Skip to content

How cybercriminals have exploited the coronavirus pandemic

Phishing campaigns, deceptive domains, and malicious apps are just some of the tactics that have taken advantage of the virus and its repercussions, says Check Point Research.

Security breach, system hacked alert with red broken padlock icon showing unsecure data under cyberattack, vulnerable access, compromised password, virus infection, internet network with binary code

Image: Getty Images/iStockphoto

As most people have been busy grappling with the impact of the coronavirus pandemic so too have cybercriminals been busy, but for more nefarious reasons. The spread of COVID-19 has provided fertile ground for criminals to launch different types of attacks that have exploited not just the virus but also the resulting lockdown and stay-at-home situation. A report released Wednesday by cyber threat intelligence provider Check Point Research discusses some of the different methods used by attackers looking to capitalize on the current pandemic.

SEE: Security Awareness and Training policy (TechRepublic Premium) 

In its report entitled “Cyber Attack Trends: 2020 Mid-Year Report,” Check Point described how cyberattacks have developed and trended in the wake of the coronavirus. Criminals eager to exploit the fear and interest surrounding COVID-19 have deployed phishing campaigns, fake domains, malicious apps, brute force attacks, and even ransomware.


Image: Check Point Research

More about cybersecurity

The first threats involved a rise in malware attacks using social engineering with COVID-19 as their topic. In January, Check Point found that Emotet, infamous as a banking trojan, was being used in coronavirus-themed email campaigns targeting people in Japan with malicious file attachments.

Around the same time, thousands of coronavirus-related domain names were being registered. Most of these were for legitimate reasons, but many were being set up for criminal purposes, such as to sell phony COVID-19 drugs, distribute malicious apps, and act as landing pages for phishing campaigns. Scammers also started to jump on the bandwagon by selling items with “special coronavirus discounts” and offering malware-as-a-service at special prices.

Beyond garden-variety criminals looking to make a buck, sophisticated Advanced Persistent Threat (APT) groups got into the action. In one example, APT groups based in China used coronavirus-related content in malicious RTF documents in a campaign aimed at Mongolian public entities. The irony here is that while traditional espionage activities have declined due to travel restrictions and social distancing, online espionage attacks have increased.

By this point, social distancing and quarantining policies were being imposed, prompting many organizations to shift employees to remote working. But of course, that transition gave cybercriminals another area to exploit. With the use of virtual meeting and video calling apps, many hackers tried to subvert meetings in Zoom and other platforms. Others set up fake domains and created malicious apps and phishing campaigns spoofing services such as Zoom and Microsoft Teams.

On a more alarming note, hackers saw the increased use of remote desktop applications and VPNs as a tempting target. As organizations have rushed to implement Microsoft’s Remote Desktop Protocol (RDP), the proper security requirements aren’t always followed, leaving RDP accounts vulnerable. Using brute force attacks, cybercriminals try to obtain the user credentials of such accounts. If successful, they can gain access to servers and other critical systems and even take control of a network.

The healthcare industry has become more critical than ever as providers struggle to treat patients with COVID-19 and race to develop a successful vaccine. With its efforts focused on the coronavirus, this sector is particular vulnerable to cyberattack. Though some criminal groups vowed to refrain from attacking hospitals and healthcare organizations during the pandemic, the Maze ransomware group targeted Hammersmith Medicines Research, a firm that performs clinical tests for drugs and vaccines.

Other criminal campaigns have impersonated or even attacked health organizations. A series of phishing emails spoofed the WHO (World Health Organization) to convince people concerned about the virus to download malicious content or reveal their account credentials. The WHO also was hit by cyberattacks aimed at its staff and systems. Another campaign cited by Check Point impersonated pharmaceutical companies to spread ransomware in Italy.

Criminals have also exploited COVID-19 to commit fraud against businesses and government agencies. Companies that authorize emergency transactions were hit by BEC (Business Email Compromise) scams. A French pharmaceutical firm sent $7.25 million to a phony supplier claiming to offer hand sanitizer and protective masks. In other cases, cybercriminals used stolen PII (personally identifiable information) to submit fraudulent unemployment claims in the US and elsewhere.

“The global response to the pandemic has transformed and accelerated threat actors’ business-as-usual models of attacks during the first half of this year, exploiting fears around COVID-19 as cover for their activities,” Maya Horowitz, Check Point Research director of threat intelligence, said in a press release. “We have also seen major new vulnerabilities and attack vectors emerging, which threaten the security of organizations across every sector. Security experts need to be aware of these rapidly evolving threats so that they can ensure their organizations have the best level of protection possible during the rest of 2020.”

To protect yourself against coronavirus-related scams and threats, Check Point Research offers the following tips:

  • Beware of “special” offers. “An exclusive cure for coronavirus for $150” is usually not a reliable or trustworthy purchase opportunity. At this point of time there is no cure for the coronavirus and even if there was, it definitely would not be offered to you via an email.
  • Beware of lookalike domains, spelling errors in emails or websites, and unfamiliar email senders.
  • Be cautious with files received via email from unknown senders, especially if they prompt for a certain action you would not usually do.
  • Make sure you do not reuse passwords between different applications and accounts.
  • Maintain effective security by updating software frequently.

Also see