Cyber criminals are trying to wreak havoc during global pandemic

First responders hit with malicious software. Ransomware deployed against medical facilities. Average citizens duped by stimulus check scams. Children facing electronic eavesdropping.

As government leaders and first responders battle the Covid-19 virus causing sickness and death across much of the globe, US federal law enforcement officers are also working to fend off malicious cyber actors taking advantage of the pandemic to cause harm.

In a series of public bulletins issued in the past month by the Federal Bureau of Investigation, Department of Homeland Security, and Secret Service, federal officials have urged citizens to remain vigilant against a growing list of threats emanating from cyberspace.

On Wednesday, the FBI’s Internet Crime Complaint Center released a public notice warning that cyber criminals were taking advantage of the coronavirus outbreak to exploit the use of virtual environments adopted by government agencies, businesses, students, and private citizens seeking to maintain communication following an unprecedented call by governments and leaders for people to remain at home.

“The COVID-19 pandemic has led to a spike in businesses teleworking to communicate and share information over the internet,” the FBI said in its warning. “With this knowledge, malicious cyber actors are looking for ways to exploit telework software vulnerabilities in order to obtain sensitive information, eavesdrop on conference calls or virtual meetings, or conduct other malicious activities.”

Wednesday’s bulletin from the FBI followed a similar warning earlier in the week from the agency, which specifically cited attempts by criminals to compromise the popular videoconferencing software program Zoom.

“The FBI has received multiple reports of conferences being disrupted by pornographic and/or hate images and threatening language,” the FBI notice stated. The Bureau went on to outline a series of steps the public should take to help protect their privacy, to include ensuring Zoom virtual meetings are set to “private,” requiring passwords for online meetings, and locking down the ability to share screens by anyone other than the meeting host.

A spokesperson for Zoom told CNN in an email on Thursday that the company “appreciates all efforts to raise awareness around how to best prevent these kinds of attacks.”

As more and more schools have moved to online classroom learning in response to the closure of educational institutions around the country, the FBI is also providing tips for parents on how to protect their children from malicious cyber actors.

Specifically, the bureau has urged parents to closely monitor the use of educational technology and online services by children. They should “conduct regular internet searches of children’s information to monitor the exposure and spread of their information on the internet” and “consider credit or identity theft monitoring to check for any fraudulent use of their child’s identity,” according to FBI experts.

Another tactic being used by sophisticated criminal actors to prey on unsuspecting victims is the creation of fraudulent coronavirus-related websites. In a letter last week to government colleagues, the Homeland Security acting chief information officer noted that an analysis of recently-created websites associated with Covid-19 found that nearly one hundred of the sites reviewed were “actively malicious,” while over 2,000 were deemed “suspicious.”

A variation on this tactic can be found in recent efforts by cyber criminals to trick consumers into claiming their coronavirus “stimulus checks” from major stores. In one scam spotlighted this week by the FBI, criminals sent unsolicited text messages to recipients, instructing them to click on a link in order to claim a $100 “stimulus bounty” from the retailer Costco. In reality, the link redirected the user to a malicious website that then compromised the user’s phone.

In addition to exploiting online technical features, the government has also warned that cyber criminals are taking advantage of feelings of generosity towards those impacted by the pandemic to bilk innocent victims out of money.

In a public message last month from the Secret Service, federal agents outlined how nefarious actors are actively “using social engineering tactics through legitimate social media websites seeking donations for charitable causes related to the virus. Criminals are exploiting the charitable spirit of individuals, seeking donations to fraudulent causes surrounding the coronavirus.” Members of the public were urged to be cautious in donating to causes or organizations that might be unfamiliar to them.

The Secret Service message also included a stark assessment of why cyber criminals are especially successful during periods of national crisis, noting that “any major news event can become an opportunity for groups or individuals with malicious intentions. The coronavirus is no different. In fact, the coronavirus is a prime opportunity for enterprising criminals because it plays on one of the basic human conditions…fear.”