Google detected more than 18 million daily coronavirus related malware and phishing emails being sent to Gmail users last week. The Big Tech firm also reported hackers deployed 240 million daily spam messages referencing COVID-19 during the same period. In fact, the company notes online scammers attempting to exploit the global health crisis represents one-fifth of the deceptive communications it tracked in the second week of April.
Google’s Response to COVID-19 Emails
Despite the scope of the COVID-19 scam email problem, Google has established powerful cybersecurity tools to protect its users. The firm utilizes a machine learning program to help detect and block 99.9 percent of email “spam, phishing, and malware.” The corporation is also working to make it harder for cybercriminals to trick unsuspecting account holders.
Google has teamed with the World Health Organization (WHO) to aid in its implementation of Domain-based Message Authentication, Reporting, and Conformance (DMARC) email protocol. The firm took action because scammers commonly use fake WHO email to gain unauthorized access to private and public networks.
Once deployed, malicious cyber actors will not be able to spoof WHO domains in their deceptive email schemes as easily. Besides, the agency’s enabling the DMARC protocol will stop email servers from erroneously flagging its genuine messages.
A Vast and Multifaceted Problem
While Google’s efforts to deal with pandemic exploiting fraudsters are admirable, the problem it is facing is vast and multifaceted. I.T. security company Barracuda Networks told the BBC that phishing email deployments increased by 667 percent since the COVID-19 outbreak began. In addition, rogue operators are using more than just online messaging to spread malicious software.
In early-March, Reason Cybersecurity posted a threat assessment regarding a deceptive program called Corona-virus-Map.com.exe. On its surface, the app looks identical to the coronavirus pandemic tracking map developed by Johns Hopkins University. In actuality, it conceals a malware strain called AZORult that harvests users’ web browser history, passwords, and cryptocurrency keys.
Two government cybersecurity agencies recently issued a joint warning about the prevalence of coronavirus related email scams and data breaches. The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and the U.K.’s National Cyber Security Centre noted hackers are using widespread mass remote work transitions to subvert users’ virtual private network tools.
As such, the CISA has posted a guide outlining steps users can take to protect their data better.
International Cyber Espionage
Notably, everyday cyber thieves are not the only party using public anxiety about the global health crisis to deploy malicious software.
BAE Systems Applied Intelligence has “medium confidence” that a Russian military-linked group called Olympic Destroyer used spoofed WHO emails to install keyloggers on the systems of unsuspecting Ukrainian citizens. ZDNet reports Russian-based rogue operators launched an email campaign to spread COVID-19 misinformation in the Ukraine, which prompted riots in parts of the country.
Similarly, cybersecurity firm IssueMakersLab notes North Korean rogue operators attempted to subvert networks used by South Korean government officials with a malicious program called BabyShark.
Knowing the coronavirus pandemic has prompted a surge in phishing schemes, and cyber espionage is undeniably chilling. But it is heartening to know government cybersecurity agencies, private IT intelligence firms, and Google are all striving to protect the public.