Go back

Warnings issued over hackers taking advantage of Covid-19

Researchers and others told to be vigilant and ‘think before they click’ to prevent hacks

The World Health Organization and Europe’s particle physics laboratory Cern are among organisations asking staff and others to be vigilant about hackers taking advantage of the Covid-19 pandemic to launch cyber-attacks.

“Attackers are on the prowl to maliciously infiltrate companies and enterprises, but also universities and academic institutes,” Cern warned in a message to staff it published on 24 March. It drew attention to “malicious emails, WhatsApp messages or the like on the subject [of Covid-19]”.

“Lots of the embedded links being shared point to allegedly new research results, infection statistics, help pages and advisories, or gossip on how you can best protect yourself,” Cern said. “Not all of them are benign: some intentionally target your computer. So coronavirus is a vehicle for infecting your computer, too.”

A spokesperson for the WHO told Research Professional News: “There are multiple ways attackers are exploiting the current Covid-19 situation via multiple impersonation approaches (vishing [voice phishing], email phishing, WhatsApp phishing, social media).”

On its website, the WHO warns of “suspicious email messages attempting to take advantage of the Covid-19 emergency”, and says that “criminals are disguising themselves as WHO to steal money or sensitive information”.

Both organisations have provided advice on how to avoid falling victim to attack.

Cern advised staff to “Be cautious, and don’t click on links from dubious or not-so-dubious sources”, keep software updated and use secure methods to work remotely. 

The WHO said it has launched only one appeal for donations, the Covid-19 Solidarity Fund, and that any other appeal appearing to be from it is a scam.

The news agency Reuters reported on 23 March that the WHO had experienced a two-fold increase in cyber-attacks during the Covid-19 pandemic.

Despite the heightened emphasis on security, the EU’s agency for cybersecurity Enisa announced on 23 March that it would postpone its sixth pan-European exercise, which had been scheduled to take place in June. The activity, meant to mimic a cyber-attack in the EU healthcare sector, is now planned for early 2021.

“Due to the Covid-19 outbreak, the healthcare sector is currently going through a major crisis that will test its resilience and therefore a simulated cyber crisis like Cyber Europe is currently not a priority,” Enisa said.