Cyber criminals are exploiting the coronavirus pandemic by launching an unprecedented barrage of Covid-19 themed attacks, experts have warned.
The UAE has been revealed as the leading target in the region, accounting for more than half of the examples of malicious online Covid-19 theme behaviour detected in the Gulf.
Across the globe, there has been a huge increase in cyber attacks over recent weeks, as hackers seek to take advantage of new systems of working, fears about the coronavirus and the fact that people are spending more time online.
Their tactics have included emails promising urgent coronavirus updates which attempt to con internet users into downloading malicious software, fake appeals for donations to help those affected by the pandemic, and websites selling cures, vaccines or protective equipment that do not exist.
In total, Trend Micro, an international cybersecurity and defence firm, said it had detected 1,541 Covid-19 attacks in the UAE, including 775 malware threats, 621 email spam attacks and 145 URL attacks during March.
Across the GCC, the figure was 3,067 over the same period.
“While the GCC countries are bringing Covid-19 coronavirus under control from a public health standpoint, cyber-attacks show that organisations need to do more to tighten their cyber security solutions and processes,” said Moataz Bin Ali, vice president of Trend Micro in the Middle East and North Africa.
“As GCC employees adapt to new methods of working, they should be wary of cybercriminals using popular online tools, sharing software, and file attachments in their scams.
"Unverified mobile apps tracking Covid-19 can also present major risks.”
Worldwide, Trend Micro recorded more than 907,000 spam messages, more than 48,000 hits on malicious URLs, and detected 737 malware threats all related to Covid-19 coronavirus in the first quarter of 2020.
The figures are based on threats that were blocked by Trend Micro.
In threats related to Covid-19, URL attacks increased by 260 times and email spam attacks increased 220 times between February and March.
Outside of the region, the United States experienced the most Covid-19 attacks.
Some of the most common were email scams, where hackers disguised malicious attachments as updates from government public health departments.
Fake appeals for donations were also made by criminals claiming to represent organisations such as the World Health Organisation.
Others tried to get users to click on an email link by pretending it contains a revised shipping or delivery schedule due to a coronavirus-related transport disruption.
One website was discovered that encouraged users to download a “Corona Antivirus” app that falsely claimed to have been developed by Harvard University scientists.
Downloading it allowed attackers to take control of the device, giving them the opportunity to steal passwords, digital currency and browsing histories.
A fake UK government website was also uncovered by experts. It aimed to steal bank details by urging users to upload account numbers to receive money from coronavirus-related income support schemes.
Second World War veteran raises millions for UK health service
Other fake websites have been set up to trick people into thinking they belong to legitimate companies, including Netflix or PayPal.
Ransomware attacks – where computers are locked by hackers until they receive a fee – have been targeted at a hospital being used as a Covid-19 testing centre in the Czech Republic.
An Android mobile app, called CovidLock, claimed to helps users track cases, but instead leads to a demand for $100 in bitcoin to regain access to the device if downloaded.
Last week, Tonya Ugoretz, the deputy assistant director of the FBI’s Cyber Division, said its internet crime complaints centre was receiving between 3,000 and 4,000 cybersecurity complaints each day, a major jump from prior to the Covid-19 pandemic when about 1,000 complaints were received daily.
“We have increased vulnerabilities online, and increased interest from threat actors to exploit those,” Mr Ugoretz said.
