With the start of the pandemic outbreak, many cybercriminals have pledged not to attack health-care providers during the coronavirus outbreak, but this “honor amongst thieves” doesn’t include state-sponsored attacks.
Phishing attacks, the most prevalent hacks, have jumped more than 600% since the start of the COVID pandemic, targeting businesses, individuals and various levels of governmental agencies.
Researchers at Barracuda Networks have tracked almost 10,0000 attempted phishing email cyberattacks linked to the coronavirus crisis since the beginning of March.
“A variety of phishing campaigns are taking advantage of the heightened focus on COVID-19 to distribute malware, steal credentials, and scam users out of money… A growing number of campaigns are using the coronavirus as a lure to try to trick distracted users to capitalize on the fear and uncertainty of their intended victims,” the report said.
A similar alert came last week from the FBI, warning Americans to be wary of suspicious emails, such as those claiming to be from the Centers for Disease Control and Prevention (CDC) or those asking for sensitive information in exchange for coronavirus stimulus checks from the government.
The FBI said it's received more than 3,600 complaints related to the coronavirus in April, with scams fleecing Americans for more than $12 million since the pandemic outbreak.
But not even this is the most troubling cyberattack trend.
Last week, the World Health Organization said it was targeted by an unsuccessful cyberattack and was seeing a two-fold increase in attempted attacks. The agency released an alert last month warning that hackers were posing as the agency to steal money and sensitive information from the public.
Since the start of the pandemic, hackers have also targeted the US Department of Health, prompting security agencies to warn that cybercriminals have already made a play for medical facilities associated with COVID-19 vaccine research.
The Trump administration recently called out the Chinese and Iranian governments over alleged attempts to hack and steal information for developing a coronavirus vaccine.
The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) also said that state-sponsored Chinese hackers were targeting US researchers, both state-run and private, in cyberattacks seeking information on vaccines for COVID-19.
"China's efforts to target these sectors pose a significant threat to our nation's response to COVID-19," CISA and the FBI said.
This would be the hack of the century because finding a cure or vaccine for COVID-19 will be worth billions upon billions, and the search has become a high stakes race between private industry and government efforts.
This will be the largest such cash prize in history.
Cybersecurity experts in the UK have also warned that the country's universities and scientific facilities are being subject to a wave of hacking attempts conducted by hostile countries in the quest for coronavirus research.
The suspects are the same, though the UK has also added Russia to its list.
In the meantime, while institutions working on a COVID-19 vaccine are the clear targets of the hack of the century, millions of Americans working at home are low-hanging fruit that hackers just can’t pass up.
Due to the stay-at-home orders and quarantines, those millions of Americans working from home are fertile ground for cybercriminals.
Prior to the pandemic, companies had strict regulations for the remote workers--far fewer in number--who were required to use dedicated work computers connected to a secure network and using only USB devices to open work files.
However, with the start of the pandemic, companies had only a matter of days to put together remote work plans with numerous gaps in security. Now, non-essential staff of some critical companies are mostly using their own aging computers with inefficient protection.
In March, the city of Torrance, California, fell victim to a ransomware attack that disabled the city’s ability to process credit card payments. The attackers behind the DoppelPaymer ransomware are demanding 100 Bitcoin ($689,147) in ransom from the city.
Now the security experts are warning that such attacks on critical infrastructure in the United States, including the power grid are likely. That would be devastating, but it’s hard for hackers to pass up because so many employees of the critical infrastructure industries are working from home, letting loose a smorgasbord of confidential information.
By Michael Kern for Safehaven.com
More Top Reads From Safehaven.com: