Since last year, we have published several articles about COVID-19 and how cybercriminals exploit the pandemic. We expect that cybercriminals will continue to exploit the pandemic in 2021. They will likely take advantage of consumer interest in the coronavirus vaccine and coronavirus-related stimulus payments. A recent press release by the FBI warns consumers about COVID-19 vaccine scams, including scams found on the internet. The Financial Crimes Enforcement Network (FinCEN) recently posted a notice about COVID-19 Vaccine-Related Scams and Cyberattacks. In addition to consumers, both researchers and manufacturers of the coronavirus vaccine are also potential targets for cyberattacks. According to the notice, “FinCEN is aware of ransomware directly targeting vaccine research, and FinCEN asks financial institutions to stay alert to ransomware targeting vaccine delivery operations as well as the supply chains required to manufacture the vaccines.” The FBI and FinCEN have a good reason to warn about vaccine-related scams and cyberattacks: the work environments created by the coronavirus are ripe for exploitation by cybercriminals.
Many employees are now working from home, and this trend will continue until the COVID-19 lockdowns are lifted. Working from home (or teleworking) comes with cybersecurity risks. Employees working from home are vulnerable targets for social engineering attacks, phishing, and spoofing. Spoofing is another threat that goes hand-in-hand with phishing. Like phishing, spoofing is an attack that involves disguising malicious communication so that it appears to be legitimate. Spoofing can apply to a wide variety of communication, including websites, phone calls, IP addresses, and DNS servers. It is often used to set up websites that mimic official ones but are designed to steal credentials. Last August, a CISA alert warned government workers about a spoofed version of the Small Business Administration (SBA) COVID-19 loan relief webpage. A phishing email would provide a link to the webpage, and victims eager for COVID-19 relief money would be prompted to enter their credentials into a fake portal, where they would be stolen by cybercriminals. Last December, the IRS reported about a COVID-related text message phishing scam that promised victims $1,200 and led them to a spoofed version of the official IRS “Get My Payment” website. Just like the SBA example, financial information entered into the fake website would be used by cybercriminals.
Cybercriminals keep up with modern trends. Last April, Unit 42—a world-renowned team of cybersecurity experts who work for Palo Alto Networks—released an article about how Cybercriminals Prey on the COVID-19 Pandemic. From last February to last March, Unit 42 monitored domain registrations with names related to the coronavirus. At the end of last March, they witnessed a 569% increase in malicious registrations associated with malware and phishing, and a 788% increase in “high-risk” registrations that include scam websites. Overall, bad actors were using coronavirus-related domains for the following activities: phishing, hosting malware, controlling malware, hosting scam websites, credit card skimming, hosting illicit pharmacies, and search engine optimization (SEO) to make black hat websites more visible. Using Google Trends data, Unit 42 noticed that the increase in coronavirus-related Google searches coincided with the increase in coronavirus-related domain registrations. According to this year’s Google Trends data, searches for “Vaccine” have skyrocketed since last October. Additionally, searches for “stimulus” have also risen sharply since last December. Thus, it would be reasonable to expect cybercriminals to set up more malicious websites related to coronavirus vaccines and stimulus payments.
As everyone returns to work in 2021, it is important that they maintain proper cyber hygiene. This involves keeping an eye out for phishing emails and scam websites. As always, if something is too good to be true, it probably is.