques used by cyber criminals include:

  • phishing campaigns and malware distribution through seemingly genuine websites or documents providing information or advice on Covid-19 are used to infect computers and extract user credentials
  • ransomware shutting down medical, scientific or other health-related facilities where individuals are tested for Covid-19 or where vaccines are being developed to extort ransom
  • offenders obtaining access to the computer systems of companies or other organisations by targeting employees who are teleworking
  • fraud schemes where people are tricked into purchasing goods such as masks, hand sanitizers, but also fake medicines claiming to prevent or cure SARS-CoV-2.

There are literally hundreds of scams utilised by cybercriminals to con unsuspecting online users. One type offers phony medicines claiming to cure Covid-19, hand sanitisers, face masks, Covid-19 tests and even vaccines for Covid-19. Those who make on-line purchases will either receive phony/substandard goods or nothing at all. The damage caused by such scams is typically the financial loss to the individual who got scammed. 

EUROPOL has reported that during operation “Pandea”, a recent global sting operation, the police had identified 2000 websites offering useless anti-coronavirus pills, sprays and salves.

Phishing, the type of scam that aims to extract personal credentials, is more dangerous because the scammers not only use the passwords and pins collected to siphon money from your bank or use credit cards to make purchases but also to compromise the digital assets belonging to your workplace and cause criminal damage to the corporate enterprise.

You can read the full version of this blog on the Engineering at Canterbury Christ Church University blog.

Dr Abhaya Induruwa is a Principal Lecturer in the School of Engineering, Technology and Design.