Hacker 'ceasefire' gets little traction as pandemic fuels attacks
Internet users have seen a surge in COVID-related cyberattacks and fraud schemes which could add to the misery of the pandemic, even as some hackers have called for dialing back their criminal efforts.
A deluge of attacks has included phishing emails purported to be from health agencies, counterfeit product offers and bogus charity donation requests, according to security analysts.
Over the past month, at least 100,000 new web domain names were registered containing terms like covid, corona, and virus, many of which are considered "malicious," according to a report prepared for the global internet registry agency ICANN.
"The pandemic has led to an explosion of cybercrime, preying upon a population desperate for safety and reassurance," said the report released this week by Interisle Consulting Group.
The number of "spoofed" websites used for phishing to steal people's private credentials rose by 350 percent since January to more than 500,000, according to Atlas VPN, which provides secure connection services.
- Stimulus fraud coming? -
These schemes could lead to unprecedented amounts of theft, identity hijacking and ransomware to extract money from vulnerable organizations, some analysts fear.
In just the past few weeks, US consumers have lost nearly $5 million to coronavirus-themed scams, according to the Federal Trade Commission.
The potential for fraud could rise further, notably as a result of the $2 trillion economic relief package approved by Congress this month, according to an FTC warning to watch for stimulus-related fraud schemes.
Because of the global nature of the pandemic, hackers are taking advantage of all the attention being paid to the health crisis to lure people into opening malicious emails and links.
The security firm Proofpoint said this week it is seeing a wave of email scams themed around stimulus payments, Australian government "coronavirus tax relief" or even a fictitious "relief offer" from the World Health Organization and the International Monetary Fund.
"More than 80 percent of all the attacks Proofpoint now intercepts have something to do with the pandemic, a level that is unprecedented," the company said.
"These attacks appear to be working, and now they are leveraging news of the stimulus package to ensnare more victims."
- Hackers find religion? -
But even with the unprecedented opportunity, some hackers are considering pulling back on their attacks on people during the crisis, according to researchers who monitor "dark web" forums.
"There seems to be an even split. I wasn't expecting so many people expressing concern," said Alex Guirakhoo, a threat researcher with the security firm Digital Shadows who monitors hacker forums globally.
"There are some people (in hacker forums) saying 'I'm really concerned for my family,' or 'I can't see my girlfriend.' This is a situation affecting everyone."
After some reports indicated hospitals had been hit by ransomware, some hacker groups pledged to avoid hitting health care organizations, according to researchers.
One hacker group known as Maze promised to halt attacks on hospitals and provide encryption keys to ones that have been hit, according to Filip Truta of the security firm BitDefender.
"Perhaps they want to avoid provoking the white-hot rage of an already wounded public," Truta said in a blog post. "Or, just possibly, some black hats do have a smidgen of ethics. At least in grim times like these."
The security firm Emsisoft, which specializes in ransomware, made an unusual plea to hackers last month to spare health care firms.
"We also know you are humans, and that your own family and loved ones may find themselves in need of urgent medical care," the group said in a blog post.
"We ask for your empathy and cooperation. Please do not target healthcare providers during the coming months and, if you target one unintentionally, please provide them with the decryption key at no cost."
But Emsisoft spokesman Brett Callow said the plea may not be working.
"Any claims that these ransomware groups make should be taken with a grain of salt," Callow told AFP, noting that ransomware attacks are continuing against health organizations.
"These groups have attacked hospitals in the past. They have put lives at risk and it would be a mistake to assume they wouldn't do so again."
© 2020 AFP