Research reveals cybercriminals are leveraging Covid announcements

Research reveals cybercriminals are leveraging Covid announcements

Abertay University research has shown that cyber-criminals used governmental Covid-19 policy announcements to launch new attacks.

The new study from Dr Lynsay Shepherd of Abertay’s School of Design and Informatics revealed that, at some stages, as many as 3 to 4 new cyber-attacks were being reported every day during the pandemic.

Since the outbreak of the pandemic in 2019, there have been reports of scams impersonating public authorities such as the World Health Organisation, and organisations such as supermarkets and airlines targeting support platforms such as PPE and offering Covid-19 cures.

They often target the public, who are now socialising and spending more time online in general, as well as the increased population of people who are working from home.

Such scams can be sent by text or e-mail, and in most cases a URL pointed to a fake institutional website which requests debit/credit card details.

The collaborative research, Cyber Security in the Age of Covid-19: A Timeline and Analysis of Cyber-Crime and Cyber-Attacks during the Pandemic, has been published in the journal Computers & Security.

Dr Shepherd worked with researchers from the universities of Strathclyde. Warwick, Kent and Oxford on the project, which revealed an explicit connection between governmental policy announcements and cyber-crime campaigns.

The researchers found that the first cyber-attack related to Covid-19 was reported just 14 days after the first case was announced in China, with attacks speeding up dramatically thereafter.

Analysis of the attacks show that:

• 86% involved phishing and/or smishing

• 65% involved malware

• 34% involved financial fraud

• 15% involved extortion

• 13% involved pharming

• 5% involved hacking

• 5% involved denial of service

Dr Lynsay Shepherd of Abertay’s Division of Cybersecurity said:

Cybercrime is a highly sophisticated and organised activity and it did not come as a surprise to anyone in the cybersecurity industry that these individuals and groups used the Covid-19 pandemic as a vehicle to launch attacks. It is unlikely there will ever be a time when we can eradicate cybercrime. Therefore we must continue to educate everyone from as early a stage as possible, train our graduates to understand the mindset of cybercriminals as we do at Abertay, and to continue to invest in research, development, innovation and infrastructure.

Abertay is Scotland’s first University to achieve gold-level Academic Centre of Excellence in Cyber Security Education recognition from the National Cyber Security Centre. The University also recently announced details of its £18m cyberQuarter project, which is funded by the Tay Cities Region Deal and aims to improve cyber research and development in the local area, in addition to creating new jobs and start-ups.