The Australian Cyber Security Centre (ACSC) has issued a threat update to raise awareness and provide cyber security advice surrounding COVID-19 themed malicious cyber activity.
The update explains that with cyber criminals capitalising on people’s growing concerns and desire for information about the global pandemic, there will likely be an increase in the frequency and severity of COVID-19 related scams and phishing emails.
Just the past few weeks, ACSC has observed thousands of COVID-19 related websites being registered, to which the vast majority of registered websites are legitimate, however many are being created by cyber criminals seeking to exploit Australians.
In the last three months, the Australian Competition and Consumer Commission’s (ACCC) Scamwatch has received more than 100 reports of scams about COVID-19.
Between March 10 and March 26, the ACSC has received more than 45 cyber crime and cyber security incident reports all related to COVID-19 themed phishing and scam activity, however the true figure is likely to be much higher, as these statistics represent reported cases.
Many of the cyber activity has involved an SMS phishing campaigns, to which Australians had reported receiving text messages, appearing to be sent from the government, redirecting them to a malicious website.
An assessment by the ACSC discovered that the website was hosting the banking Trojan Cerberus. Cerberus is designed to steal people’s financial information.
Another phishing campaign involved cyber criminals impersonating Australia Post in order to steal personal information.
A statement from Minister for Health Greg Hunt, Australian Chief Medical Officer Professor Brendan Murphy, and Minister for Communications, Cyber Safety and the Arts Paul Fletcher said: “As the spread of the coronavirus increases, it’s vital every Australian understands the practical action they must take to look after themselves and help us protect those most at risk.”
Acting head of the ACSC Karl Hanmore added: “A key concern for the Australian Cyber Security Center is cyber criminals looking to prey on businesses as they transition to an increasingly remote workforce.”
“Now is a good time for businesses to be more aggressive in blocking potentially malicious emails and websites from their network gateway. Now more than ever, it is critical that businesses have their software patched and up to date.”
Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.