27th July 2020
Hackers Exploiting the COVID-19 Outbreak (2)
The whole world is going through unprecedented times right now, which most of us will have never experienced anything like before (and hopefully never will again!)
Access to services we took for granted has been removed, the close human interactions which happened everyday without a second thought have been restricted. All of us are feeling vulnerable and are seeking new ways to access services, run our businesses and retain that contact with others, both personal and professional. With movement restrictions in place, we have been forced to find new ways to keep ourselves occupied during our leisure time, learning a new skill, taking training or seeking qualifications to name a few, along with new ways of working.
The cyber criminals have also found themselves with a lot of spare time to spend on polishing up their skills, finding new ways to exploit companies and individuals. Let’s not forget that these people are opportunists and will take every advantage to use all things around COVID-19 to entice and convince the unsuspecting recipient to click that link or download that attachment. They will prey on the distraction, curiosity, fear and urgency the pandemic brings about and are reliant on the recipient reacting before thinking about whether an email is legitimate.
It is reported that phishing email attacks related to COVID-19 increased by 600% in the first quarter of the 2020. The second most popular phishing attacks used COVID-19-related themes to create urgency and anxiety among recipients worldwide.
So what sort of mischiefs have the cyber criminals been up to in the last 3 months?
- In Singapore, MOM warned of a potential phishing campaign which they were aware of in which hackers intended to use the spoofed email address firstname.lastname@example.org to lure recipients into clicking on an embedded phishing link. The link would claim to be related to the COVID-10 support fund and request personal and financial information from the recipient. This attack would target 8,000 business in Singapore but is part of a much bigger global attack targeting 5 million people in 6 countries.
- As thousands of people have seen holidays and other events cancelled, the cyber criminals have carefully crafted phishing emails reporting to offer refunds by clicking on a link. Others have been created to offer discount holidays and other commodities which have been scarce during lockdown, bicycles, motorhomes, toilet rolls!! Anything which will lure the recipient into believing they are getting something which is hard to get hold of or at a big discount.
- In the UK, Action Fraud revealed that over 16,000 people fell victim to online shopping and auction fraud during lockdown. Reports of online shopping fraud totalled £16.6million in losses with members of the public being drawn into purchasing mobile phones, vehicles, and electronics from scam websites which never arrived.
- Offers of COVID-19 tests, links to install tracking apps, Rescheduled meetings due to COVID-19, PPE sales, emails advising that the recipient has been in close contact with a COVID-19 positive patient … anything COVID-19 related and all spoofed, with the sole aim of getting that precious data from the recipient.
But does any of this really matter to me, out at sea, you may ask. Let’s bring things closer to home.
Cyber security specialist Naval Dome report the maritime and offshore sectors have seen a 400% increase in attempted hacks since February 2020.
Examples of recent cyber-attacks in the shipping industry include:
- Email scams attempting to deliver malware or phishing links to compromise vessels and/or companies. Some impersonate the World Health Organisation whilst others use real vessel names and/or COVID-19 to impersonate actual ships and warn of infected crew and vessels through attachments infected with malware.
- Mediterranean Shipping Company (MSC) reportedly experiencing a network outage due to a malware attack affecting their primary website and customer portal, which in turn affected online bookings for a number of days (agencies were still functional). Although the incident was not explicitly attributed to an opportunistic attack due to the pandemic, it happened at a time when several other incidents were affecting the industry.
- The Danish pump maker DESMI was hit by ransomware with the organisation deciding against paying any ransom to make the compromised data available again. To respond to the attack, the organisation shut down some of their systems including e-mail, affecting their operations for a number of days.
Now, more than ever, it is imperative that every staff member is educated and savvy when it comes to email security and phishing attacks. Consider taking the following actions in order to mitigate any potential risk.
- Provide specific guidance to vessel crews to be extra vigilant when it comes to email communications relating to COVID-19 infections on specific vessels.
- Consider targeted additional awareness campaigns to both on-shore employees and vessel crews, leveraging phishing campaigns using COVID-19 lures or attempts to exploit different or new ways of working.
How can you protect yourself from the cyber criminals? A few simple checks can stop them in their tracks.
- Check the sender looks like a valid name and not a random string of letters and numbers.
- Check the sender bears some relevance to the subject and content of the email. E.g. an email allegedly from PayPal will have an email address suffix of @paypal.com. It is vital that the email suffix is reviewed and not the characters in front of the @ symbol. email@example.com is not likely to be a legitimate email for a PayPal email.
- Check the sender domain on the email matches the organisation the email is reportedly from (@gmail.com, @hotmail.com and other generic emails domains should be an immediate warning to further check if unexpected and from an unknow recipient)
- Check the domain in the email addresses has the correct spelling. Simple but you would be surprised how many are spelled ever so slightly incorrectly.
- Check the content of the email for spelling and grammatical errors.
- If an email attempts to create any sense of urgency, even one looking to come from a legitimate source, if the content requests clicking on any links urgently to open documents, use caution.
If you are asked to enter your usernames and password and suspect you may have been a victim of cybercrime, immediately change your password and advise your IT team.
Remember, the cyber criminals never really go away, they just adapt and find the next big thing to base their attacks on. Taking just a few seconds to consider any email from an unknown recipient can make all the difference and save a lot of time, effort and money in some cases.
Today COVID-19, tomorrow … who knows what the topic of the moment will be, but you can be sure the cyber criminals will still be around to take full advantage.
Author; Tracey Louise Kelly, Customer Operations Manager