Skip to main content

Analysis | The Cybersecurity 202: Coronavirus has sparked a global war between scammers and defenders

By Joseph Marks

with Tonya Riley

The novel coronavirus has created a raging contest between cybercriminals piggybacking on the disease for scams and defenders trying to protect a populace more reliant on the Internet than ever.
The battle shows how the pandemic – which has shut down businesses of all kinds – has done nothing to temper the hacking marketplace. Computer users, who are anxious about their health and finances and migrating more of their activities online or using unfamiliar systems to apply for government services, are often easy prey.

Working in the age of the coronavirus. (Qilai Shen/Bloomberg News)
The numbers of scams related to coronavirus are alarming.  
The Justice Department, working with private companies, has disrupted “hundreds” of websites that were exploiting the virus to commit fraud and other crimes, the department announced yesterday. The malicious sites posed as government agencies running relief programs, legitimate companies and even the American Red Cross.
The FBI’s Internet crime center has also received and reviewed more than 3,600 coronavirus-related complaints — mostly about sites hawking fake vaccines and phony cures and claiming to run fraudulent charity drives. Some of them are designed to steal people’s personal and banking information to hack into their accounts. Others deliver malicious software that can root through computers looking for sensitive data.
The center is urging people to be on guard against strangers requesting personal or medical information.
In the meantime, stay vigilant. Don’t provide personal information to strangers offering fake tests and treatments, and check your medical bills to make sure no one bills you for medical services you didn’t receive. If you suspect a #scam, report it at
— FBI (@FBI) April 22, 2020
The United Kingdom’s National Cyber Security Centre, meanwhile, has taken down more than 2,000 online scams related to coronavirus in the last month, officials say, including 471 fake online shops selling fraudulent items and more than 700 sites designed to steal people’s information or infect them with malicious software.
The worst may be yet to come as the stimulus relief funds head out the door. 
Justice Department officials are girding for another wave of digital scams connected with the trillions of dollars in aid the government is distributing to individuals, families and small businesses to manage through the pandemic, as my colleague Matt Zapotosky reports.  
“The unfortunate fact is the only limitation here is the limitation on the creativity of these fraudsters to come up with ways to use the situation that we all find ourselves in to separate individuals, businesses and the government from lots of money,” Brian Benczkowski, the assistant attorney general in charge of the criminal division, told Matt.
The department plans to deploy data analytic tools that it typically uses to spot health-care fraud to identify when people might be applying for benefits they don’t deserve or are posing as someone else, Benczkowski told Matt.
Scammers are already stealing people’s identities to apply for stimulus checks in their names, as the New York Times’s Nathaniel Popper reports. One woman he spoke with was scammed out of $3,400 in benefits due to her and her husband and two children.
Without the check, she’s just about one month away from being unable to pay rent, Krystle Phelps told Popper.
Justice Department officials are also eager to share information with the Small Business Administration so they can better identify potential fraud trends.
“We know from past history, whenever the government makes a large amount of money available to help individuals and businesses, the fraudsters will come out of the woodwork and seek to get access to that money. So we are preparing vigorously for what we absolutely know is coming,” Benczkowski said.

A man wears a protective mask while looking at his cellphone. (Cindy Ord/Getty Images)
But law enforcement is up against a determined adversary. 
Researchers at Palo Alto Networks had identified more than 2,000 clearly malicious new Web domains related to the virus as of the end of March — mostly aimed at scamming people out of money or loading their computers up with malware. The company found another 40,000 such sites that weren’t clearly malicious but they labeled as “high risk.”
There also has been a 6,000 percent increase in phishing and spam emails related to the virus just since March 11 when the World Health Organization declared the outbreak a pandemic, according to a report this morning from IBM’s X-Force threat monitoring division.
And Google’s Threat Analysis Group is detecting 18 million malware and phishing Gmail messages per day related to the virus according to a blog post from the group’s director, Shane Huntley. That’s in addition to more than 240 million daily spam messages on the topic. The vast majority of those — about 99.9 percent — are blocked by the webmail’s filtering system, Huntley wrote.
And average citizens aren't the only targets. The group has also identified more than a dozen government-backed hacking groups using emails related to the coronavirus to try to worm their way into computers used by U.S. government workers and international health organizations.
NOTE TO READERS: We've debuted a redesign of The Cybersecurity 202 this week aimed at making this tipsheet cleaner, sharper, and easier to read.

