A new study has found that there has been a momentous surge in cyber-security crime during the Covid-19 pandemic, particularly related to governmental policy announcements and cybercrime campaigns.
The study was carried out by a consortium of researchers, including WMG, University of Warwick, among others. The researchers stated that on some days around three to four new cyber-attacks were being reported.
The research titled ‘Cyber Security in the Age of COVID-19: A Timeline and Analysis of Cyber-Crime and Cyber-Attacks during the Pandemic’ was published in the journal Computers & Security.
The authors used the United Kingdom as a case study. The paper revealed the explicit connection between governmental policy announcements and cyber-crime campaigns.
The researchers noted that there have been reports of scams impersonating public authorities such as the World Health Organization, and organizations such as supermarkets and airlines targeting support platforms such as PPE and offering Covid-19 cures.
They often target the public, who are now socializing and spending more time online in general, as well as the increased population of people who are working from home, they added.
Such scams can be sent by text or e-mail, and in most cases, a URL pointed to a fake institutional website that requests debit/credit card details.
They found that from the point that the first case was announced in China (8/12/19) the first reported cyber-attack was 14 days later. From this point onwards the timeframe between events and cyber-attacks reduced dramatically.
The research found that 86 per cent involved phishing and/or smashing; 65 per cent involved malware; 34 per cent involved financial fraud; 15 per cent involved extortion; 13 per cent involved in pharming; 5 per cent involved in hacking; 5 per cent involved denial of service.
Dr. Harjinder Lallie, from WMG, University of Warwick commented: “The analysis presented in this paper has highlighted a common modus-operandi of many cyber-attacks during the coronavirus period.”
“Many of the cyber-attacks begin with a phishing campaign which directs victims to download a file or access a URL. The file or the URL act as the carrier of malware which, when installed, acts as the vehicle for financial fraud,” he added.
The analysis has also shown that to increase the likelihood of success, the phishing campaign leverages media and governmental announcements. In fact, some days we recorded as many as 3-4 new scams,” he further said.