Cyber Intelligence Threat Trends During COVID-19

Q&A with VP of Threat Research, Alberto Casares

As COVID-19 continues to upend the lives of billions of people across the globe, Constella is simultaneously observing an uptick in cyber-attacks. Cybercriminals continue to exploit consumers’ fear and uncertainty surrounding this virus. Fortunately, doctors, scientists, and even cybersecurity professionals are altruistically devoting their time and resources to combat the spread of this outbreak.

We recently met with Constella’s VP of Threat Research, to find out what he and his team are seeing in terms of cybercriminals exploiting this pandemic. Alberto is a deep and dark web expert, researcher, investigator, and product manager at Constella. He is passionate about security and how breached and leaked data can be used to protect citizens and organizations across the globe, and in his free time, is a data breach hunter and cybersecurity professor at the University of Granada.

Below is Alberto’s perspective on the COVID’s impact on cybercrime.

Are you seeing, or do you believe there are, more threats than usual during the global pandemic?

Absolutely, and this is not just something that we at Constella have noticed. Experts from organizations such as Europol and Interpol are also observing this spike. For example, the Centro Criptológico Nacional (CCN) — Spain’s intelligence agency — reported about 2.3K COVID-19 malicious links, which is huge.

Further, there has been an increase in the number of cyberattacks targeting hospitals; depending on the source, I’ve read that the increase could be anywhere between 35–50%.

What types of threats are you seeing?

There are many threats, so this list is far from comprehensive, but the major ones include:

• There is a substantial narrative covering both the individual and structural importance of education and its prioritization on the social and political agenda in the United States. Several public figures advocate for the importance of education, including Barrack Obama.

Fake News: There are big disinformation campaigns going on all around the world. For instance, certain media talk about the U.S. fabricating the virus and bringing it to China. The same sort of disinformation is happening vice versa. The Spanish government has gone so far as to disseminate information that discusses the importance of validating the news we receive.

Business Email Compromise (BEC): Bad actors are using business email compromised and typo-squatting domains to impersonate people. BEC has caused billions of dollars in losses in just the past few years. Dr. Shane Shook, a recognized industry expert of information technology, recently wrote about this topic, which I would suggest reading.

Example of a BEC email using COVID-19, originally published in Trend Micro.

 

 

 

 

 

 

 

 

 

Spam & Malware: According to Trend Micro, “Many of the spam emails were related to shipping transactions, either postponement due to the spread of the disease or one that provides a shipping update. One email informed me about shipping postponement. The attachment, supposedly containing the details of the new shipping schedule, bears malware.”

COVID-19-related email spam about a shipping postponement, originally published in Trend Micro.

 

 

 

 

 

 

 

 

 

 

 

 

 

Fraud: Through phishing campaigns, cybercriminals are impersonating credible organizations and individuals to get funds and scam people. They are even selling medications that purportedly treat COVID-19.

The Alibaba page where you could find this fake medicine, Ritonavir, for sale, has since been removed.

Ransomware: Interpol reported that cybercriminals are increasing their attacks against hospitals. One recent example is Hammersmith Medicines Research, which refused to pay a ransom to Maze operators. The hacker group subsequently published some of the stolen data on its site to try to further extort the company into paying.

Where are the cyber threats now coming from?

In this perfect storm, we have cyber threats coming from all types of actors. Fake news is most related to nation-state actors, ransomware and fraud to big criminal organizations, and spam and minor attacks to script kiddies or domestic actors.

Do you expect the number of threats to continue to rise post-COVID?

This is difficult to predict with what little information we know on this novel virus. It is going to depend on a) how long we have to keep working remotely, and b) the evolution of the pandemic. Fake news and ransomware attacks are most likely going to continue, as well as fraud. But it is probably going to wane over time.

Which technologies will thrive because of this pandemic?

Big data, cybersecurity, and anything that facilitates remote work is going to thrive.

What is your best advice for companies that now have hundreds of remote workers and need to protect their data?

Working from home full-time is already introducing new security threats, so the first step every company should take is training its employees on cyber best practices. These include:

1. Keeping your devices updated (Mobile, browsers, OS, etc.)
2. Enabling two-factor authentication whenever you can
3. Verifying the sender whenever you receive an email
4. Not downloading unsolicited attachments — even if you trust the source, you have to remain vigilant and be careful
5. Contrasting the information you receive about COVID-19 to verify its validity given the spread of fake news.

What is your advice to companies who are needing to cut costs during this time?

Well, it is going to depend on the sector, and every company is different, but it is important to preserve budgets for projects or services that can help business operations return to a sense of safety and normalcy.

How will cybersecurity evolve as a result of this pandemic?

Cybersecurity firms that help with the detection, blocking and prevention of the cyber threats described previously are going to evolve. We will see more unified solutions as well, since implementing only one service provider is not good enough in today’s landscape. Correlating information from different sources is extremely important to get a big picture of what is happening, who is targeting us, and how they are doing that.

What is Constella doing to help businesses during this challenging time?

Constella has tracked a significant increase of cyber-attacks on healthcare organizations during this pandemic, so we teamed up with The Collective Cyber Defense for Healthcare, spearheaded by C5 Capital, to offer a helping hand to hospitals while they provide frontline care for COVID-19.

To gain further insight into the cyber world from Constella’s experts, read our COVID-19 Threat Report, other articles in our blog.

Interested in our work? Please contact us at info@constellaintelligence.com. To learn more about Constella, subscribe to our newsletter below.

© 2021 Constella Intelligence. All rights reserved. Website Privacy Policy. Terms of Use. Datalake Privacy Notice. Acceptable Use Policy.