Cyber Security Threat Trends during COVID-19

4iQ&A with VP of Threat Research Alberto Casares

As COVID-19 continues to upend the lives of billions of people across the globe, 4iQ is simultaneously observing an uptick in cyber-attacks. Cybercriminals continue to exploit consumers’ fear and uncertainty surrounding this virus. Fortunately, doctors, scientists, and even cybersecurity professionals are altruistically devoting their time and resources to combat the spread of this outbreak.

We recently sat down with 4iQ’s VP of Threat Research, Alberto Casares, to find out what he and his team are seeing in terms of cybercriminals exploiting this pandemic.

Alberto is a deep and dark web expert, researcher, investigator, and product manager at 4iQ. He is passionate about security and how breached and leaked data can be used to protect citizens and organizations across the globe, and in his free time, is a data breach hunter and cybersecurity professor at the University of Granada.

Below is Alberto’s perspective on the coronavirus’ impact on cybercrime.

Are you seeing, or do you believe there are, more threats than usual during the global pandemic?

Absolutely, and this is not just something that we at 4iQ have noticed. Experts from organizations such as Europol and Interpol are also observing this spike. For example, the Centro Criptológico Nacional (CCN) — Spain’s intelligence agency — reported about 2.3K COVID-19 malicious links, which is huge.

Further, there has been an increase in the number of cyberattacks targeting hospitals; depending on the source, I’ve read that the increase could be anywhere between 35–50%.

What types of threats are you seeing?

There are many threats, so this list is far from comprehensive, but the major ones include:

• Fake News: There are big disinformation campaigns going on all around the world. For instance, certain media talk about the U.S. fabricating the virus and bringing it to China. The same sort of disinformation is happening vice versa. The Spanish government has gone so far as to disseminate information that discusses the importance of validating the news we receive.
• Business Email Compromise (BEC): Bad actors are using business email compromised and typosquatting domains to impersonate people. BEC has caused billions of dollars in losses in just the past few years. Dr. Shane Shook, a recognized industry expert of information technology, recently wrote about this topic, which I would suggest reading.

Example of a BEC email using COVID-19, originally published in Trend Micro.

• Spam & Malware: According to Trend Micro, “Many of the spam emails were related to shipping transactions, either postponement due to the spread of the disease or one that provides a shipping update. One email informed me about shipping postponement. The attachment, supposedly containing the details of the new shipping schedule, bears malware.”

COVID-19-related email spam about a shipping postponement, originally published in Trend Micro.

• Fraud: Through phishing campaigns, cybercriminals are impersonating credible organizations and individuals to get funds and scam people. They are even selling medications that purportedly treat COVID-19.

Reference published here. Here is the URL to find Ritonavir for sale on Alibaba.

• Ransomware: Interpol reported that cybercriminals are increasing their attacks against hospitals. One recent example is Hammersmith Medicines Research, which refused to pay a ransom to Maze operators. The hacker group subsequently published some of the stolen data on its site to try to further extort the company into paying.

Where are the cyber threats now coming from?

In this perfect storm, we have cyber threats coming from all types of actors. Fake news is most related to nation-state actors, ransomware and fraud to big criminal organizations, and spam and minor attacks to script kiddies or domestic actors.

Do you expect the number of threats to continue to rise post-COVID?

This is difficult to predict with what little information we know on this novel virus. It is going to depend on a) how long we have to keep working remotely, and b) the evolution of the pandemic. Fake news and ransomware attacks are most likely going to continue, as well as fraud. But it is probably going to wane over time.

Which technologies will thrive because of this pandemic?

Big data, cybersecurity, and anything that facilitates remote work is going to thrive.

What is your best advice for companies that now have hundreds of remote workers and need to protect their data?

Working from home full-time is already introducing new security threats,, so the first step every company should take is training its employees on cyber best practices. These include:

• Keeping your devices updated (Mobile, browsers, OS, etc.)
• Enabling two-factor authentication whenever you can
• Verifying the sender whenever you receive an email
• Not downloading unsolicited attachments — even if you trust the source, you have to remain vigilant and be careful
• Contrasting the information you receive about COVID-19 to verify its validity given the spread of fake news.

What is your advice to companies who are needing to cut costs during this time?

Well, it is going to depend on the sector, and every company is different, but it is important to preserve budgets for projects or services that can help business operations return to a sense of safety and normalcy.

How will cybersecurity evolve as a result of this pandemic?

Cybersecurity firms that help with the detection, blocking, and prevention of the cyber threats described previously are going to evolve. We will see more unified solutions as well, since implementing only one service provider is not good enough in today’s landscape. Correlating information from different sources is extremely important to get a big picture of what is happening, who is targeting us, and how they are doing that.

What is 4iQ doing to help businesses during this challenging time?

4iQ has tracked a significant increase of cyber-attacks on healthcare organizations during this pandemic, so we teamed up with The Collective Cyber Defense for Healthcare, spearheaded by C5 Capital, to offer a helping hand to hospitals while they provide frontline care for COVID-19.

As part of our partnership, 4iQ is pleased to announce the rollout of a free domain watch service, with the goal of mitigating the disruption of healthcare organizations operations. For more information, click here.

To gain further insight about the cyber world from 4iQ’s experts, read our blog, sign up for our newsletter, or visit our News page for information on the latest breaches and industry news.