Coronavirus Sets the Stage for Hacking Mayhem

As more people work from home and anxiety mounts, expect cyberattacks of all sorts to take advantage.
blue network cables
Photograph: Volker Schlichting/Getty Images

The novel coronavirus has impacted the global economy, daily life, and human health around the world, changing how people work and interact everyday. But in addition to the pressing threat the virus poses to human health, these rapid changes have also created an environment in which hackers, scammers, and spammers all thrive.

Coronavirus phishing scams started circulating in January, preying on fear and confusion about the virus—and they've only proliferated since. Last week, Brno University Hospital in the Czech Republic—a major Covid-19 testing hub—suffered a ransomware attack that disrupted operations and caused surgery postponements. And even sophisticated nation state hackers have been using pandemic-related traps to spread their malware. The conditions are ripe for cyberattacks of all sorts.

Read all of our coronavirus coverage here.

More people than ever are working from home, often with fewer security defenses on their home networks than they would have in the office. Even in critical infrastructure and other high-sensitivity environments where it would be impossible to securely work from home, skeleton crews at the office and general distraction can create windows of vulnerability. And in times of stress or distraction, people are more likely to fall for malicious scams and tricks.

"This global crisis is an emergent vulnerability in the broadest sense possible," say Lukasz Olejnik, an independent cybersecurity researcher and consultant who has been analyzing the digital security risks posed by the pandemic. "The current situation poses enough challenges. Any additional undesirable events would just make it more difficult. So one worst case consequence of a cyberattack could be slowing down crisis response, for example in the health care sector."

That's exactly what has played out at Brno University Hospital, where the Czech National Cyber Security Center and Czech law enforcement still have not fully restored digital services. Ransomware attacks on hospitals are common, because scammers hope that the urgent need to function will push administrators to simply pay the ransom. Such attacks always pose a potential threat to the health and safety of patients, but are especially horrific during a pandemic that is straining the world's health care systems. On Wednesday, the incident remediation firm Coveware and the malware defense firm Emsisoft began offering free ransomware response services to health care organizations for the duration of the pandemic, warning that a digital attack on a health care provider during this time would have real-world kinetic consequences.

Meanwhile, phishing and scam websites themed around the pandemic are exploding on the web; some reports estimate thousands of new domains cropping up every day. Crane Hassold, senior director of threat research at the email security firm Agari, says that his team is particularly wary of the threat phishing poses to people working remotely. Home Wi-Fi often doesn't have the same defenses—think firewalls and anomaly detection monitoring—of corporate environments. And it doesn't help that some leading corporate VPNs have major vulnerabilities that companies don't always take the time to patch.

Hassold, formerly a digital behavior analyst for the Federal Bureau of Investigation, also notes that even extra-cautious employees may be more likely to take phishing emails at face value, since it's not as easy to call across the room to a colleague and check whether they really initiated that payroll payment reroute. "All of this is a perfect storm," he says.

Covid-19 scams aren't just being used by criminals for monetary gain. They’re also showing up in more insidious operations. Mobile security firm Lookout published findings on Wednesday that a malicious Android application has been posing as a Covid-19 tracking map from Johns Hopkins University, but actually contains spyware connected to a surveillance operation against mobile users in Libya.

And then there are the nation state hackers, who know full well that home networks simply aren't as secure as those in offices. Remote connections in particular make it more difficult, if not impossible, for most threat detection tools to differentiate legitimate work from something suspicious.

"There’s no question that some intelligence agencies are going to take advantage of this," says Jake Williams, a former NSA hacker and founder of the security firm Rendition Infosec. "Whatever your baselines are, you've probably departed from them now with all of this remote access. So anything you thought you were going to get out of certain tools you’re not going to get anymore—and a lot of times everything, every connection is just lighting up like a Christmas tree. Plus, everybody is just so distracted. It definitely presents an opportunity for attackers to be a little bit noisier and a little more aggressive. I would be very surprised if they don’t take advantage of that."

Overall daily internet usage has increased around the world during the pandemic, but John Graham-Cumming, chief technology officer of the internet infrastructure company Cloudflare, says that he and other infrastructure providers he's spoken to aren't concerned about handling the load. But Cloudflare's protective mechanisms have blocked between 50 and 70 percent more assaults, like distributed denial of service attacks, in recent weeks compared to January. Graham-Cumming largely attributes this spike to amateur experimentation.

"This is not unusual, we see this correlated with vacations for students around the world when they're no longer in college so some of those folks will start trying to hack things," Graham-Cumming says. "Whilst there might be a component in here which is truly malicious in the sense of trying to exploit the situation, I think that most of it actually is an effect of people finding that they’ve got time on their hands and if those folks are capable hackers they’ll use that time."

While the internet backbone was built with doomsday scenarios in mind, Rendition Infosec's Williams notes the current global pandemic is far beyond the contingency planning of most organizations. "The only time they would ever even contemplate something like this is a disaster recovery plan for natural disasters or something like the 9/11 attacks. But most people wouldn’t have that and even when they do it’s all about availability and confidentiality, not about threat detection."

Similar to the weeks-long United States government shutdown at the beginning of 2019, the Covid-19 pandemic could also expose governments themselves to attack as agencies prioritize the outbreak above all else, close nonessential in-person operations, and direct staff to work from home. Governments are also turning to consumer services they don't usually rely on to communicate. These shifts, like the British army's decision to treat commands issued over WhatsApp as official written orders, aren't inherently insecure, but could have unforeseen consequences.

Rapid changes to daily life during the pandemic have also changed how people interact with internet-connected technologies. Without time to develop tailored defenses, that also means new exposures and risks.


WIRED is providing free access to stories about public health and how to protect yourself during the coronavirus pandemic. Sign up for our Coronavirus Update newsletter for the latest updates, and subscribe to support our journalism.


More From WIRED on Covid-19