2020 will go down in history as the year that introduced us to COVID-19. While people were fighting the notorious virus and trying to adapt to their new pandemic reality, hackers searched for ways to exploit the situation. Cybercrimes surged and privacy issues became an increasingly urgent topic for both individuals and corporations. Let’s take a look at how things have escalated.
In January, long before the world grasped the enormity of the crisis, the first malicious coronavirus emails appeared in Japan and other east Asian countries. They claimed that COVID-19 had been discovered in certain Japanese prefectures and contained an attached Microsoft Word document with the Emotet trojan.
As the virus spread across the world, so did the scams.
Coronavirus-related domain name registrations surged. One of the first malicious domains to appear was vaccinecovid-19.com, which sold a fake coronavirus test for $300.
Already, the first months of 2020 had established two worrying facts:
It was great news for hackers, and terrible news for everyone else.
By the end of March, the number of virus-related scams had increased by 400% compared, compared with previous months. Hackers were selling fake masks, tests, sanitizers, and even vaccines. They often impersonated reputable government agencies like the World Health Organization, using phishing tactics and social engineering.
Meanwhile, Zoom — a video conferencing app — grew in popularity as millions of people started to work from home. However, it was soon discovered that Zoom might not be the most secure option for online gatherings. There were numerous reports of random strangers invading Zoom meetings, sharing pornography, harassing users, and spreading malware.
Throughout April, Zoom's user base continued to grow, but so did the company's problems:
Hackers who took advantage of the Covid situation were now a fact of daily life. The FBI reported that, since the beginning of the pandemic, it started receiving 3000—4000 cybersecurity-related complaints daily, a major spike from the 1000 daily complaints it was used to before the pandemic.
May was a particularly bad month for health-related cyberattacks:
By May, many people had lost their jobs in the lockdown. Compounding the problem, criminals were now applying for social benefits with stolen names and social security numbers. The US was hit the hardest, with government organizations receiving thousands of false complaints and losing millions of dollars.
Throughout 2020, large organizations struggled to maintain their digital security — and June was no exception. One key challenge was the massive shift to home-working that had taken place over the first four months of the pandemic. Companies, universities, and government agencies now raced to bring their remote security practices up to scratch before hackers could exploit new weaknesses.
For the health sector, June was another challenging month. By now, the internet was awash with fake contact tracing apps, designed to steal users’ sensitive information.
When Canada announced a new contact tracing app, a copycat soon followed. The bogus app was advertised on fake websites designed to look exactly like the Canadian government’s. If you were unlucky enough to download the hacker’s app, your device could then be locked and held for ransom.
The University of California, San Francisco, which had been involved in urgent COVID-19 research, admitted to paying hackers $1.14 million in ransom money.
A survey conducted by VMware has revealed that 89% of Americans have been targeted by COVID-19-related malware. However, government entities around the world were also popular targets for hackers and malware distributors.
The UK National Cyber Security Centre (NCSC) published a report stating that hackers working for Russian intelligence services targeted various organizations involved in COVID-19 vaccine development in the UK, US, and Canada.
You might think that internet users would have gotten better at identifying scams as the year went on. Well, according to several reports, that wasn't the case. Two damning statistics stood out:
In August, the Federal Trade Commission urged people to be cautious, avoid unusual online transactions, and be wary of phishing scams. Social engineering attacks were on the rise, endangering both companies and private individuals.
In September, Spain’s National Intelligence Center alleged that Chinese hackers had stolen information related to the country’s coronavirus vaccine. While China denied these claims, cybersecurity experts warned that attacks on research institutions were happening regularly all around the world. China, Russia and Iran were believed to be the culprits, and may still be engaging in such activities today.
The FBI issued a warning about scams revolving around charities. Since many people were willing to donate money to fight the pandemic, scammers set up fake websites and sent emails asking for funds. Not only did this result in people losing money, but it diverted donations away from groups that actually needed them.
UK police forces and other organizations ran an October campaign to raise the awareness around romance frauds. These insidious scams usually involve four steps:
Predictably, many of these scammers started to use Covid-related travel restrictions and lockdowns as ploys to ask for assistance.
In the last months of 2020, cybercrime related to COVID-19 vaccines intensified. Hackers approached AstraZeneca employees on LinkedIn and WhatsApp, pretending to be recruiters and offering them job opportunities. However, their messages included malware, which would allow hackers to gain access to AstraZeneca computer systems.
Various criminal groups were also promoting fake coronavirus clinical trials that allegedly paid $1,000 for participation. When victims clicked the link, they downloaded malware, allowing hackers to steal usernames and passwords. This was just one more example of the malware plague that seemed to accompany the real-world pandemic.
In November, the UK’s National Cyber Security Centre reported that 1 in 4 cybersecurity incidents in 2020 were related to COVID-19. Employees working from home and academic institutions were among the most targeted groups.
December was yet another tough month for vaccine developers:
2020 may be over, but as the world waits for the vaccines to take effect, new threats are emerging. The more people fixate on when and how they can get the vaccine, the more likely they are to walk into a hacker's trap. And according to research by NordVPN, the number of potential cybercrime victims is rising.
A NordVPN report found that, since the beginning of the vaccination roll-out, search queries related to COVID-19 vaccine sellers have spiked. Many individuals are attempting to get early access to jab — and are willing to pay for it. In the UK alone, our data reveals that:
Some of the people searching for these terms will almost certainly end up on fake websites and fall victim to hackers. As our report suggests, the dangers of vaccine scams have never been higher.
The pandemic has changed the way we work and how we organize our daily routines. As employees moved from offices to their homes, they developed new digital habits. Research by the Nord Security team has shown that we’re spending more time online than ever, but we are also more aware of cybersecurity risks:
Scientists say that it takes more than 2 months to form a new habit. Since we’ve been living in the new pandemic reality for a year now, these habits will definitely stay with us for a while.
Criminals have always exploited disaster and social unrest, but the pandemic created an unusually prolonged period of instability. If 2020 has taught us anything, it's that cybercriminals will never miss an opportunity to hijack a crisis.
2021 will definitely be another disastrous year for online privacy and security. Corporations, government bodies, and individual citizens are all at risk.
Luckily, more and more people now understand the power of antivirus software, firewalls, VPNs, strong passwords, two-factor authentication, and common sense. Cyber threats aren’t going anywhere; we need to learn how to live in this hostile environment and secure our digital lives.
For more cybersecurity and privacy news, subscribe to our monthly blog newsletter below.