The keys

House leaders punt on remote voting.

House Speaker Nancy Pelosi (D-Calif.) and House Minority Leader Kevin McCarthy (R-Calif.). (Andrew Harnik/AP)
House Speaker Nancy Pelosi (D-Calif.) canceled plans to push through a rule change this week that would have allowed some lawmakers to vote from home during the pandemic by having a colleague in Washington cast votes on their behalf, Heather Caygle, John Bresnahan and Sarah Ferris at Politico report. Instead, Pelosi appointed a bipartisan commission to further review the idea. 
Pelosi reluctantly endorsed a proxy voting plan from House Rules Committee Chairman Jim McGovern (D-Mass.), which avoids the cybersecurity and legal concerns posed by members voting by webcast or other online systems. But she flipped that position amid significant opposition from Republicans and after consulting with GOP leadership. Rep. Tom Cole (Okla,), ranking Republican on the Rules Committee, will serve on the commission along with House Minority Leader Kevin McCarthy (R-Calif.) and House Majority Whip Jim Clyburn (D-S.C.). 
Cole told Politico he opposes remote voting and wants Congress to figure out a way to vote in person. “We could be up and operating within normal parameters,” he said. “Instead, we're dreaming up ways to keep us out of Washington longer.”
Here's analysis from Daniel Schuman, policy director of Demand Progress, which has been a leading advocate for remote voting:
It appears Pelosi has backtracked, taking everyone by surprise, and is setting up a group to study remote deliberations. Why she didn’t do this two months ago is beyond me. The upshot is the House remains defunct— members have a vote but not a voice, and only when leadership says
— Daniel Schuman (@danielschuman) April 22, 2020
Apple will fix a flaw that possibly left more than half a billion iPhones vulnerable to hackers.

People wearing protective masks wait in line outside an Apple store. (SeongJoon Cho/Bloomberg News)
The vulnerability affected the email app on iPhones and iPads and might have been used by hackers as early as 2018, ZecOps, the cybersecurity firm that found the bug, told Christopher Bing and Joseph Menn at Reuters.
There’s evidence the bug was used to hack at least one Fortune 500 North American technology company, ZecOps said. Other likely victims include companies in Japan, Germany, Saudi Arabia and Israel, ZecOps said, but declined to name any of them.
Apple acknowledged that it was developing a fix for the vulnerability but declined to comment further.
Reuters also could not independently verify the research, which suggests that hackers could attack without having physical access to the iPhones or tablets. Other researchers say the report should spark concerns.
The research “confirms what has always been somewhat of a rather badly kept secret: that well-resourced adversaries can remotely and silently infect fully patched iOS devices,” Apple security expert and former NSA researcher Patrick Wardle told Reuters.
States are pushing forward with mail voting plans amid the pandemic. 

 Mail-in ballots for the 2016 general election. (Rick Bowmer/AP)
Some of the biggest efforts are coming from Republican-led states. That's despite President Trump’s intense criticism of mail voting, which he claimed without evidence produces widespread voter fraud.
  • Iowa Secretary of State Paul Pate (R) is urging the state’s residents to vote by mail during the state’s June 2 primaries, the Associated Press reports
  • Georgia is sending mail ballots to 650,000 residents who’ve requested them so far, per the Atlanta Journal-Constitution.  
  • Florida counties (Miami-Dade, Broward and Palm Beach) will send vote-by-mail registration forms to every voter, which could possibly double the number of people who vote by mail in the vital swing state, the Miami Herald reports.
  • West Virginia, meanwhile, is solidifying plans to expand a program of voting by mobile apps to all voters with disabilities in the state — a move cybersecurity pros have greeted with skepticism, saying it’s far too vulnerable to hacking. Disability rights advocates consider the use of the tool a win, however.
But states expanding mail voting will face a lot of hurdles. 
Washington Secretary of State Kim Wyman (R) outlined many of the challenges during an online hearing of the Election Assistance Commission yesterday. Here are details from the OSET Institute’s Edward Perez:
7/ ...and finally,
3. Capacity for election officials to retool their operations and create space with social distancing and adequate space.
— Eddie Perez (@eddieperezTX) April 22, 2020
Vote-by-mail also comes with its own coronavirus concerns. Jason Kunz from the Centers for Disease Control and Prevention:
Guidance Coronavirus on paper - polling place & mail...
"Can live on surfaces ranging hours to days. Tissue paper 3hrs, wood & cloth 2days, glass 4days, stainless stain & plastic 7days. Routine disinfection is critical. Regarding Ballot mail - wash your hands"
Jason Kunz @CDCgov
— Election Asst. Comm. (@EACgov) April 22, 2020

