During the Covid-19 pandemic we’ve all been spending far more time online than usual and so have another group: cybercriminals. According to Ofcom we’re now spending on average four hours online a day. This, combined with increased anxiety and stress around the pandemic, is leaving us more vulnerable to online attacks. The UN disarmament chief has warned that there has been a 600% increase in malicious emails since lockdown began. And it’s not just email. As lockdown has continued, cybercrime has taken on many different guises, from attacks on individuals to large-scale hacks.
Zoom bombing
Zoom has had a good pandemic, earning in Q1 2020 a $27 million profit versus $198,000 a year ago. Boosted by the many thousands who have flocked to the platform to stay in touch with family and friends and work or even study, from home. However, the platform has suffered worrying security issues. In April and May there were many victims of so-called ‘Zoom bombing‘. Hackers joined private video calls in order to disrupt them, often by sharing explicit content using the ‘screen share’ function. In late April, hackers broke into an online classroom in Scotland and broadcast child abuse to the 200 children and their parents who were attending an online ‘training session’ for swimming. Hasty software updates now allow for a greater degree of security, including passwords and a waiting room by default. Since the security patches there has been a steep decline in ‘Zoom bombs’, however, the platform as a whole should still be used with caution.
Snapchat Sextortion
One form of hacks targeting specific individuals has been the sextortion of Snapchat users. One case – there have been others – involved a 18-year-old man in Holland who managed to extort over 20 people. His victims clicked on a link which purportedly allowed them to see if they were in an area where Covid-19 had been detected (a perfect example of cybercriminals exploiting fear around Coronavirus). This was a phishing link which then locked users out of their accounts and gave the hacker access to their login details. Once logged in to those accounts, the hacker threatened to release private images, with payment or nude photos being demanded to prevent release. It’s clear that cybercriminals are specifically capitalising on fear and curiosity around Covid-19 to lower usual barriers of safety and caution online.
Russian vaccine hack
Cybercrime on a much larger scale was the purported Russian hack of UK, US and Canadian vaccine research. The UK security minister James Brokenshire has said that Britain is “more than 95%” sure Russian state-sponsored cybercriminals targeted labs around the world involved in developing the Covid-19 vaccine. Although the UK government has not confirmed whether any data was taken in the hack, they have confirmed that in some cases IT systems were accessed, which are now being scanned for vulnerabilities. This attack was also facilitated by a phishing expedition which mirrored the intranets of those that it targeted. The announcement of the hack came hours after Russia announced the intention to produce 200 million doses of an experimental vaccine this year, suggesting that they may have been successful. This hack is the latest in a long history of alleged Russian hacks on British interests including the 2017 election day hack of our energy grid. Cybercrime of this nature is not unique to lockdown, but has continued to be exacerbated by it. With large-scale state-sponsored hacks being not unusual, we would do well to remember the vast range of people and organisations who are targeted by hackers. We all need to be alert to much more than rogue emails from ‘Nigerian Princes’ urgently needing our help to transfer funds to their bank accounts.
#Twittergeddon
On the 15th of July, another large-scale hack took place, this time of the accounts of celebrities on Twitter, including Kim Kardashian, Barack Obama, Elon Musk and Jeff Bezos. In total 130 accounts were targeted of which hackers appear to have managed to log into 45. This was once more executed through a phishing email, which gave the hackers access to an internal Slack channel containing details of Twitter accounts. On the day of the hacks, a number of high–profile accounts including not only individuals but also companies such as Apple and Uber, promised to send each person who gave them $1000 in Bitcoin, $2000 in return. Although most Twitter users saw through the ruse, the hackers still appear to have raked in more than $100,000 – or £80,000. The hackers are untraced, so far. Once again, this hack was exploiting Covid-19 and in this case, the financial instability around it, for advantage.
How to stay safe from cybercrime
The most vulnerable sections of the population to scams and cybercrime are often the young and the elderly. Both may lack the cynicism and experience of adults which might help them to identify if they’re being phished. Talk to friends and family, flag anything suspicious, talk about cybercrime and what forms phishing might take, and help them stay safe. A few tips:
- Think before you click. Most phishing scams will take the form of clicking a link in an email, text or other form of communication. Before you click on anything, check the source. Why not just Google the quiz/ question/ information yourself instead of clicking through? It may save you a lot of heartache.
- Never, under any circumstances, share your password with anyone. This doesn’t mean you don’t trust your partner or friend, but the fewer people who have access to your account the less likely it is that it will fall prey to a phishing scam, and that your data will be shared.
- Use two-factor authentication. This usually means having a password and also having a randomised code being sent to your phone every time you log in. It’s cumbersome, but it will deter many hackers and it’s easy to set up.
- Don’t publicise details of private video calls online. This seems obvious, but this advice also includes Facebook groups and large group chats. If you’re using Zoom, post the ID and then send the password directly to those who ask to join, for example. Every layer will ensure more security.
It’s a good idea to brush up on safety and security procedures in the midst of a pandemic. We’re all much more vulnerable than usual. Stay safe, and continue to enjoy the benefits of the digital world without exposing yourself to scams and hacks.