The National Cyber Security Centre (NCSC) is warning that criminals are looking to exploit the spread of coronavirus to conduct cyberattacks and hacking campaigns.
Experts at the NCSC – the cyber arm of GCHQ – have spotted a range of scams and cyber threats that look to take advantage of COVID-19 for their own malicious ends.
From cancelled conferences to disrupted supply chains, not a corner of the global economy is immune to the spread of COVID-19.
In many cases, attacks are based around phishing emails containing links or attachments that claim to contain important information about the virus. Once opened, these infect the PC with malware that can be used to exploit the infected victim.
The NCSC says it has taken measures to automatically uncover and remove malicious websites run by cyber criminals running coronavirus scams and other malicious activity.
This action comes after what the security agency describes as as an increase in the registration of webpages relating to coronavirus, something the NCSC suspects to be the work of cyber criminals looking to exploit the outbreak.
The agency warns that, as the outbreak intensifies, it’s likely that the volume of hacking incidents looking to exploit coronavirus will also rise.
“We know that cyber criminals are opportunistic and will look to exploit people’s fears, and this has undoubtedly been the case with the coronavirus outbreak,” said Paul Chichester, director of operations at the NCSC.
“Our advice to the public is to follow our guidance, which includes everything from password advice to spotting suspect emails.”
Guidance offered by the NCSC includes how to spot and deal with suspicious emails and how to mitigate and defend against ransomware attacks.
“In the event that someone does fall victim to a phishing attempt, they should look to report this to Action Fraud as soon as possible,” Chichester added.
They included a Trickbot trojan malware campaign disguised as medical advice about COVID-19 as detailed by Sophos, while researchers at Proofpoint have also identified a number of coronavirus-themed hacking campaigns that install malware including Emotet, NanoCore and Azorult.
Security researchers have also warned that state-sponsored hacking campaigns are also beginning to use coronavirus as lures in attacks.
The World Health Organisation (WHO) and the US Federal Trade Commission have both also warned about scammers spreading coronavirus-related phishing attacks via email and social media.
MORE ON CYBERSECURITY
- Phishing attacks: Why we’re still losing the battle against phoney emails
- Hackers want you to be happy, so you’re easier to trick CNET
- Phishing attacks: Watch out for these telltale signs that you’ve been sent to a phoney website
- 3 things you need in a cybersecurity awareness training plan TechRepublic
- Cybersecurity: UK could build an automatic national defence system, says GCHQ chief