Coronavirus: Bungled British response leads to rise in security risks

Countries with governments that have bungled their national responses to the Covid-19 coronavirus pandemic, such as the UK, are seeing an evolution in targeted cyber threats exploiting the crisis as a result, according to research conducted by Google.

Gmail security product manager Neil Kumaran, and G Suite and HCP platform lead security product marketing manager Sam Lugani, have been tracking changes in Covid-19-related lures, and can now say with some degree of confidence that three to four months into the pandemic, malicious actors are now conducting increasingly sophisticated, tailored attacks, many of them mimicking communications from the authorities.

Because Covid-19 threats now have less impact in countries with competent leadership, such as New Zealand or Taiwan, or those that are further along the path out of lockdown, such as France or Italy, it follows that these tailored lures are becoming more geographically specific.

“As Covid-19 attacks continue to evolve, over the past month we’ve seen the emergence of regional hotspots and threats,” wrote Kumaran and Lugani in a disclosure blog.

“Specifically, we’ve been seeing Covid-19-related malware, phishing, and spam emails rising in India, Brazil and the UK. These attacks and scams use regionally relevant lures, financial incentives, and fear to create urgency and entice users to respond.”

In the UK, cyber criminals are increasingly targeting the government’s business support and furlough schemes, imitating government institutions to try to access personal information. Many attackers are also imitating Google communications with the same intent.

In other countries, such as Brazil, where the country’s president Jair Bolsonaro has pushed coronavirus misinformation, phishing attacks tend to target streaming services, which have grown in popularity as people shut themselves away under their own initiative.

In India, which hit the headlines early in the pandemic after millions of itinerant workers found themselves stranded in big cities miles from their homes and support networks, scams are targeting the national Aarogya Setu healthcare initiative, symptom-tracking apps, and health insurance.

“Overall, Gmail continues to block more than 99.9% of spam, phishing, and malware from reaching our users. We’ve put proactive monitoring in place for Covid-19-related malware and phishing across our systems and workflows. In many cases, however, these threats are not new – rather, they’re existing malware campaigns that have simply been updated to exploit the heightened attention on Covid-19,” said Kumaran and Lugani.

Google’s internal artificial intelligence-based (AI-based) protections are also naturally adapting to this shifting threat landscape, spotting new trends and novel attacks without human input. Earlier in 2020 it introduced a deep learning malware scanner, which is currently sifting through more than 300 billion emailed documents every week and is claimed to have boosted detection of malicious scripts by over 10%.

“These protections, newly developed and already existing, have allowed us to react quickly and effectively to Covid-19-related threats, and will allow us to adapt quickly to new ones,” said the researchers.

“Additionally, as we uncover threats, we assimilate them into our Safe Browsing infrastructure so that anyone using the Safe Browsing APIs [application programming interfaces] can automatically stop them. Safe Browsing threat intelligence is used across Google Search, Chrome, Gmail, Android, as well as by other organisations across the globe.”

Corin Imai, senior security advisor at DomainTools, said: “Google’s work to inform the public on the regional Covid-19-themed phishing attacks is certainly valuable to protect users from these opportunistic campaigns.

“It should come to no surprise that cyber criminals are trying to capitalise on this global crisis in every way they can: in March, when countries were just entering lockdown, DomainTools identified over 600 malicious domains associated with the Coronavirus pandemic. 

“The best thing that can be done in these circumstances is to raise awareness. Attackers always hope their campaigns will reach the less tech-savvy users, and that their social engineering tricks will result in someone acting impulsively and clicking on the wrong link.

“While the uncertainty that has characterised this crisis makes the need for information understandable, people should remember not to let their guard down and to always double-check the legitimacy of what comes through their inbox. Companies across the globe are doing their best to stop malicious email campaigns, but users’ caution is still the most effective defence against these type of threats,” said Imai.

More information on the threats Google is seeing, alongside tips on how to enhance email security, can be found here.