The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) continues to receive reports from individuals, businesses and government departments about a range of different COVID-19 themed scams, online frauds and phishing campaigns. This threat update is about raising awareness of the evolving nature of COVID-19 related malicious cyber activity impacting Australians. The Australian Competition and Consumer Commission’s (ACCC) Scamwatch page also has helpful information about the different types of COVID-19 scams and how to prevent yourself becoming a victim.
Cybercrime actors are pivoting their online criminal methods to take advantage of the COVID-19 pandemic. On average each month, the ACSC receives about 4,400 cybercrime reports through ReportCyber, and responds to 168 cyber security incidents. Since 10 March 2020, the ACSC has:
- received more than 95 cybercrime reports (approximately two per day) about Australians losing money or personal information to COVID-19 themed scams and online frauds,
- responded to 20 cyber security incidents affecting COVID-19 response services and/or major national suppliers in the current climate, and
- disrupted over 150 malicious COVID-19 themed websites, with assistance from Australia’s major telecommunications providers, Google and Microsoft.
Cybercrime actors are registering COVID-19 themed websites to conduct widespread phishing campaigns that distribute malicious software (malware) or harvest personal information from unsuspecting Australians. The Australian Signals Directorate is committed to protecting Australians from malicious cyber activity during this difficult time, including by striking back at these cybercriminals operating offshore.
Malicious cyber adversaries will continue to use COVID-19 themed phishing campaigns to obtain user credentials, allowing them to bypass security controls in order to gain access to accounts and networks belonging to individuals and businesses. This could include targeting employees working from home and the remote systems they are relying upon. Sophisticated adversaries will also be focused on covertly obtaining COVID-19 information such as details of Australia’s pandemic responses and research on vaccines and treatments, broadening the types of information they typically target.
Those engaged in cybercrime activities continue to rapidly adapt their techniques in response to changes in the current environment. The ACSC is observing new phishing campaigns that align with breaking developments, such as government relief payments or public health guidance, within days, even hours, of these announcements occurring. Cybercriminals are also amending previoulsy used methodologies or widespread scam campaigns with a COVID-19 theme. The ACSC strongly encourages all organisations and individuals to remain vigilant against the threat of COVID-19 themed cybercrime activity, including sophisticated scams, phishing emails and malicious websites.
Volume of COVID-19 themed malicious cyber activity
Since March 2020, cybercriminals and other malicious actors are distributing widespread COVID-19 themed SMS and email campaigns, together with a variety of scams. The ACCC’s Scamwatch has received over 1,100 reports about COVID-19 scams, with almost $130,000 in reported losses reported. The ACSC has received over 115 cybercrime and cyber security incident reports from individuals and businesses. The true extent of this malicious activity is likely to be much higher, as these numbers only represent cases reported to the ACSC and the ACCC. The ACSC is working closely together with our industry, government and law enforcement partners, including the ACCC, Services Australia, Australian Federal Police and Australian Criminal Intelligence Commission, to share information and disrupt this COVID-19 themed scam and other malicious cyber activity.
COVID-19 themed SMS phishing campaigns
The ACSC is tracking a number of different SMS phishing campaigns that seek to trick recipients into clicking on a malicious web link contained in the message. While the links appear to come from legitimate organisations, such as the Australian government or a financial institutions, they actually direct the recipient to a malicious website that is hosting malware. For example, in one campaign, the malicious actor is directing people to a website hosting the Cerberus banking Trojan, a form of malware that has been carefully crafted to steal your financial information.