While medical professionals tackle the spread of Covid-19 virus, the UK government has initiated tough measures to contain the spread of false coronavirus information online.
The rapid response unit set up by the government to combat misinformation about coronavirus has been identifying and tackling five to ten incidents each day, said a UK government announcement. It targets all malicious operators, from ‘experts’ creating and circulating dangerous false information, to cyber-criminals running phishing scams.
“We need people to follow expert medical advice and stay at home, protect the NHS and save lives. It is vital that this message hits home and that misinformation and disinformation which undermines it is knocked down quickly,” said culture secretary Oliver Dowden in the announcement.
“We’re working with social media companies, and I’ll be pressing them this week for further action to stem the spread of falsehoods and rumours which could cost lives.”
The rapid response unit is a part of the counter-disinformation cell operated by the government, made up of experts from across the administration and in the technology sector.
The government will re-launch its successful ‘Don’t Feed the Beast’ public information campaign in the coming days, to make people question and verify the information they get online, added the announcement.
From two in February, phishing campaigns have ballooned to dozens per day, reported SpiderLabs at Trustwave.
“The most common campaigns we see that use the Covid-19 theme are the ones that use emails with malicious attachments or links. The attachments or links often include archives that contain new variants of well known malware families, particularly password stealers and RATs such as Azurult, Trickbot, HawkEye and Agent Tesla but they are not limited to this malware,” said Ziv Mador, VP - security research, SpiderLabs team at Trustwave.
In other words, the Covid-19 outbreak provided new social engineering possibilities for distributing mostly known malware along with new variants, Mador told SC Media UK.
An overwhelming number of phishing scams ran “health advisory from WHO”, listed the SpiderLabs team. Apart from the malware that these mails injected, these health advisories posed the risk of causing physical harm to anyone who cared to follow it.
“That is why government communicators are working in tandem with health bodies to promote official medical advice, rebut false narratives and clamp down on criminals seeking to exploit public concern during this pandemic,” said paymaster general Penny Mordaunt said in the announcement.
The government or SpiderLabs at Trustwave have not attributed the attack to any particular group. SC Media UK earlier reported that state-sponsored threat groups were using Covid-19 guidance as a ruse for targeted attacks.
“That development is not surprising. APTs often use social engineering tricks to penetrate organisations and place their foothold,” said Mador.
Many of the scams and misinformation campaigns are developed by Russian-speaking cyber-criminals, he noted.
“Many of them are located in Russia but some others live in other countries, mostly from ex USSR countries. We cannot specify an attack at this point where Russia as a country is behind.”
While the government has been spotting and tracking misinformation and phishing campaigns using its elaborate crime-fighting mechanism, Trustwave relies on its own research which is based on its telemetry.
“We collect it from customer environments (subject to their consent), from our WW SOC centres, from honeypot deployments, from breaches we investigate for our clients and from various partnerships we maintain with leading industry players. We also closely monitor cyber-criminals’ forums on the darkweb,” Mador said.
“As with any international crime, strong and determined execution by law enforcement against cyber-crime will help reduce its scope, including in those countries where many of those cyber-criminals live and operate. There shall be no “safe havens” for these fraudsters and bad actors.”