How are international cybercriminals profiting from the Covid-19 pandemic?

Medical masks - a benefit not to be missed

In the context of the complicated development of the Covid-19 epidemic, the demand for medical masks is increasing while the shortage of supply makes people around the world "restless". Grasping this psychology, cybercriminals continuously post fake medical masks on "black" websites.

According to crisis management firm Digital Shadows, Empire, a notorious illegal marketplace that sells drugs, banned chemicals, and hacking equipment, has been dotted with advertisements for “advanced medical masks that can filter out small virus particles.”

However, Digital Shadows warns that even the photos they post may not be legitimate [referring to the possibility that they stole these photos from reputable companies and organizations -ND].

What’s more, these illegal masks are not cheap, Digital Shadows said, with one cybercriminal group selling boxes of 2,000 masks for $6,500. That means each mask costs up to $3.25, many times higher than the pre-pandemic average.

One “supplier in Ukraine” even claimed online that they could produce up to 200,000 medical masks in just 2-3 weeks. However, according to experts, this number is almost “impossible to achieve” if one wants to meet the strict standards related to this type of medical product.

Digital Shadows commented: “These types of sellers used to mainly trade in drugs and illegal substances, however, seeing the obvious profits from the market, they switched to selling medical products, especially masks.”

According to Digital Shadows, the sale of medical masks “taking advantage of the Covid-19 pandemic” is not only appearing on “dark” websites but also on regular websites. In just the past few weeks, the number of posts selling medical masks on regular websites has increased rapidly “like mushrooms after rain”. Even the fraudulent subjects add “special discount promotions” to attract customers to place orders.

Digital Shadows warns that people who order products like this not only face the risk of buying fake goods, but worse, being scammed because these subjects "basically do not sell masks but only want to collect a large amount of money from buyers, then erase all traces and disappear as if they never existed."

Fraud both experts and medical staff

Another more sophisticated tactic that cybercriminals are using to target medical professionals is to help them “improve their professional knowledge on Covid-19 prevention”.

Specifically, the news agencySky Newshas released an email sent by a criminal gang to healthcare workers at multiple health agencies in the UK as an “internal email from each organization’s IT Department” with the subject: “TO ALL STAFF: RAISE AWARENESS OF COVID-19”, stating that “the agency is organizing a training course for all staff on this deadly virus” and asking them to register via an attached link.

The link leads to a third-party website disguised as a web-based Outlook application, which asks employees to enter all information - including personal information - for hackers. Digital Shadows has also confirmed this information and said that similar tricks have been used by cybercriminals in recent times as the Covid-19 pandemic continues to spread across Europe.

Digital Shadows warns: “Leading health organizations like the World Health Organization (WHO) and the Centers for Disease Control and Prevention(CDC) The United States has always been a top target for cybercriminals due to the nature and impact of their actions on global pandemics.”

Also according to Digital Shadows: “Cyber ​​attackers always try to reach their victims by posting downloadable links or documents that they claim contain extremely important content about epidemic prevention or the latest updated maps about the epidemic. These are also the most searched and discussed contents on medical academic forums in recent times”./.

Tran Khanh