Covid-19 related cyber-attacks leveraged Government announcements


A consortium of researchers including Dr Jason Nurse from the University’s Institute of Cyber Security for Society (iCSS) and School of Computing, have found that there has been a surge in cyber-security crime experienced during the Covid-19 pandemic, with a particular correlation between governmental policy announcements and cyber-crime campaigns.

Their study, published in the journal Computers & Security, found that some days as many as three to four new cyber-attacks were being reported.

The Covid-19 pandemic created a new normal for billions of people around the world, with people working from home, ordering shopping and socialising online as shops and businesses were closed. However, with an increased amount of people being online, an increase in cyber-attacks has also been found.

By using the UK as a case study, the paper reveals the explicit connection between governmental policy announcements and cyber-crime campaigns. Although this is a pattern that has been suspected for a while now, this is the first analysis from hundreds of cases around the world which makes this connection clear.

The research was led by Dr Harjinder Lallie and colleagues at the Warwick Manufacturing Group (WMG), University of Warwick, in collaboration with Dr Nurse (Kent), Dr Lynsay Shepherd (Abertay University), Dr Arnau Erola (University of Oxford) and Dr Xavier Bellekens (University of Strathclyde).

Since the outbreak of the pandemic in 2019 there have been reports of scams impersonating public authorities such as WHO, and organisations such as supermarkets and airlines targeting support platforms such as PPE and offering Covid-19 cures. They often target the public, who are now socialising and spending more time online in general, as well as the increased population of people who are working from home.

Such scams can be sent by text or e-mail, and in most cases a URL pointed to a fake institutional website which requests debit/credit card details.

In order to support ongoing research, the researchers have proposed a novel timeline of 43 cyber-attacks related to the Covid-19 pandemic. This timeline and the subsequent analysis can assist in understanding those attacks and how they are crafted, and as a result, to better prepare to confront them if ever seen again.

They found that from the point that the first case was announced in China (8 December 2019) the first reported cyber-attack was 14 days later. From this point onwards the timeframe between events and cyber-attacks reduced dramatically.

The cyber-attacks were categorised, and it was found:

  • 86% involved phishing and/or smishing
  • 65% involved malware
  • 34% involved financial fraud
  • 15% involved extortion
  • 13% involved pharming
  • 5% involved hacking
  • 5% involved denial of service

Dr Nurse said: ‘Covid-19 has had a substantial negative impact on society, and this impact, as we show in our new research, has also meant a notable increase in cyber-crime globally.

‘There are several significant novel findings emerging from our analysis, but the one I found most salient was the targeted use of threats, scare tactics and fake incentives within attacks. Cybercriminals clearly understood that many people would be anxious, worried, distracted and away from their support networks (personal or work-related), and sought to exploit this as much as possible. I hope our research can provide a pathway for future work into faster reaction to these cyberattacks, and also increase society’s awareness of their prevalence.’

The research paper, ‘Cyber Security in the Age of COVID-19: A Timeline and Analysis of Cyber-Crime and Cyber-Attacks during the Pandemic,’ is published in the journal Computers & Security. doi: 10.1016/j.cose.2021.102248