Industry News

UK intelligence agency warns of cybercriminals exploiting the Coronavirus outbreak

UK intelligence agency warns of cybercriminals exploiting the Coronavirus outbreak

A division of GCHQ (Britain’s equivalent to the NSA) has warned the public to be on their guard against cybercriminals exploiting the Coronavirus outbreak.

The National Cyber Security Centre (NCSC) has described on its blog how criminals have spread malware via emails purporting to contain important updates about the COVID-19 outbreak, and that attempts have also been made to scam unsuspecting users and phish passwords and sensitive information.

In response to the Coronavirus-related cybercrime threat, the NCSC says it has taken steps to automatically discover and take down malicious sites exploiting the Coronavirus outbreak to serve up phishing attacks and malware.

The techniques being used by the criminals are no different from those seen in many past attacks, but the fact that they exploit the current Coronavirus pandemic means that there is a great chance that unsuspecting computer users will be tricked into falling for them.

In short, you might be more tempted right now to click on a link claiming to contain important information about Coronavirus than you would to click on a link in an email purporting to come from your bank.

In an attempt to strengthen the security of internet users, the NCSC is recommending that the public follow existing advice on how to spot and deal with suspicious emails, and how to protect against malware threats such as ransomware.

As many computer users are likely to be finding themselves in the unusual position of working remotely, perhaps without direct access to IT support teams who would normally be directly available to advise them on security, it’s particularly important that users are reminded of basic security practices.

Paul Chichester, Director of Operations at the NCSC reminded users to report cybercrime attacks to the authorities:

“We know that cyber criminals are opportunistic and will look to exploit people’s fears, and this has undoubtedly been the case with the Coronavirus outbreak. “Our advice to the public is to follow our guidance, which includes everything from password advice to spotting suspect emails. “In the event that someone does fall victim to a phishing attempt, they should look to report this to Action Fraud as soon as possible.”

In recent weeks there has clearly been an increase in cybercriminal exploitation of the Coronavirus crisis, with attempts to dupe users with malicious Coronavirus maps, phishing attacks which purport to come from the Center of Disease Control, and Coronavirus-related Android ransomware, amongst much much more.

It’s sadly easy to predict that things are going to get much worse before they get better. Get clued up about how best to protect yourself, your friends, and your colleagues.

About the author


Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.