Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Hacker ‘Ceasefire’ Gets Little Traction as Pandemic Fuels Attacks

Internet users have seen a surge in COVID-related cyberattacks and fraud schemes which could add to the misery of the pandemic, even as some hackers have called for dialing back their criminal efforts.

Internet users have seen a surge in COVID-related cyberattacks and fraud schemes which could add to the misery of the pandemic, even as some hackers have called for dialing back their criminal efforts.

A deluge of attacks has included phishing emails purported to be from health agencies, counterfeit product offers and bogus charity donation requests, according to security analysts.

Over the past month, at least 100,000 new web domain names were registered containing terms like covid, corona, and virus, many of which are considered “malicious,” according to a report prepared for the global internet registry agency ICANN.

“The pandemic has led to an explosion of cybercrime, preying upon a population desperate for safety and reassurance,” said the report released this week by Interisle Consulting Group.

The number of “spoofed” websites used for phishing to steal people’s private credentials rose by 350 percent since January to more than 500,000, according to Atlas VPN, which provides secure connection services.

– Stimulus fraud coming? –

These schemes could lead to unprecedented amounts of theft, identity hijacking and ransomware to extract money from vulnerable organizations, some analysts fear.

In just the past few weeks, US consumers have lost nearly $5 million to coronavirus-themed scams, according to the Federal Trade Commission.

Advertisement. Scroll to continue reading.

The potential for fraud could rise further, notably as a result of the $2 trillion economic relief package approved by Congress this month, according to an FTC warning to watch for stimulus-related fraud schemes.

Because of the global nature of the pandemic, hackers are taking advantage of all the attention being paid to the health crisis to lure people into opening malicious emails and links.

The security firm Proofpoint said this week it is seeing a wave of email scams themed around stimulus payments, Australian government “coronavirus tax relief” or even a fictitious “relief offer” from the World Health Organization and the International Monetary Fund.

“More than 80 percent of all the attacks Proofpoint now intercepts have something to do with the pandemic, a level that is unprecedented,” the company said.

“These attacks appear to be working, and now they are leveraging news of the stimulus package to ensnare more victims.”

– Hackers find religion? –

But even with the unprecedented opportunity, some hackers are considering pulling back on their attacks on people during the crisis, according to researchers who monitor “dark web” forums.

“There seems to be an even split. I wasn’t expecting so many people expressing concern,” said Alex Guirakhoo, a threat researcher with the security firm Digital Shadows who monitors hacker forums globally.

“There are some people (in hacker forums) saying ‘I’m really concerned for my family,’ or ‘I can’t see my girlfriend.’ This is a situation affecting everyone.”

After some reports indicated hospitals had been hit by ransomware, some hacker groups pledged to avoid hitting health care organizations, according to researchers.

One hacker group known as Maze promised to halt attacks on hospitals and provide encryption keys to ones that have been hit, according to Filip Truta of the security firm BitDefender.

“Perhaps they want to avoid provoking the white-hot rage of an already wounded public,” Truta said in a blog post. “Or, just possibly, some black hats do have a smidgen of ethics. At least in grim times like these.”

The security firm Emsisoft, which specializes in ransomware, made an unusual plea to hackers last month to spare health care firms.

“We also know you are humans, and that your own family and loved ones may find themselves in need of urgent medical care,” the group said in a blog post.

“We ask for your empathy and cooperation. Please do not target healthcare providers during the coming months and, if you target one unintentionally, please provide them with the decryption key at no cost.”

But Emsisoft spokesman Brett Callow said the plea may not be working.

“Any claims that these ransomware groups make should be taken with a grain of salt,” Callow told AFP, noting that ransomware attacks are continuing against health organizations.

“These groups have attacked hospitals in the past. They have put lives at risk and it would be a mistake to assume they wouldn’t do so again.”

Written By

AFP 2023

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.