The most successful social engineering attacks of the Corona crisis 2020

Cyber criminals use every current event to increase their attack potential. Just when people's need is greatest, profit-oriented criminals sense their opportunity. The audacity that cybercriminals have displayed so far during the pandemic shows a new level of ruthlessness.

With the measures adopted to contain further spread by the SARS-CoV-2 coronavirus, better known as COVID-19, people were suddenly forced to abandon normalcy: Restrictions on going out, closed venues and the home office have, to a large extent, ensured that people found themselves in front of computer screens more often than ever before – the very place where cyber criminals are active!

It is therefore not surprising that numerous organizations, companies and private individuals fell victim to digital attacks and manipulation attempts in the wake of the Corona pandemic.

 

The extent of social engineering attacks during the Corona pandemic to date.

The World Health Organization (WHO) warns that cybercriminals, under the guise of coordinating authority, are trying to lure people in need of information to go to prepared websites to click on dangerous links or download attached documents with malware.

According to Digital Shadow, over 1,400 domains referencing COVID were identified in the Corona heyday. Many of these domains targeted the uncertainty surrounding hygiene products and medical devices at the time. So there were suddenly a surprising number of webshops that offered such items. Of course, only advance payment was possible and one still waits in vain for a delivery. Just one example: at the end of March, Europol reported that a European company ordered protective equipment worth 6.6 million euros from a company in Singapore. The ordered goods never arrived at the European company. In addition, such domains were used to lure interested citizens to the website and spread false information there.

The first warnings from German police authorities were also not long in coming. For example, the Federal Criminal Police Office (BKA) warned in May 2020 of a nationwide phishing wave in the context of the COVID-19 pandemic.

Ransomware criminals in particular have taken advantage of the pandemic. According to the SonicWall Capture Labs 2020 report, global ransomware attacks increased by 40%, reaching a level of over 199 million attacks.

The damage that successful attacks can cause was witnessed in Brno, Czech Republic: Cyber criminals had successfully infected the university hospital with malware that crippled the entire hospital. Important operations had to be postponed and patients were transferred to other hospitals due to the system outage. An attack on a clinic is dangerous in itself, but it was critical in that the clinic was one of the largest COVID-19 test labs in the Czech Republic at the time of the attack and was unable to conduct tests for weeks as a result.

The further fatal consequences of a cyber attack on hospitals became clear in September at the hospital in Düsseldorf . There, a woman died as a result of a hacker attack that also paralyzed the entire hospital, as she could not be treated promptly but had to be transferred.

 

Why can cyber criminals do so much damage during the Corona pandemic?

Especially in times of insecurity, the human sensors to detect insidious manipulation attempts such as phishing emails are being undermined. People are overwhelmed by the new measures to contain infection, forced digitization and new workflows, and tend to be careless.

The consequences: People click more often on supposedly well-intentioned e-mails, trust unknown people in times of need, and allow themselves to be deceived by supposed experts. Cybercriminals know this human weakness and exploit it shamelessly.

 

What can you do to protect yourself from cyber attacks?

For private individuals we recommend our free IT security training with which you can learn everything you need to know about effective protection against criminals.

To support companies precisely in these difficult and unsteady phases, we recommend our e-learning "information security in the home office" , which is even free of charge for selected system-relevant industries, and the implementation of a company-wide security awareness campaign.

This not only supports you in establishing or maintaining a security culture, it also helps your employees maintain protective sensors, especially in extraordinary times. 

Forecast for 2021

David Kelm, managing director of IT-Seal, expects more Corona pandemic-related attacks in 2021: 

Cyber criminals use all possible points of contact to make their attacks appear realistic and thus increase the chances of success. That's why we expect to see increased cyber attacks on businesses and individuals in 2021, prepared in the context of current Corona measures such as the vaccination campaign, lockdown, or home office."

As the year progresses, this blog post will therefore be updated to reflect current events on Corona-related cyberattacks. 

 

About IT-Seal

Unclear times, forced digitization and mixing of private life and work create new challenges. IT security managers can use IT-Seal's easy-to-use workflow to train their employees individually and reliably so that they protect their company and themselves.

Would you like support with a security awareness campaign or would you like to run a phishing simulation? Convince yourself and test our spear phishing simulation or arrange an appointment for free.