By Luke Wilson, vice president of intelligence, 4iQ.
In the wake of COVID-19, my firm, 4iQ, observed an increase in a host of cyber-attacks. This uptick did not come as a surprise, given cybercriminals typically exploit uncertain situations, but it was a wake-up call for organizations that were in the midst of transitioning to full-time remote work.
As the country begins to reopen, we cannot let our guards down – from preventing the spread of this pandemic, or from persistent cybercriminals.
Phishing campaigns were well-documented over these past few months. Scammers spoofed credible institutions, such as the World Health Organization (WHO) and Centers for Disease Control and Prevention (CDC) to lure victims into downloading malware or to capture personal or financial information.
These incidents were so widespread that government agencies, including the CDC, Federal Communications Commission (FCC), and Federal Trade Commission (FTC) published resources on these COVID-19-related scams to alert the public and offer tips on how to spot suspicious activity. Individuals were also at risk of having their identities spoofed, not just organizations.
Cybercriminals leveraged the accounts of executives with public-facing email accounts, usually via keyloggers or phishing attacks, to conduct fraudulent wire transfer payments.
As COVID-19 continued to spread, so did the number of registered suspicious coronavirus-themed domains. We analyzed over 2,400 domain names with COVID-19 themes and found that the most common terms were “virus,” “coronavirus,” and “corona.”
We also saw particular interest in protection gear, test kits, vaccines, and domains that tracked reported coronavirus cases as well as the status of the infected and cured. While some of these sites might have been legitimate, many were scams to distribute malware, inflict financial fraud, or trick victims into purchasing fraudulent COVID-19-related products, such as “vaccines,” which haven’t been evaluated by regulators for safety and effectiveness.