Cyber criminals and hacking groups are exploiting disruption caused by the coronavirus through a range of phishing and malware attacks which are likely to proliferate as the outbreak intensifies, UK security officials have warned.
Experts from the National Cyber Security Centre, a branch of the signals intelligence agency GCHQ, said web users are in danger of losing money and sensitive data if they’re tricked into clicking on links in bogus emails claiming to contain important information about the pandemic.
Examples so far include cyber scams by groups impersonating the World Health Organization and the US Centre for Disease Control, fraudulent websites advertising antiviral equipment which turns out to be fake, and attackers seeking bitcoin funding which they claim is for vaccine research.
The warning comes after the government said last week it had set up a dedicated unit to combat malicious coronavirus disinformation campaigns by hostile states or cyber criminals, and confirmed it is working with social media companies to refute false or misleading claims about the disease. Platforms such as Facebook and Twitter are working with the NHS to elevate official government sites to the top of search results relating to the virus.
While the NCSC is focused on cyber criminals looking to exploit the crisis for financial gain, others have suggested hostile states could be taking advantage of the confusion.
US state department official Lea Gabrielle told Congress that Russia was responsible for “swarms of online, false personas” that sought to spread misinformation about the disease on social media sites. She said the “entire ecosystem of Russian disinformation is at play” in attempts to capitalise on uncertainty caused by the pandemic.
Paul Chichester, director of operations at the UK’s NCSC, said that opportunistic cyber criminals were “undoubtedly” making the most of the coronavirus outbreak for personal gain.
“The NCSC has seen an increase in the registration of web pages relating to the coronavirus suggesting that cyber criminals are likely to be taking advantage of the outbreak,” he said. “Our advice to the public is to follow our guidance, which includes everything from password advice to spotting suspect emails.”
Some individuals in the UK have already been targeted by coronavirus-themed phishing emails with infected attachments containing fictitious safety measures. Researchers at the cyber security company Proofpoint say such attacks have recently become more targeted, with greater numbers focusing on the supply chain impact of the virus on sectors such as shipping, transport and retail.
Coronavirus business update
How is coronavirus taking its toll on markets, business, and our everyday lives and workplaces? Stay briefed with our coronavirus newsletter.
Sign up here
Another cyber security firm, Check Point, found that since January 2020 there have been over 4,000 coronavirus-related domains registered globally with 3 per cent found to be malicious and an additional 5 per cent suspicious.
The NCSC responded 658 cyber attacks against the UK in 2019, according to its annual report, and took down links to over 177,000 “phishing” sites. The threat from hostile states such as Russia, China, North Korea and Iran continue to pose “strategic threats” to Britain, the NCSC says, but will not give any detail on what proportion of the attacks concern state-backed attacks rather than those by cyber criminals.
Separately, analysts are suggesting that the need to set people up with new laptops in a hurry to meet the meet the need for working from home may cause employers to be taking shortcuts in their cyber security protocols, prompting concerns that companies may be more vulnerable.
Computer resellers have told the FT that many large companies are buying brands they would not normally use in order to get hold of stock and that they are not conducting the usual rigorous testing procedures before buying the laptops.
Read more about the impact of coronavirus
Subscribers can use myFT to follow the latest ‘coronavirus’ coverage