There has been a remarkable surge in cyber-security crime experienced during the global COVID-19 pandemic, with a particular significance between governmental policy announcements and cyber-crime campaigns. A consortium of researchers, including WMG, University of Warwick report that some days as many as 3 to 4 new cyber-attacks were being reported.
The COVID-19 pandemic created a new normal for billions of people around the world, with people working from home, ordering shopping and socialising online as shops and businesses were closed. However, with an increased amount of people being online, an increase in cyber-attacks has also been found.
Researchers from WMG, University of Warwick, Abertay University, University of Kent, University of Oxford and University of Strathclyde worked in collaboration in the study, "Cyber Security in the Age of COVID-19: A Timeline and Analysis of Cyber-Crime and Cyber-Attacks during the Pandemic," published in the journal Computers & Security.
By using the UK as a case study, the paper reveals the explicit connection between governmental policy announcements and cyber-crime campaigns. Although this is a pattern that's been suspected for a while, this is the first analysis from 100s of cases around the world which makes this connection clear.
Since the outbreak of the pandemic in 2019 there have been reports of scams impersonating public authorities such as the World Health Organisation, and organisations such as supermarkets and airlines targeting support platforms such as PPE and offering COVID-19 cures. They often target the public, who are now socialising and spending more time online in general, as well as the increased population of people who are working from home.
Such scams can be sent by text or e-mail, and in most cases a URL pointed to a fake institutional website that requests debit/credit card details.
In order to support ongoing research, the researchers have proposed a novel timeline of 43 cyber-attacks related to the COVID-19 pandemic. This timeline and the subsequent analysis can assist in understanding those attacks and how they are crafted, and as a result, to better prepare to confront them if ever seen again.
They found that from the point that the first case was announced in China (8/12/19) the first reported cyber-attack was 14 days later. From this point onwards the timeframe between events and cyber-attacks reduced dramatically.
The cyber -attacks were categorised, and it was found:
- 86% involved phishing and/or smishing
- 65% involved malware,
- 34% involved financial fraud
- 15% involved extortion
- 13% involved pharming
- 5% involved hacking
- 5% involved denial of service
"The analysis presented in this paper has highlighted a common modus-operandi of many cyber-attacks during the coronavirus period," said Harjinder Lallie, from WMG, University of Warwick. "Many of the cyber-attacks begin with a phishing campaign which directs victims to download a file or access a URL. The file or the URL act as the carrier of malware which, when installed, acts as the vehicle for financial fraud. The analysis has also shown that to increase the likelihood of success, the phishing campaign leverages media and governmental announcements. In fact some days we recorded as many as 3-4 new scams."
"Over the last year we have seen a surge in cyber-attacks targeting critical infrastructures, governments, organisations and end-users, influenced by governmental announcements. These have ranged from targeted attacks to selling counterfeited respirators to hospitals, denying of essential services through ransomware, selling fake online Covid-19 testing equipment as well as more recently, generating fake Covid travel tests," said Xavier Bellekens from the University of Strathclyde. "These techniques, while common, had never been observed in relation to an event of this magnitude, making this study unique."
Republished courtesy of University of Warwick.