COVID-19 alert and cyber threats
Lisbon, 17 March, 2020 - Contexts of crisis of international proportions are traditionally exploited by hostile cyberspace actors to sustain their cyberattack campaigns on social alarmism and global media attention on the issue. The current pandemic associated with the spread of the COVID-19 virus has been no exception, with this topic selected by a high number of cyber threat actors as a cover for their cyberattack campaigns. Among the cyberattacks observed since the beginning of February 2020 and associated with the COVID-19 theme, the following types stand out:- Phishing campaigns (by e-mail, SMS or social media) under the guise of official entities such as the World Health Organisation, UNICEF or health sector research centres and laboratories, with content alluding to the pandemic, including attached files, and geared towards capturing victims' personal data or infecting their devices with malware;
- The dissemination of digital platforms or applications for mobile devices which appear to disseminate real-time information on the pandemic (e.g. dynamic contagion maps), but which are in fact geared towards infecting equipment with malware, including ransomware;
- Digital fraud schemes shared by e-mail or on social networks, which advertise crowdsourcing initiatives to collect donations for false campaigns to buy medical supplies or personal protection.
- SMS sent informing that, in accordance with the law, extraordinary measures are being implemented to combat COVID-19, and that all national citizens will be vaccinated, with a guaranteed reimbursement of costs by the government. In order to do so, it would be sufficient to pay a certain amount indicated in the SMS and by registering in the link sent, they would be reimbursed afterwards.