When the Coronavirus Attacked the Cyber World
The rapid spread of the coronavirus in Milan forced the Borsa Italiana to cancel our Cybersecurity ETF launch event in Italy this week. While disappointing for us, we knew this was for the best.
But as the world has now absorbed, the Covid-19 is no ordinary virus. And the Italian situation is certainly no ordinary situation. So much so, in fact, that today Italian officials cut short the Venice Carnival in an effort to control what is now the worst outbreak in Europe according to the BBC. Italy now has the largest number of infected people in Europe with a total of 231. Yesterday, Austria suspended train traffic to and from Italy over the coronavirus. According to the World Health Organisation (WHO), the coronavirus now presents “public enemy number one” with infections having exceeded 80,000. To put that into context, SARS only had 8,098 infections in total.
The WHO even sent out a note detailing safety measures regarding the spreading of the coronavirus:
But, we haven’t yet all turned into zombies. And China appears to be getting the situation under control. A WHO mission in China found that the daily tally of new cases peaked and then plateaued between January 23rd and February 2nd, and has been declining ever since. “We’re encouraged by the continued decline in cases in China,” said Dr. Tedros Adhanom Ghebreyesus, the WHO’s Director-General earlier this month. But sceptics aren’t buying it, because China has been changing the way it has been counting cases. Earlier this month, it changed the way it was counting cases, only to change it back again. Worse, some people infected have been unable (some, even unwilling) to receive medical care. Moreover, there is a shortage of viral testing kits, which means that many cases are likely going undetected.
This is, without a doubt, a story of global significance. It is a crisis that has the drug industry racing to develop diagnostics, vaccines and possible treatments. It is a nightmare for those who have fallen ill, or lost loved ones. Yet, in all of this, lies one insidious beneficiary, for whom the outbreak is perhaps an opportunity of a lifetime. These are the cybercriminals who are now using this outbreak as a basis for email attacks designed to snag personal information, steal money and infect computers with malware.
Malicious emails linked to the coronavirus first appeared in early February, making this one of the first big phishing campaigns of 2020 (we seem to get one every year). As awful as it sounds, this global health disaster has created a golden opportunity for cyber-fraudsters because there is no population or demographic that is not paying attention to what is happening. “The potential for impulse clicking is higher than normal,” says Adam Levin, a digital security expert at CyberScout, a data security firm.
Here are the most sinister stories we’ve come across so far:
In late January, data security company Mimecast reported a phishing email where attackers were disseminating malicious emails that claimed to contain information on how to protect yourself from the spread of the disease. “Go through the attached document on safety measures regarding the spreading of corona virus,” read the message, which purported to come from a virologist. “This little measure can save you.” The email then urged the targets to download malicious PDFs designed to infect their computers with a malware payload. Would you believe me if I told you that the WHO outtake posted above is actually such a phishing scam?
In early February, IBM X-Force identified a spam campaign targeting users in Japan specifically. The campaign used the coronavirus scare as a lure to again encourage people to open malicious emails. The messages contained Microsoft Office files loaded with macros that, when enabled, launched an infection routine that delivered the Emotet Trojan. The Emotet Trojan is a “simple” banking Trojan aimed at stealing financial data that was first discovered in 2014 and has since undergone several mutations. It is believed Japanese victims were targeted due to their proximity to China.
In a February 10th research blog authored by Sherrod DeGrippo, a senior director of threat research and detection at Proofpoint, a global cybersecurity firm, malicious actors were flagged to have been sending phishing emails to businesses whose supply-chain operations and revenues could potentially be negatively impacted by the coronavirus outbreak. According to Proofpoint, one such email in the shipping industry read, “Hi, I thought that this brief note in doc format on the coronavirus and its impact on the shipping industry could be of interest for you.” The email included the subject line lure: “Coronavirus – Brief note for the shipping industry.” The shipping industry has taken a massive hit because of the quarantines in China. In his blog, DeGrippo also talks about coronavirus-themed emails that were designed to look like internal emails from company presidents to their employees, which had embedded URLs that led to fake Microsoft Office websites to enter credentials. Once the credentials were entered, the user was then redirected to the legitimate WHO coronavirus information site, making the phishing transaction seem completely legitimate.
