Cybercriminals take advantage of any eventuality to develop new attacks and achieve their goals. On this occasion, digital criminals have used the global COVID-19 pandemic and widespread panic among the population as a Trojan horse to access thousands of homes and computer systems. Phishing, fake news, adware, malicious applications, malware and so on. Over the last month, our Security Operations Centers (SOCs) have received a high number of alerts directly related to the Coronavirus.
During the weeks prior to the quarantine caused by the COVID-19 in our country, from ElevenPaths we were investigating the development of conversations on the different social networks about fake news and digital threats that had arisen as a result of the current health crisis. Moreover, we were analyzing the behavior of conversations on Twitter through groups of profile communities associated with each other by profiles or even by similar conversation topics.
Nowadays, and especially in this times of confinement, social networks are the fastest and most accessible informative (and often ‘misinformative’ as well) instrument at our disposal. Any user can pose as a doctor, an expert in epidemics or a cum laude in virology, but the truth is that sometimes it is difficult to discern whether the recommendation on Twitter made by a ‘Ms Mª Carmen Alcántara’, who recommends eating cooked garlic to cure the virus, is a hoax or truthful information.
In the research we have carried out, we have analyzed the circulation and spread of this fake news and the social circles on Twitter around it. It was not surprising to discover that behind many of the false news there were botnets of hundreds of Twitter accounts that amplify their reach.
Another of the attacks that have spread the most since the outbreak of the Coronavirus have been phishing attacks. In this case, cybercriminals are taking advantage of people’s fear and uncertainty to ‘disguise themselves’ as any health agency, city council, financial institution or even as an educational center to send emails containing malicious links or to steal any type of personal data.
Also following this idea of institutional impersonation, we may highlight the number of malicious apps imitating official ones that have been created. Due to this exceptional situation, where we have been adapting ourselves to do homeworking and children to study at home with new digital tools, andmany of us have downloaded new applications. And this did not go unnoticed among criminals. Throughout our research, we also wished to investigate this aspect, so we used our in-house tools Tacyt and mASAPP. These analyze, correlate and classify millions of mobile apps using their big data technology to see that a large number of applications with names linked to COVID-19 were indeed malicious.
From this research, we point out the rapid spread of hoaxes on this pandemic, as well as the immediate emergence of phishing attacks, data theft or app counterfeiting. As we have already mentioned, the main drivers of these attacks and fake information are people’s fear and despair, but also the deployment of interconnected networks of malicious systems that spread them.
The Spanish Civil Guard has created a citizen communication channel to receive information about online fraud and scams due to the coronavirus. Through the account firstname.lastname@example.org, citizens can report potential scams and fraudulent sales related to COVID-19.
It may be understood that in these times of insecurity and disquiet we are less able to detect these ‘traps’. However, we must not forget that digital threats do not cease at any time, even in these times of health alert for a global pandemic.