Hill happenings

Sen. Markey is urging strict guidelines for states using contact-tracing tech. 

Sen. Edward J. Markey (D-Mass.) speaks during a Senate hearing. (Alex Brandon/AP)
Those guidelines should mandate that private entities limit data tracking to just coronavirus issues and that they're held accountable for misusing any data they collect, Sen. Edward J. Markey (D-Mass.) said in a letter to Vice President Pence.
“The federal government must provide leadership, coordination, and guidance to ensure that contact tracing efforts are effective and do not infringe upon individuals’ civil liberties, including the right to privacy,” Markey wrote.
Apple and Google have both promised to end their contact-tracing programs after the pandemic is over. But Congress is skeptical and there are still plenty of state and private efforts that lack federal oversight, Markey points out.

Industry report

Top tech platforms announced new moves to protect elections and combat the pandemic.

Twitter is scheduled to release earnings figure on April 25. (Alex Flynn/Bloomberg News)
Facebook will make it easier to see where election-related posts originated. 
The social media platform will display the country of origin for some non-U.S.-based Facebook pages and Instagram accounts primarily targeting American users, the company announced in a blog yesterday. It could help quell criticism from U.S. lawmakers that the company isn't doing enough to curb foreign influence in U.S. elections. The pilot will eventually expand to other countries.
Twitter will remove coronavirus content that could lead to offline destruction of 5G telecommunications infrastructure, TechCrunch reported yesterday.
The move follows online conspiracy theories that the next-generation system is linked to the virus and that prompted people to destroy cellphone towers in the United Kingdom. Such theories also gained traction on Facebook and Instagram, but those services have yet to institute a similar ban.
More industry news:

The next version of Zoom will have stronger encryption to prevent tampering. Account administrators also can choose where their traffic is routed.

Global cyberspace

A Vietnam-linked hacking group known as APT32, tried to crack into the email accounts of staff at China’s Ministry of Emergency Management and the city government of Wuhan, researchers at cybersecurity firm FireEye report. Wuhan is where the coronavirus pandemic originated.
It shows the lengths governments are willing to go to for coronavirus intelligence. “These attacks speak to the virus being an intelligence priority — everyone is throwing everything they’ve got at it, and APT32 is what Vietnam has,” Ben Read, senior manager for analysis at FireEye, told Reuters. Vietnamese officials called the charges “baseless.”
More global news:

Expansion of ‘snooper’s charter’ would allow more authorities to access web browsing histories
The Guardian

Cyber insecurity

Sextortion scams now account for up to 20 percent of all spam.

A hacker at work. (iStock)
The paydays average around $3,000 a day for the scammers who threaten to share intimate videos of their victims, researchers at Sophos report. Often, the videos don't exist but hackers have just enough personal information to make it seem like they do.
Some of that money goes toward more crime.
“Given that some of the transfers were used to obtain stolen credit card data or other criminal services — probably including more botnet services for sending spam — the payouts from the sextortion campaigns are funding yet another round of scams and fraud,” researchers write.

