This update is designed to raise awareness of increasing COVID-19 themed malicious cyber activity, and provide practical cyber security advice that organisations and individuals can follow to reduce the risk of being impacted.
Malicious cyber actors are actively targeting individuals and Australian organisations with COVID-19 related scams and phishing emails. These incidents are likely to increase in frequency and severity over the coming weeks and months. This is due, in part, to the ease in which existing scam emails and texts can be modified with a COVID-19 theme.
Opportunistic malicious actors are exploiting people’s concerns and desire for information about the COVID-19 pandemic by directing them towards websites designed to either install malicious software or steal personal information. In the last few weeks, the Australian Cyber Security Centre (ACSC) has observed thousands of COVID-19-related websites being registered. While the majority of these websites are legitimate, many are being created by malicious cyber actors seeking to exploit Australians during this difficult time.
The malicious COVID-19 websites are designed to look legitimate or impersonate well-known organisations, making it difficult for individuals to detect. Cybercriminals use them to install computer viruses onto people’s devices, such as banking Trojans or different variants of ransomware, in order to generate profit. In other cases, they seek to harvest user credentials, such as personal identification, passwords and bank details, which are then used to gain access to the user’s networks, devices or online financial accounts.
The ACSC, with assistance from our law enforcement and industry partners, is engaged in efforts to disrupt or prevent these malicious COVID-19 themed cyber activities. Ongoing analysis of COVID-19 scams and phishing emails indicates the majority of them are quite sophisticated, often impersonating trusted entities such as the Australian Government. The methods used are constantly evolving, with malicious actors regularly adapting their tradecraft to circumvent attempts to stop them.
Those engaged in cybercrime activity are not constrained by geographic borders and their actions can have far-reaching consequences. The ACSC is aware of reports that malicious actors based in Eastern and Western Europe, Asia and Africa have been responsible for launching COVID-19 themed malicious cyber activity, including against Australians.
The ACSC strongly encourages organisations and individuals to remain vigilant against the threat of COVID-19 themed scams, phishing emails and malicious websites.
Volume of COVID-19 themed malicious cyber activity
Since early March 2020, there has been a significant increase in COVID-19 themed malicious cyber activity across Australia. The Australian Competition and Consumer Commission’s Scamwatch has received more than 100 reports of scams about COVID-19 in the last three months, and the volumes continue to rise. Between 10 and 26 March, the ACSC has received over 45 cybercrime and cyber security incident reports from individuals and businesses, all related to COVID-19 themed scam and phishing activity. The true extent of this malicious activity is likely to be much higher, as these numbers only represent those cases reported to the ACSC and ACCC.
COVID-19 themed phishing and spear-phishing
Malicious cyber actors are spreading phishing emails that pretend to be from reputable organisations, seeking to deceive recipients into visiting websites that host computer viruses or malware designed to steal their personal information. To increase the appearance of legitimacy, these phishing emails are sent from addresses that closely resemble the official organisations or entities, often adopting the official message format and including well-known branding and logos.