Coronavirus fears exploited by criminals to launch cyberattacks, say analysts

Fears around the coronavirus pandemic have been used by cybercriminals to spark waves of new cyberattacks, security researchers have said.

A new report by cybersecurity firm McAfee says it has seen an average of 375 new threats per minute during the pandemic, through Covid-19 themed malicious apps, phishing campaigns, malware and malicious websites.

The firm’s Covid-19 Threat Report said that as the world moved online during lockdown, criminals tried to exploit the public’s desire for information on the virus, as well as targeting those shopping, banking and carrying out other day-to-day activities online.

Both the National Cyber Security Centre (NCSC) and the National Crime Agency (NCA) warned of a surge in cybercrime during lockdown, with the NCSC launching a suspicious email reporting service which allowed the public to forward bogus emails to the centre for investigation.

Consumer watchdogs and online safety groups have also highlighted scams where criminals pose as contact tracers to try and gain personal information from people.

McAfee fellow and chief scientist Raj Samani said: “What began as a trickle of phishing campaigns and the occasional malicious app quickly turned into a deluge of malicious URLs and capable threat actors leveraging the world’s thirst for more information on Covid-19 as an entry mechanism into systems across the globe.”

Jesus Sanchez-Aguilera Garcia, head of EMEA consumer at McAfee, said it was vital that the public “stay alert” while online in the face of the increased threats.

“The pandemic has changed the way we live our lives, both online and offline. For many, daily activities such as shopping, banking and socialising have shifted to online and this behavioural shift is likely to continue over the coming months,” he said.

“With consumers looking to stay entertained and connected online, we saw the number of bogus websites increase from 1,600 to 39,000 in just the first few weeks of lockdown.

“This tricked consumers into visiting malicious websites that can be used to install malware or steal personal or financial information and passwords and shows why it’s so important for consumers to stay alert while online and avoid malicious websites that have the potential to cause harm.”

He added that the cybersecurity firm had seen scammers use “Covid-19 themed emails to play into the fears of British consumers and prompt them into unsuspectingly downloading malware onto their personal devices”.

McAfee’s report also said it had seen substantial increases in the targeting of public sector bodies, as well as education organisations.

The NCSC has previously confirmed that the NHS has been the target of an increased number of attempted cyberattacks during the pandemic, with the centre supporting the health sector in its defences.

The cybersecurity agency has urged the public to improve their own personal security by using features such as two-factor authentication to secure accounts, as well as use three random words to improve password strength and keeping all software up-to-date.