Chat room

One thing you might’ve missed amid the coronavirus news: Controversial post-9/11 surveillance powers have now been expired for more than a month with few signs of concern from the White House or Congress. Officials including former president Barack Obama once warned of dire consequences if the spying powers went inactive for even a few days.
The Wall Street Journal’s Dustin Volz:
This is your regular reminder that a set of surveillance powers used for national security investigations expired 38 days ago and Congress has no plan at the moment to renew them.
— Dustin *Help Flatten the Curve* Volz (@dnvolz) April 22, 2020
The Electronic Frontier Foundation:
If a surveillance law expires in the middle of a pandemic, does
anyone even notice?
— EFF (@EFF) April 16, 2020


  • The McCrary Institute and Cyberspace Solarium Commission (CSC) will host live event discussing if deterrence is possible in cyberspace Wednesday at 1 p.m.
  • The R Street Institute will host a discussion on "EARN IT Act and Its Broader Implications for Encryption and Cybersecurity" Wednesday at 2 p.m.

Secure log off

A lesson in what not to do on Zoom. Reporter Alain Tolhurst:
We have the first great Parliamentary Zoom disaster, courtesy of @vaughangething in the Welsh Assembly
— Alain Tolhurst (@Alain_Tolhurst) April 22, 2020
We’re doing far better with Zoom conferences here at The Cybersecurity 202…
Hey @CyberScoopNews The Cybersecurity 202 crew sees your hacker hoodie stock art and raises a slick background. Got anything else or are you heading home now? @MorningCybersec? @dnvolz and @AlexaCorse? cc @TonyaJoRiley @SaraSorcher
— Joseph Marks (@Joseph_Marks_) April 22, 2020
Who wore it better? 
So we're pivoting to hacker stock art
— Shannon Vavra (@shanvav) April 17, 2020


Popular posts from this blog

Analysis | The Cybersecurity 202: How the shutdown could make it harder for the government to retain cybersecurity talent

By Joseph Marks 13-17 minutes THE KEY President Trump delivers an address about border security amid a partial government shutdown on Jan. 8. (Carolyn Kaster/AP) The partial government shutdown that's now in its 18th day is putting key cyber policy priorities on hold and leaving vital operations to a bare bones staff. But the far greater long-term danger may be the blow to government cyber defenders' morale, former officials warn. With the prospect of better pay and greater job security in the private sector, more government cyber operators are likely to decamp to industry, those former officials tell me, and the smartest cybersecurity graduates will look to industry rather than government to hone their skills. That’s especially dangerous, they say, considering the government’s struggle to recruit and retain skilled workers amid a nationwide shortage of cybersecurity talent. About 20 percent of staffers are furloughed at the De

Democrats call for investigation into Trump’s iPhone use after a report that China is listening:Analysis | The Daily 202 I The Washington Post. By James Hohmann _________________________________________________________________________________ President Trump and Chinese President Xi Jinping visit the Great Hall of the People in Beijing last November. (Andrew Harnik/AP) With Breanne Deppisch and Joanie Greve THE BIG IDEA: If Democrats win the House in two weeks, it’s a safe bet that one of the oversight hearings they schedule for early next year would focus on President Trump’s use of unsecured cellphones. The matter would not likely be pursued with anywhere near the gusto that congressional Republicans investigated Hillary Clinton’s use of a private email server during her time as secretary of state. Leaders of the minority party have higher priorities . But Democratic lawmakers made clear Thursday morning that they will not ignore a New York Times report that Trump has refused to stop using iPhones in the White House, despite repeated warnings from U.S. intelligence offici

RTTNews: Morning Market Briefing.-Weekly Jobless Claims Edge Down To 444,000. May 13th 2010

Morning Market Briefing Thu May 13 09:01 2010   Commentary May 13, 2010 Stocks Poised For Lackluster Open Amid Mixed Market Sentiment - U.S. Commentary Stocks are on pace for a mixed start to Thursday's session, as a mostly upbeat jobs report continued to relieve the markets while some consternation regarding the European debt crisis remained on traders' minds. The major index futures are little changed, with the Dow futures down by 4 points. Full Article Economic News May 13, 2010 Weekly Jobless Claims Edge Down To 444,000 First-time claims for unemployment benefits showed another modest decrease in the week ended May 8th, according to a report released by the Labor Department on Thursday, although the number of claims exceeded estimates due to an upward revision to the previous week's data. Full Article May 13, 2010 Malaysia's Decade High Growth Triggers Policy Tightening Malaysia's economy grew at the fastest pace in a decade in