The top cybersecurity agency in Canada has started taking down over 1,000 "malicious imitation" websites trying to scam people or misinform them about the financial aid programs put in place by the government.
The agency has also noticed phishing attempts from people impersonating public health officials—even some coming from state-sponsored actors.
A recent report by the Communications Security Establishment (CSE) found that fake Government of Canada websites have been set up by cybercriminals in the last two months. Most of them pretending they are the Canadian Revenue Agency or somehow linked to the Canada Emergency Response Benefit (CERB).
These websites have been called “convincing copies” of official websites with cyber actors attempting to manipulate people into sharing personal financial information. CSE said it is working to put an end to these them.
These sites make up some of the over 120,000 newly registered coronavirus themed domains found by the agency in the last month. The agency notes that cyber actors are also sending people links that, when clicked, download information-stealing and malicious software.
In the May 26 report, the agency said that the majority of phishing attempts deliver malware “associated with either state-sponsored groups or well-known cybercriminals.”
“Canadian public health responses and initiatives are being repurposed by state-sponsored cyber threat actors and cybercriminals as COVID-19 lures for the purpose of targeting Canadians and Canadian organizations,” the report said.
In one incident on March 10, phishing emails pretending to be the Public Health Agency of Canada’s Chief Public Health Officer Dr. Theresa Tam, embedded malware from a link called “important COVID-19 update.”
Other examples show emails with medical supply advertisements or asking for donations.
“Cyber threat actors know that affected populations are anxious about the future and less likely to act prudently when presented with emails, SMS messages, or advertisements involving COVID-19 that would otherwise seem suspicious,” the agency said.
The agency anticipates more of these attacks as long as coronavirus is a public health concern.
“Cybercriminals appear to be becoming more adept at targeting severely affected regions and municipalities with COVID-19 lures as well. As social distancing efforts begin to ‘plank the curve’ and the wider public grows increasingly anxious for a return to normalcy, we expect that cybercriminals will likely begin crafting phishing lures which play on an increased appetite for information around COVID-19 vaccine development and production,” reads the report.
These findings come only weeks after a joint statement was issued with CSE and the Canadian Security Intelligence Service (CSIS) waring that coronavirus research that has been conducted throughout the country is seeing an “elevated level of risk” for malicious activity such as foreign backed hacking.
CSE says it has found two attempts to gain access to Canadian research into coronavirus. Both of the incidents took place in April.
Another incident took place involving a Canadian biopharmaceutical company that was faced with a foreign cyber threat actor “almost certainly attempting to steal its intellectual property.”
CSE said that though “traditional espionage activities” have been limited due to travel restrictions and physical distancing—it is seeing an increase in online operations.
