X

As coronavirus crisis worsens, hacking is increasing, security experts say

Hackers want to manipulate your fears about COVID-19.

Laura Hautala Former Senior Writer
Laura wrote about e-commerce and Amazon, and she occasionally covered cool science topics. Previously, she broke down cybersecurity and privacy issues for CNET readers. Laura is based in Tacoma, Washington, and was into sourdough before the pandemic.
Expertise E-commerce, Amazon, earned wage access, online marketplaces, direct to consumer, unions, labor and employment, supply chain, cybersecurity, privacy, stalkerware, hacking. Credentials
  • 2022 Eddie Award for a single article in consumer technology
Laura Hautala
4 min read
password-security-laptop-0368

Hackers are using your anxieties about the coronavirus pandemic against you.

Angela Lang/CNET

While you're trying to avoid getting infected with a real virus, hackers are trying to infect your devices with malicious software or grab your personal information. Security experts say that hacking attempts are becoming more frequent in general, and one of the fastest-growing tactics is to use the coronavirus crisis as a ruse.

Zscaler, a security firm, said hacking threats on systems it monitors have increased 15% a month since the beginning of the year, and so far in March they've jumped 20%. The company can see what sort of attacks come through on the networks of its business customers. A growing category of hacks lure victims with the promise of information or protection from COVID-19, the disease caused by the novel coronavirus that has turned into a global pandemic with more than 214,000 cases and 8,700 deaths worldwide.

In many ways, this is business as usual for hackers, who always use current events to trick their victims. Whether it's apps that promise you free access to Oscar-nominated movies or scams that scoop up your tax refund, these attacks trick you into acting against your better judgment. But experts say the attacks are increasing in frequency, and it's clear from hackers' behavior that they see the moment as potentially profitable.

Two major categories of attacks are using the words "coronavirus" or "COVID-19" to attract targets in high numbers, said Deepen Desai, vice president of security research at Zscaler. In March, the company has seen nearly 20,000 unique incidents of phishing attacks, which lead you to fraudulent websites and try to trick you into entering sensitive information like passwords or credit card numbers. It's also found more than 7,000 incidents in which victims were tricked into starting a download of malware, all of which referenced the health crisis.

Jerome Segura, director of threat intelligence at security firm Malwarebytes, said in an email that his company has also seen "an overall increase in malware campaigns using coronavirus/COVID-19 as a lure." He added that the hackers appeared to range from sophisticated, state-sponsored attackers to ordinary cybercriminals and that the malware aims to do things like steal banking credentials or logins to work-related accounts. Segura didn't specify which nation-state actors Malwarebytes was seeing in action, but security researchers have published findings that hackers affiliated with Russia, North Korea and China have taken this approach.

One attack described by Malwarebytes was a malicious spam email falsely offering a file containing information from the World Health Organization on protecting children and businesses from the virus. When downloaded, the file loads malicious software that can steal web browsing data and track everything its victims type. A malicious app detailed by Zscaler promised to show users when someone infected with the novel coronavirus was nearby. Instead, it infected users' phone with ransomware. And another coronavirus-related app found by Lookout, a mobile security company, turns out to stalk users' locations.

In addition to the mounting attacks, more people are registering new web domains that reference the novel coronavirus in their names, as well as registering more security certificates, according to Zscaler and Sophos Labs, another cybersecurity company. While some of this activity may be legitimate, some of it will be hackers trying to set up legitimate-looking websites to lure victims to. The security certificates make fraudulent websites look safe, because browsers won't flag them as insecure. The certificates also make it harder for security software to analyze the traffic coming from malicious websites, because they enable website owners to scramble the traffic up with encryption.

Wash your hands and update your software

The National Cyber Security Alliance urges internet users to use caution when visiting websites or downloading apps related to COVID-19. You should always be wary of unsolicited emails that ask for your personal information, and only get apps from the Google Play store if you're an Android user. The Identity Theft Resource Center and the FTC also have resources for avoiding scams that prey on coronavirus fears.

You can also help prevent malware from damaging your devices by keeping your software updated at all times. That helps patch up known vulnerabilities that hackers often try to exploit.

Eva Velazquez, president and CEO of the Identity Theft Resource Center, said the impact of all these hacks will hit hardest down the road. Most of the time, people who fall victim to scams don't realize they've handed their personal information over to criminals until after the data has been abused. And the consequences could reverberate for a long time, she said.

Normally, when scammers use disasters like hurricanes or fires to trick people, there's only a small number of potential victims. The coronavirus crisis is hitting the whole world, and the number of people seeking help and information is huge.

"They're going to come out in droves," Velazquez said of scammers, "because they see an opportunity."

Watch this: In a world of bad passwords, a security key could be your new best friend

Coronavirus in pictures: Scenes from around the world

See all photos