The Exploitation of COVID-19 by Cyber Criminals

More than a quarter of serious cyber-crime incidents responded to last year by the UK’s National Cyber Security Centre (NCSC) were related to COVID-19. This is incredible because the NCSC Annual Review spans 01 Sep 2019 to 31 Aug 2020: the 200 COVID-19 attacks (out of 723 attacks in total) appeared as a surge from April 2020.

Opportunist criminals are amazingly quick off the blocks.  The challenge for law enforcement agencies is to match that speed and dynamism.

Protect your friends by sharing this article with them:

Year on year the agency is defending the UK from a growing threat (a 10% rise over 2019) and is reliant on co-operation and early warnings from its network of partners and reports from victims themselves.  In 2021, IPS will be alerting NCSC to the serious stories we are hearing from our members.

One target area for criminals was the healthcare sector. The report highlighted 51,000 indicators of compromise from the scanning of 1 million NHS IP addresses. The NCSC email address for capturing suspicious activity ( received 2.3 million emails from the public in four months and helped them take down 22,000 malicious websites.

IPS will shortly be announcing a personal email service for members which will complement and strengthen this national effort.

The coronavirus themes that emerged from the research consistently played on people’s fears to lure them into clicking on a link or opening an attachment containing malicious software. Some of the scam campaigns involved fake vendors claiming to sell and fast-track delivery of Personal Protective Equipment, COVID-19 test kits and even vaccines.

The attacks were still coming in February 2021.

Emails purporting to be from the NHS convince recipients that they have been “selected for a vaccine jab based on family and medical history”. (See reference image below from Mimecast.)

These emails are “phishing” for personal information (like name, date of birth and financial details) when accepting an invitation to confirm the special appointment for a vaccination.  This is all a sham because the vaccine is free in the UK and the NHS will never ask citizens for bank account or card details.

International threat

The NCSC also carried out threat-hunting to shut down security risks connected with devices running the NHS COVID-19 contact tracing app.  In July 2020, the UK accused Russian hackers (the Cozy Bear group)  of attempting to steal information related to the UK’s vaccine research through cyber espionage.  They have also observed the ongoing threat of other state-backed groups targeting the vaccine research, development and delivery roll-out.



The NCSC also commented on the increase in ransomware attacks and the threat they pose to governments, businesses, customers and individuals. They handled more than three times as many ransomware incidents as in the previous year, including an attack on Redcar and Cleveland Council which caused considerable damage and disruption.

Attacks have recently become more targeted and aggressive in nature. They have appeared inside schools, colleges, universities and sports bodies. An English Football club suffered a ransomware attack which crippled its corporate and security systems and took control of the CCTV and turnstiles at the ground which nearly resulted in the cancellation of a game.

Historically, ransomware was all about locking people out of their data until the criminals are paid to give access back.  Things have changed recently where individual victims are now being threatened with being exposed and embarrassed online if they fail to comply.  This is done by personal, private and sensitive data being used and there is a real fear that this issue is massively under-reported because of the shame and embarrassment felt by the victims.  There are many stories of these crimes being carried out where sensitive work emails or financial data or health secrets are used as bargaining chips to get victims to pay up.  This can extend to scenarios where images and videos of a private sexual nature are being threatened with release.  In extreme situations this has already resulted in suicides. These threats really work, even when victims have backed up their data, because the threat of data being released is greater than the threat of losing access to it.

One crumb of comfort from the NCSC comes in a concluding statement:

“Compared to some other countries, the UK did not appear as heavily targeted because British victims were less likely to pay the attackers”.

IPS Summary

This article highlights the growing threats posed by malicious phishing scams and ransomware attacks. Please share your views and experiences below so we can all benefit from educating each other on how best to navigate these criminal attacks.

Have your say

As an IPS member, you can leave us your thoughts, comments and experiences in the commments section below

Leave a Reply

You must be logged in to post a comment.