As cybercriminals continue to exploit the coronavirus pandemic, the FBI has warned that three U.S. states need to be particularly alert to the cyber-attack threat
The FBI has warned of a significant spike in coronavirus scams, adding to concerns about an “unprecedented wave” of cyber-attacks voiced by United States Attorney Scott Brady. However, according to the FBI Cyber Division, threat actors from outside the U.S. are mainly targeting three states, those who have unusually high rates of COVID-19 infection.
I recently reported how two of the leading cybercrime groups responsible for ransomware attacks had promised not to target healthcare and medical organizations during the coronavirus pandemic. One cybersecurity expert described this as being an act of self-preservation rather than altruism. Whatever the motivation, the truth of the matter is that there are thousands of cybercriminals out there. These range from individuals to organized criminal gangs and nation-state sponsored threat actors. The vast majority would appear to be continuing to do what cybercriminals do: exploit the situation before them to maximize their gain. This should come as a surprise to literally nobody. And certainly not to Herb Stapleton, Section Chief of the FBI Cyber Division, who told CBS News that there had been a significant spike in coronavirus scams. “Be aware that you might start getting a lot of phishing emails. You might also get texts asking you to sign in,” Pali Surdhar, chief security officer at nCipher Security, says, “articles about coronavirus are going to be interesting to anyone, and it’s a great way for attackers and hackers to get into your system and get some information from you.”
These three states are most at risk from the Coronavirus scammers
Two things stood out from that interview with Stapleton, firstly that “virtually all” of the coronavirus-related cyber-attacks against the U.S. are originating from cybercriminals outside of the U.S. itself. Secondly, and more importantly, that the spike has been driven by cyber-attacks targeted as those areas of the U.S. that have the highest COVID-19 infection rates. Indeed, Stapleton warned that the FBI expects California, New York and Washington states to be zeroed in on by threat actors. In particular, cyber-attacks explicitly targeting those who work from home have also increased. This is only likely to get worse as more follow the likes of New York Governor Andrew Cuomo, who is mandating that 100% of the state’s workforce must stay at home, excluding certain key workers. Ilia Kolochenko, founder & CEO of web security company ImmuniWeb, advises people working from home to “double-check the authenticity of any incoming messages, emails or phone calls,” and to be particularly prudent “when someone is trying to extract any data from you in an emergency, pretending there is no time to convincingly explain the context.”
Keep on top of the COVID-19 cyber scams and stay safe out there
Forbes has compiled a running list of coronavirus-themed online threats which I’d recommend regularly checking to keep abreast of the latest COVID-19 scam activity.