Interpol Says Hackers Moving To Big Targets During COVID-19

By Ben Kochman
Law360 is providing free access to its coronavirus coverage to make sure all members of the legal community have accurate information in this time of uncertainty and change. Use the form below to sign up for any of our weekly newsletters. Signing up for any of our section newsletters will opt you in to the weekly Coronavirus briefing.

Sign up for our Aerospace & Defense newsletter

You must correct or enter the following before you can sign up:

Select more newsletters to receive for free [+] Show less [-]

Thank You!



Law360 (August 5, 2020, 8:08 PM EDT ) Cybercriminals are increasingly targeting major corporations and governments rather than individuals and small businesses as they exploit vulnerabilities stemming from the COVID-19 pandemic, Interpol warned on Tuesday.

The international crime-fighting agency's Cybersecurity Directorate said that its private sector partners reported receiving 907,000 spam messages, having 737 incidents related to malware, and discovering 48,000 malicious links all "related" to the pandemic between January and April alone.

In a 20-page report, Interpol said that it has seen "a significant target shift" in recent months from individuals and small companies to "major corporations, governments and critical infrastructure, which play a crucial role in responding to the outbreak," with criminals attempting to maximize damage and profit.

"Concurrently, due to the sudden, and necessary, global shift to teleworking, organizations have had to rapidly deploy remote systems, networks and applications," Interpol's cybersecurity analysts added. "As a result, criminals are taking advantage of the increased security vulnerabilities arising from remote working to steal data, generate profits and cause disruption."

Recently reported incidents included a spike in ransomware attacks in the first two weeks of April "by multiple threat groups which had been relatively dormant for the past few months," Interpol said. Attackers in most of those cases appear were savvy enough to know how high of a ransom victims could afford to pay, the agency reported, saying "the majority of attackers estimated quite accurately the maximum amount of ransom they could demand from targeted organizations."

Other threats include a spike in COVID-19-themed phishing emails, with cybercriminals often impersonating government and health authorities in efforts to lure potential victims into divulging sensitive data, Interpol said. There has also been a "significant increase" in cybercriminals creating fraudulent domain names containing keywords like "coronavirus" or "COVID," aiming to dupe people seeking information on the virus into clicking on malicious software, the agency said.

Interpol urged victims of cyberattacks to report the incidents to law enforcement and warned that there will likely be another wave of cyberattacks on health care institutions when a vaccination or medication for the coronavirus becomes available.

Tuesday's report comes after Interpol warned in April that cybercriminals were targeting overburdened hospitals during the pandemic by trying to lock them out of critical systems and extort them into paying ransoms.

Authorities in the U.S., U.K. and Canada have also accused hackers backed by the Russian and Chinese governments of targeting organizations in the West that are researching potential vaccines, in threats that drive home the need for companies to think beyond their regulatory obligations to protect personal data and ensure that their intellectual property is kept secure.

-- Additional reporting by Allison Grande. Editing by Jay Jackson Jr.

For a reprint of this article, please contact reprints@law360.com.

Hello! I'm Law360's automated support bot.

How can I help you today?

For example, you can type:
  • I forgot my password
  • I took a free trial but didn't get a verification email
  • How do I sign up for a newsletter?
Ask a question!