The COVID-19 pandemic is becoming a ‘heyday’ for hackers and hostile governments, report says

Organized criminals and hostile governments are launching waves of increasingly sophisticated and aggressive internet attacks to profit from the fear and chaos surrounding the COVID-19 pandemic, a new report says.

"It's like a heyday for organized crime," said Charity Wright, a cybersecurity expert formerly with the U.S. National Security Agency, who's now a threat analyst with IntSights, a global security intelligence firm specializing in the "dark web."

"These criminals have been waiting for opportunities like this," Wright said in a telephone interview.

Wright is a co-author of a recent report for IntSights that found coronavirus-themed phishing attacks, malware infections, intrusions, scams and disinformation campaigns have become rampant since January.

"Cybercriminals and state-sponsored advanced threat groups are exploiting the COVID-19 pandemic to attack networks around the world for both financial and strategic gain," the report concluded.

"What started as simple phishing attacks and hand sanitizer scams now involves several well-known threat actors," it said.

By January only 1,400 internet domains containing some version of "corona" and "COVID" had been registered, according to IntSights.

That number hit 5,000 in February and rocketed to 38,000 in March.

Wright - who studied cyberattacks while working for the NSA at a top-secret underground facility in Hawaii that was hidden under pineapple fields - said it's a combination of organized criminals and hostile governments that are exploiting the pandemic on the Dark Web, a collective term for those online networks that can't be reached through a normal search engine and typically require special software and authorization to access.

She also agreed with the suggestion that some existing criminal groups are likely to move heavily into cybercrime to extort and hawk bogus anti-COVID-19 products in a push to make up for income lost during the pandemic through other businesses like sports gambling.

Wright noted that the Dark Web was already fertile ground for money laundering and that some established drug cartels were already collaborating with hackers.

For now, she said, there is no way of knowing how many of the current internet scams come from hackers, traditional organized crime and how much is state-sponsored - information that may be classified.

Among other attacks, IntSight researchers found a malware tool from Russia which masquerades as the legitimate COVID-19 dashboard put out by the Johns Hopkins University.

In the early days of the pandemic, researchers found dozens of scams for fake hand sanitizers and face masks. There were fake coronavirus detectors that look like a mini-hair dryer, and even instances of people peddling blood and saliva as a potential COVID-19 cure.

That has grown to more sophisticated schemes using the Dark Web.

Wright noted that two undisclosed Canadian law firms recently had their computers locked by hackers, shutting down their email and locking their files.

"Both have been asked to pay an enormous ransom," she said.

The IntSight report quotes an exchange in which a hacker taunts a target by texting: "To start off with, I know all of your passwords. I am aware of your whereabouts, what you eat, with whom you talk, every little thing you do in a day."

Then the hacker turns up the heat, texting: "If I want, I could even infect you whole family with the CoronaVirus, reveal all of your secrets. There are countless things I can do."

Then the hacker instructs the target to pay $4,000 in bitcoin within 24 hours.

If not, the cyber-extortionist says, "I will completely ruin your life."

Private information that makes such crimes possible is sold regularly on the Dark Web, Wright said.

"It's very easy to sell it," Wright said. "Hackers are always looking for it."

Other times, hackers simply sell information - on how to penetrate the security of an institution like a hospital, say - on an online auction to the highest bidder, she said.

She acknowledged that a few hacker groups have promised not to attack hospitals and pharmaceutical companies during the pandemic - but added that it's a mistake to assume there's any sacred ground or taboo topic for Dark Web criminals.

"Most of them are very financially motivated and they don't operate by this moral code," Wright said.

Peter Edwards is a Toronto-based reporter primarily covering crime. Reach him by email at pedwards@thestar.ca