COVID-19 has presented the UK with an abundance of challenges, including numerous threats to the country’s cyber security which have developed alongside the pandemic. More must be done to combat these threats.
COVID-19 is being increasingly exploited by cyber actors. Vulnerable individuals continue to be conned. In February alone, victims in the UK lost more than £800,000 to COVID-19-related scams. In March, the National Cyber Security Centre (NCSC) was reported to have taken down more than 2,000 online coronavirus scams, including 471 hoax online shops which were selling “fraudulent virus-related items”.
There are other, serious threats to our online and offline presence. The security of remote platforms such as Zoom for sensitive commercial and government communication remains in doubt. A ransomware attack on a hospital in Brno, Czech Republic reminded the UK to not become complacent after the 2017 WannaCry attacks. In response, the NCSC recently released a joint advisory in cooperation with the United States’ Cybersecurity and Infrastructure Security Agency (CISA), pertaining to the exploitation of COVID-19 by cyber criminal and advanced persistent threat (APT) groups.
One of the most prominent cyber threats are phishing emails and sites. The NCSC has taken down over 470 fake online stores selling COVID-19-related items and 200 phishing sites designed to harvest user information in the last month. Google claims to be removing 240m coronavirus-themed spam messages and 18m malware and phishing e-mails daily. Scammers have most notably been circulating malicious e-mails under the pretense of the World Health Organisation, to exploit the public’s faith in trusted institutions. These e-mails advertise scam employment opportunities, request detailed information, or ask for donations or registration fees in return for funds or vague benefits. In response, the Government implemented its suspicious email reporting service (SERS) on 21 April which successfully led to the shutdown of 80 malicious web campaigns after 5,151 suspicious emails were reported on its first day of service.
The advice from the NCSC and CISA also observes a rise in cyberattacks on remote access infrastructures as the UK work force transitions to working from home. Cyber actors have exploited a range of known vulnerabilities in VPNs (Virtual Private Networks), which enable users to send and receive data shared across public or shared networks, and other remote working tools and software.
They have also been successful in hijacking online meetings, which has led to investigations after at least three Zoom meetings were infiltrated and images of child sexual abuse were projected onto screens. One group targeted were the Bristol-based Celebrate Recovery, whose Zoom meeting was disrupted by abuse images. While Zoom has been approved for everyday use, its vulnerabilities are still readily exploitable by malicious actors.
Ransomware attacks are a persistent risk to UK infrastructure. The 2017 WannaCry attack on the NHS affected 80 out of 236 hospital trusts across England, something the UK must not let this happen again as the country struggles with COVID-19.
This attack on a medical institution was not an isolated incident. In March, a hospital in the Czech Republic was hit by a ransomware attack which resulted in heavy disruption. An Illinois state health website was held hostage as hackers demanded a ransom to restore the system containing personal information of 210,000 patients. The NCSC is also aware of increasing attempts by APT groups – most notably China and Russia, who deny involvement – to exploit COVID-19 to penetrate government databases.
The NCSC details tips for defending against online-meeting hijacking, as well as providing guidance for individuals and organisations. However, more needs to be done to lower susceptibility to threats.
There are calls for the Government to further promote cybersecurity training, as it was recently discovered that 66% of remote workers have not been trained in cybersecurity in the last 12 months. Furthermore, the Government should continue to push businesses and organisations to update their cyberskills, with 48% of British organisations reporting that they were unable to carry out basic tasks defined in the Cyber Essentials Scheme, including setting up firewalls, storing data, and removing malware.
Particularly with the NHS tracing app in mind, the Government should be working closely with software developers to ensure that confidential information is not compromised. Moreover, the UK should continue to improve and secure its cyber security infrastructure, in order to avoid a repeat of the WannaCry scandal. All of these recommendations should be taken into consideration as the UK strives to be what the Government describes as “the safest place in the world to live and work online”.
Eleanor Wong is studying for a Masters in Peace Research and International Relations at the University of Tübingen.