The Courier & Advertiser (Angus and Dundee)
Study shows how scammers try to cash-in on Covid
Online scammers leveraged government Covid announcements, sometimes within hours, to exploit unprecedented cyber security weaknesses during the pandemic, new research shows.
A study by experts at Abertay, Strathclyde, Kent, Oxford and Warwick universities found home working created “a level of cyber security concerns and challenges never faced before”, and reveals how the situation was seized upon by cyber criminals.
The study, seen in full by The Courier, highlights a pattern between new cyber campaigns and key events, such as announcements of spending or health policies, illustrating how scammers manipulated briefings to exploit public anxieties.
Researchers tracked instances of cyber attacks inspired by Covid-19 from the initial example around 30 days after the first confirmed case of the virus in China, and found the timeframe between events and linked attacks reduced dramatically over time.
The paper states the extent of cyber security related problems in the UK was “quite exceptional”.
By early May more than 160,000 suspect emails had been reported to the National Cyber Security Centre, and by the end of the same month £4.6 million had been lost to Covid-19-related scams.
Dr Xavier Bellekens, a leading cyber security expert at Strathclyde University and one of the authors of the paper, said criminals had adapted their approach to include themes such as jobs support, protective equipment or support for the NHS.
The study, Cyber Security In The Age Of Covid-19: A Timeline And Analysis Of Cyber-crime And Cyberattacks During The Pandemic, found scams targeted members of the public generally, as well as millions of people working from home.
Critical national infrastructure, such as healthcare services, has also been attacked.
The paper states home working has revealed a “general unpreparedness” among software vendors for these kinds of attacks.
Criminal gangs have been seen impersonating official bodies to seize control of sensitive data.
A large number of website domains containing the words Covid or coronavirus have also been registered by apparent scammers, along with attempts to impersonate communications platforms.
Criminals have been known to offer bogus Covid cures, and false advice on effective treatments.
The paper suggests government events should be accompanied by a note or a disclaimer outlining how legitimate information relating to the announcement will be relayed.