Huge rise in hacking attacks on home workers during lockdown

Cybercriminals are exploiting fears and chaos caused by coronavirus, says security firm

Hackers have launched a wave of cyber-attacks trying to exploit British people working from home, as the coronavirus lockdown forces people to use often unfamiliar computer systems.

The proportion of attacks targeting home workers increased from 12% of malicious email traffic before the UK’s lockdown began in March to more than 60% six weeks later, according to to data from cybersecurity company Darktrace provided to the Guardian.

Attacks specifically aimed at exploiting the chaos wrought by Sars-CoV-2 have been evident since January, when the outbreak started to garner international news headlines.

The attacks have increased in sophistication, specifically targeting coronavirus-related anxieties rather than the more usual attempts at financial fraud or extortion.

In early May, Darktrace detected “a large malicious email campaign” against UK businesses that told employees they could choose to be furloughed if they signed up to a specific website.

Other attacks have targeted the tools used by remote workers, including fake requests to reset virtual private network (VPN) accounts, Zoom video conferencing accounts with faked sign-in pages, or accepting an incoming “chat” request from colleagues on supposedly corporate messaging systems.

There has also been an increase in spoofing attacks, with emails purporting to be from a colleague. Darktrace said about a fifth of malicious emails would normally use some form of spoofing, but that this rate has reached up to 60% as attackers exploit the increased separation of workforces.

One spoofing attack featured an unnamed company chief executive supposedly asking workers to donate to his health charity, while others mimic IT support departments asking workers to download new software.

GCHQ, the UK’s cyber-intelligence organisation, has called for people to report attempts at phishing using fraudulent emails as it tries to block malicious websites.

The EU’s foreign affairs wing, the European external action service, has already warned of a proliferation of cyber-attacks and disinformation campaigns related to the pandemic, highlighting efforts thought to be linked to the Russian and Chinese states. The World Health Organization and the US National Institutes of Health have been targeted.

Darktrace said similar patterns were evident across the world, with increases in home-working attacks evident as soon as different countries entered their lockdowns, with Italian workers targeted before those in the UK and the US.

Max Heinemeyer, director of threat hunting at Darktrace, said attackers often reuse the same techniques on many different companies, looking for back doors in networks that may have inadvertently been left open.

“It can be very easy and very quick to capitalise on vulnerabilities like this,” he said, adding that attackers such as the APT41 operation, believed to have been carried out by Chinese state-backed actors, “sprayed and prayed”, attacking large numbers of targets.

The warning came after British airline easyJet was forced to reveal that a hack had exposed the personal information, including travel records, of 9 million people over a period of more than four months.

Sign up to the daily Business Today email or follow Guardian Business on Twitter at @BusinessDesk

A person with knowledge of the probe into the easyJet attack said investigators believed financial fraud was not the main motivation for the attack. Reuters reported that investigators believed the easyJet hack may have been carried out by the Chinese state.

Security experts have seen a high volume of attacks since January by actors believed to be backed by China. Another trend has been the targeting of hotel and travel companies in what is believed to be an effort to gather movement information for large numbers of people.


Jasper Jolly

The GuardianTramp

Related Content

Article image
Lloyds bank accounts targeted in huge cybercrime attack
Banking group says none of its 20m accounts were hacked or compromised after fending off two-day denial of service attack

Patrick Collinson

23, Jan, 2017 @12:20 PM

Article image
Police and banks tell shoppers to be vigilant for Black Friday scams
Online crime during Black Friday and Cyber Monday in 2020 defrauded UK shoppers by £2.5m

Gwyn Topham

22, Nov, 2021 @12:01 AM

Article image
Police issue warning against coronavirus fraudsters in UK
Fake emails and scams about outbreak already tricked UK public out of £800,000

Patrick Collinson

06, Mar, 2020 @12:11 PM

Article image
EasyJet reveals cyber-attack exposed 9m customers' details
Airline apologises after credit card details of about 2,200 passengers were stolen

Jasper Jolly

19, May, 2020 @11:13 AM

Article image
CryptoLocker attacks that hold your computer to ransom

Extortionists using 'ransomware' called CryptoLocker are accessing personal computers to block files, demanding £200 or more for their release

Donna Ferguson

19, Oct, 2013 @6:00 AM

Article image
'I lost £95,000 in a bank scam after my solicitor's email was hacked'
Sally Flood managed to claw two-thirds back, but says lenders should do more to protect customers

Rupert Jones

29, Feb, 2020 @1:00 PM

Article image
Fraudsters use bogus NHS contact-tracing app in phishing scam
People receive SMS alert about contact with someone who has tested positive for coronavirus

Rebecca Smithers

13, May, 2020 @4:30 PM

Article image
Fraud soars by 53% in a year as scammers get sophisticated
Financial services providers are launching a national campaign to combat rise in fraud and remind customers to stop and think

Rupert Jones

19, Sep, 2016 @11:01 PM

Article image
10 ways to beat CryptoLocker
Protecting your files from CyptoLocker and other malware starts with a few sensible precautions

Donna Ferguson

19, Oct, 2013 @6:00 AM

Article image
UK cybersecurity unit tackles record number of online scams in 2021
More than 2.7m attempted frauds interrupted, including fake celebrity endorsements and extortion emails

Dan Milmo

10, May, 2022 @5:00 AM