Why should we care?
This serves to remind us of the hard truth that concerns for cyber security and data privacy around the world are increasing as the amount of data accessed, utilised and shared continues to grow across an array of connected devices. Just consider that at the start of the 21st century, there were less than 250 million global internet users, and in 20 years, that user base has exploded to 4.5 billion as of June 2019, or roughly 59% of the global population according to data published by Internet World Stats. And cybersecurity spending is set to grow. We are in the middle of a cyber-boom as new attack vectors emerge, sometimes where we least expect it, and new countermeasures are developed. We see this reflected in forecasts that suggest that cybercrime will cost $6trn annually by 2021, according to research outlets such as Cybersecurity Ventures. It comes as little surprise then that decision-makers are including cybersecurity among their top considerations for 2020.
CYBR: The Rize Cybersecurity and Data Privacy UCITS ETF seeks to track the Foxberry Tematica Research Cybersecurity & Data Privacy Index. The objective of the Index is to provide exposure to companies that derive significant revenues from the provision of products and services that secure individuals and organizations against cyber threats.
Capital at Risk Warning: An investment in the Fund(s) involves risks, including illiquidity, lack of dividends, loss of investment and dilution, and it should be done only as part of a diversified portfolio. The Funds may be registered or otherwise approved for distribution to the public in one or more European jurisdictions. Investors should continue to consider the terms of investment in any Fund (or Share Class thereof) carefully and seek professional investment advice before taking any decision to invest in such Fund (or Share Class thereof).
- BBC, “Worst-hit countries boost containment efforts”, February 2020. Available at: https://www.bbc.co.uk/news/world-51625123
- Euronews, “Austria suspends train traffic to and from Italy over coronavirus”, February 2020. Available at: https://www.euronews.com/2020/02/23/austria-suspends-train-traffic-to-and-from-italy-over-coronavirus
- South China Morning Post, “Coronavirus: the new disease Covid-19 explained”, February 2020. Available at: https://multimedia.scmp.com/infographics/news/china/article/3047038/wuhan-virus/index.html
- The Guardian, “What is coronavirus and what should I do if I have symptoms?”, February 2020. Available at: https://www.theguardian.com/world/2020/feb/23/what-is-coronavirus-and-what-should-i-do-if-i-have-symptoms
- The New York Times, “Coronavirus Live Updates: Epidemic Isn’t a Pandemic Yet, W.H.O. Says”, February 2020. Available at: https://www.nytimes.com/2020/02/24/world/asia/china-coronavirus.html
- The New York Times, “China Posts Sharp Drop in New Coronavirus Cases After Criteria Change”, February 2020. Available at: https://www.nytimes.com/reuters/2020/02/20/world/asia/20reuters-china-health-toll.html
- NBC News, “How to avoid falling victim to a coronavirus phishing email attack”, February 2020. Available at: https://www.nbcnews.com/better/lifestyle/how-avoid-falling-victim-coronavirus-phishing-email-attack-ncna1137941
- Newsweek, “Malware posting as new coronavirus information spreads online, exploiting fears about global outbreak”, February 2020. Available at: https://www.newsweek.com/china-coronavirus-malware-cybercrime-campaigns-discovered-emails-social-media-1485793
- Tech Republic, “Hackers using coronavirus scare to spread Emotet malware in Japan”, February 2020. Available at: https://www.techrepublic.com/article/hackers-using-coronavirus-scare-to-spread-emotet-malware-in-japan/
- SC Media Magazine, “Phishing emails lure victims with news of coronavirus’ impact on shipping”, February 2020. Available at: https://www.scmagazine.com/home/security-news/cybercrime/phishing-emails-lure-victims-with-news-of-coronavirus-impact-on-shipping/
- Internet World Stats, “World Internet Usage and Population Statistics”, 2020. Available at: https://www.internetworldstats.com/stats.htm
- Cybersecurity Ventures, “Cybercrime Damages $6 Trillion by 2021”, 2019. Available at: https://cybersecurityventures.com/hackerpocalypse-cybercrime-report-2016/