An Interpol assessment shows a sharp rise in cyberattacks during Covid-19 as the targets shift from individuals to governments and critical health infrastructure.
While the cybersecurity ramifications surrounding Covid-19 have been widely reported since the start of the pandemic, Interpol’s latest assessment highlights additional concerns around a shift in cybercriminal targets.
The report showed that in the first four months of 2020, around 907,000 spam messages, 737 malware incidents and 48,000 malicious URLs were detected by one of Interpol’s private sector partners, all of which were related to Covid-19.
Interpol secretary general Jürgen Stock said cybercriminals are developing and boosting their attacks at an “alarming pace” and they are exploiting the fear and uncertainty caused by the current unstable social and economic situation.
“The increased online dependency for people around the world is also creating new opportunities, with many businesses and individuals not ensuring their cyber defences are up to date.”
According to the assessment, there has also been a “significant target shift” from individuals and small businesses to major corporations, governments and critical infrastructure. A notable example is the World Health Organization, which said in March 2020 that targeted cyberattacks had more than doubled as malicious hackers attempted to gain access to its systems or pose as the organisation.
Interpol’s report highlighted a number of key threats within the cybercrime landscape. Online scams and phishing schemes have been revised to include a Covid-19 theme, it said, often impersonating government and health authorities.
Cybercriminals have also capitalised on the mass movement to remote working, deploying data harvesting malware such as Remote Access Trojans, info stealers and spyware.
There has been an increase in disruptive malware against critical infrastructure and healthcare institutions, Interpol added. The report stated that there was a spike in ransomware attacks in the first two weeks of April 2020 from multiple threat groups, which had been “relatively dormant for the past few months”.
The increased demand for medical supplies and information has also given rise to malicious domains. A private sector partner of Interpol reported a 569pc growth in malicious registrations, including malware and phishing, and a 788pc growth in high-risk registrations from February to March 2020.
The assessment also highlighted the increasing amount of misinformation and fake news spreading rapidly among the public, which has, in some cases, facilitated the execution of cyberattacks. According to Interpol, one country reported 290 postings of false information with the majority containing concealed malware.
Looking ahead, Interpol’s report predicts these cyberattacks will continue, with cybercriminals expected to ramp up their activities. “Business email compromise schemes will also likely surge due to the economic downturn and shift in the business landscape,” it said.
Interpol also warned that when a Covid-19 vaccine becomes available, another spike in phishing scams is likely to occur.