Cyber Threats Revolving Around Coronavirus Outbreak
Ever-evolving cyber threats have got a significant uplift due to the COVID-19 outbreak. Recently, the U.K’s National Cyber Security Centre (NCSC) has released insights and facts on cyber threats during the coronavirus epidemic in its annual report for 2020.
What’s in the report?
The report provides details about the cyber threats emanating from the pandemic and earlier. From a total reported 723 incidents of all kinds, more than a quarter (194) were COVID-related.
- Focusing on the healthcare systems during the COVID-19 outbreak, the NCSC performed threat hunting on 1.4 million NHS endpoints and scanned over one million IP addresses to detect weaknesses.
- NCSC had thwarted over 15,354 COVID-related campaigns in total and blocked 260 sender IDs for sending malicious SMS messages.
- Furthermore, the NCSC took down over 166,000 phishing URLs. From September 2019 to August 2020, NCSC stated that it defended the U.K from an average of 60 attacks per month.
Attacks in the U.K during COVID-19
During the COVID-19 outbreak, hackers launched several phishing campaigns involving fake shops selling Personal Protective Equipment (PPE), test kits, and even vaccines.
- In October, a phishing scam was observed targeting the residents living in and around the U.K using emails about the Oxford Coronavirus vaccine as a lure.
- In September, cybercriminals launched a COVID-19 tax relief scam to target U.K business owners in an attempt to gain sensitive information, including payment details, by impersonating Her Majesty’s Revenue and Customs (HMRC).
- In August, TA542 hackers were observed using generic as well as COVID-19-related lures to distribute Emotet malware in the U.K and other countries.
The coronavirus pandemic has given a big boost to cybercriminal activities, and organizations must stay on their toes to protect themselves from the ever-increasing cyber incidents. Experts recommend organizations strictly follow security hygiene such as using strong passwords, multi-factor authentication, and keeping employees aware of the latest attack trends to minimize the risks.