Skip to main content

Phishing, fakes, and football piracy – mitigating the new cyber threats from Covid-19

security
(Image credit: Shutterstock / Song_about_summer)

With around 20 percent of the world’s population placed under lockdown during the first wave of the pandemic, Internet use quickly rocketed to a new high and has stayed there. For more than a year, people in all corners of the globe have relied on the Internet to maintain contact with friends and family, work, shop, and stay entertained. Overall, the Covid-19 pandemic acted as a powerful accelerant for the largely digital lifestyle. 

Such significant changes always come with their drawbacks, however, and in this case they are the increased threats to individuals and businesses online as bad actors exploit new opportunities and vulnerabilities. Criminals sought weak points, as in new digital services and applications, as soon as employees started using IT to work from home full-time. More than 6,000 cases of Covid-related fraud and cyber-crime have been recorded by the UK’s police force during the pandemic. Besides initiating extensive email phishing campaigns, bad actors also capitalized on consumers’ health fears, resulting in a flood of counterfeit goods such as masks and fake Covid-19 testing kits. Barely a month into the pandemic in Europe, international law enforcement agencies seized more than 34,000 counterfeit and substandard masks while a year later police in China and South Africa swooped on thousands of fake Covid-19 vaccine doses. As well as preying on fears, criminals have also targeted unmet demand for entertainment, which has resulted in substantial increases in film and TV piracy, and the unauthorized streaming of sports events.

Yet, despite these new threats, the Internet is undoubtedly also a force for good, helping people to stay connected and allowing businesses to remain viable by moving their operations online. So, as businesses and brands look to optimize the online world, it is important to examine the new risks they face and ask how they should mitigate them to ensure security for the duration of the pandemic and beyond.

Shape-shifting phishing tactics

Since March 2020, online bad actors have launched a variety of Covid-19-related phishing and malware attacks against workers, healthcare facilities, and the unemployed who have been spending more time online. Phishing emails related to Covid-19 increased by 600 percent while Google alone was said to be blocking 18 million hoax Covid emails every day. In the first quarter of 2020, OpSec Security found that SaaS and webmail sites were the biggest targets of phishing, accounting for more than a third (34 percent) of all attacks, followed by financial institutions (19 percent), and the payment sector (13 percent). 

As well as increasing in frequency, phishing attacks have also been changing to reflect the times. This has included exploiting concerns about the virus and the desire to keep up with the latest developments. For example, some cybercriminals have been spreading malware by adding text from Covid-19 news stories to phishing emails to bypass security software that uses artificial intelligence (AI) and machine learning (ML) as detection methodologies. Without protections to catch these more sophisticated attacks, businesses and brands are leaving themselves, their customers, and their employees vulnerable. 

The increase in phishing attacks and the use of these tactics has led some companies, including Microsoft, to take stronger action to protect themselves and their customers. In 2020, Microsoft’s Digital Crimes Unit (DCU) took down a business email compromise operation in which hackers used Covid-19-related phishing emails to infiltrate customer email accounts, contact lists, and sensitive documents in order to send emails that looked like they came from a trusted source. Few businesses have the resources of Microsoft in this field, but by working with the right partners and bodies and having tools in place to prevent phishing attacks slipping through the net, they can certainly mitigate the risk posed by this kind of activity.

Businesses can also take simple measures to educate both their employees and customers about online security, by, for example, sharing information about how they may be targeted and the ways in which they can keep themselves safe and check for authenticity. As part of this, brands should also outline what they are doing to protect their customers. By demonstrating that customer security genuinely is a priority and detailing the brand protection schemes they have in place, brands will be able to build trust and ensure consumers only have positive interactions with their business.

Piracy of entertainment and sporting events is no joke

The growth in piracy, however, is a different kind of challenge. With governments frequently telling citizens to stay at home other than for food and medicine, people have sought more ways to entertain themselves. This wave of demand has detonated an explosion of piracy in film, TV and music, right across Europe, as bored consumers eagerly search for new content before it is officially available in their region. 

As global football shut down in the early days of the pandemic, the scarcity of sporting events also led to live unauthorized streaming of the Belarussian Premier League, which continued its fixture program. The German Bundesliga was also subject to streaming piracy when it returned in May last year.

One distinctive aspect of this streaming piracy is the use of social media platforms. These not only have the advanced technology required but also provide a forum for live interaction between fans that adds to the overall experience. The fact that such streaming takes place on well-known platforms may convince unwitting consumers that nothing unlawful is occurring. 

As well as social networks, illegal IPTV services were quick to adapt and make new live content available to paying customers, some offering discounts to new subscribers with voucher codes using the terms “Covid 19” or “CORONA.”  The extent of this problem led the UK police to warn individuals using these services that they should desist or risk prosecution. 

Preparing for the long-term impact

These extensive and sophisticated acts of piracy demonstrate how bad actors are very agile in capitalizing on sudden dislocations in society, such as the mass shift to online work and entertainment, and the rise in anxiety generated by the pandemic. It means consumers and brands have become susceptible to cybercrime on a scale not seen before. From phishing scams to fake personal protective equipment and pirated films, many forms of cybercrime have spread like a contagious virus and may not go away quickly.

In this changed world, brands must revise their security to meet new challenges online and recognize that Covid-19 may have lasting consequences for consumer behavior and business vulnerabilities. Often short of internal expertise, brands must seek out experts who can help identify the multiple threats developed by cyber-criminals before they inflict significant damage. They must disable fraudulent activity as early as possible to ensure their business remains intact, along with its reputation with customers and suppliers. Once this mitigation capability is embedded it will be possible to seize new opportunities and grow revenues without the crippling fear that customer trust is at risk.

Robin Boldon, Director Product Management for Anti-Piracy, OpSec Security