Coronavirus Related Scams Rise As Hackers Take Advantage Of Pandemic

In a virtual conference hosted by CrowdStrike, a cybersecurity organization, Tonya Ugoretz, deputy assistant director of the FBI’s Cyber Division, said that by the second week of June, the IC3 had already had as many complaints as it had received in all of 2019.

The cyber threats have come both from foreign actors trying to obtain COVID-19 research and from cybercriminals looking to exploit data security vulnerabilities among computer users newly working from home. Health agencies have also faced ransomware attacks on their networks by hackers threatening to lock up or delete sensitive health information unless agencies pay exorbitant amounts.

Near the start of the epidemic, researchers at the cybersecurity company Barracuda Networks reported a 667 percent increase in “phishing” emails. In these emails, cybercriminals encouraged recipients to click links or download attachments that would infect computers with viruses.

The IC3 was receiving between 3,000 and 4,000 complaints of cyber threats each day, Ugoretz mentioned in mid-April. Before the epidemic began, the IC3 only received about 1,000 complaints a day.

Additionally, both the World Health Organization and the Department of Health and Human Services have been targeted by such attacks, according to political newspaper The Hill.

However, the attacks on both groups were unsuccessful and were reported to the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) for investigation.

In mid-May, CISA and the Federal Bureau of Investigation (FBI) announced in a joint statement that Chinese “cyber actors and non-traditional collectors… have been observed attempting to identify and illicitly obtain valuable intellectual property (IP) and public health data related to vaccines, treatments, and testing from networks and personnel affiliated with COVID-19-related research.”

The FBI and CISA advised health care, pharmaceutical, and research sectors working on coronavirus to “maintain dedicated cybersecurity and insider threat practices” in order to keep out potential hackers and cyber-thieves.

Additionally, the agencies suggested that organizations patch all internet-connected servers, as well as software processing internet data and other systems for critical vulnerabilities. They also suggested that U.S. organizations actively scan web applications for unauthorized access, modifications, or anomalous activities and improve users’ credential requirements alongside requiring multi-factor authentication.