FBI tracking explosion in cybercrime and espionage related to the coronavirus pandemic

Jenna McLaughlin
·National Security and Investigations Reporter
·6 min read

Whether it’s extortion scams or commercial espionage, hackers and spies are jumping at the chance to take advantage of the chaos created by the coronavirus pandemic, a senior FBI official said Thursday.

In recent months, the FBI has seen daily complaints of cybercrime victims to its public website, the Internet Crime Complaint Center, go from about 1,000 reports a day to up to 3,000 or 4,000, “a good number” of which are coronavirus-related scams, said Tonya Ugoretz, deputy assistant director of cyber division of the FBI, during a live webinar hosted by the Aspen Institute’s cybersecurity program.

Additionally, Ugoretz noted, hackers within foreign governments are aggressively targeting institutions working on coronavirus-related research, to steal or track information about public health and potential vaccines.

“We’re seeing really the collision between highly motivated cyberthreat actors and an increase in opportunity they can take advantage of,” said Ugoretz.

John Hultquist, director of intelligence analysis for private cybersecurity firm FireEye, told Yahoo News that his team is seeing similar activity. “We have definitely seen espionage that appears to be COVID-19-related,” he said during a phone interview. “These actors are definitely being tasked to gather information on organizations who are involved in the fight. We’ve seen government-type organizations being targeted.”

On April 2, Reuters reported that Iranian hackers were targeting staffers at the World Health Organization in an attempt to gain access to their email accounts. Hultquist confirmed that on a “broader level ... this kind of activity is pretty strong.”

Photo illustration: Yahoo News; photos: Getty Images (2), UPMC vua Reuters.
Photo illustration: Yahoo News; photos: Getty Images (2), UPMC vua Reuters.

During a high-profile public event like the Olympics or during major holidays, criminals often take advantage of the public’s curiosity and tailor their attacks to lure potential victims, dropping a malicious link to a potential shopping sale or a news article in emails. During times of crisis, that hunger for information is even more intense, and the inclination to click on a malicious link more likely.

Some external corporate research, including from cybersecurity company VMware Carbon Black, has shown a greater than 100 percent increase in ransomware attacks in recent months.

“Our data suggests that our cyber adversaries are looking to take full advantage of the situation,” wrote Tom Kellermann, head cybersecurity strategist at VMware Carbon Black, in an email to Yahoo News. “These cyberattacks, while heavily targeting the financial sector right now, are sure to pivot to hospitals and medical research companies, who are at resource capacities battling on the front lines,” he continued. “During these times, public and private sharing of attack data becomes even more critical.”

Ugoretz lamented the “brief shining moment” when she and her colleagues at the FBI hoped cybercriminals would show their humanity and “think targeting this pandemic for personal profit ... might be beyond the pale.”

“Sadly, that has not been the case,” she said.

Some of the kinds of attacks the FBI has seen include fake internet domains for companies selling personal protective equipment, fake charities, and fake loan deals and extortion scams in addition to phishing attacks with compelling links promising information about the outbreak. She said the FBI, in response, has tried to immediately push out as much unclassified information as possible to the public and private sector.

One scam the FBI and the Secret Service are particularly concerned about is related to the stimulus checks citizens will receive aimed at injecting life back into a wilting economy and helping the increasing number of unemployed. “The implementation of the $2 trillion stimulus package will provide even more criminal opportunities,” wrote Michael D’Ambrosio and Terry Wade, respectively the assistant director of the U.S. Secret Service and the executive assistant director at the FBI leading the criminal, cyber, response and services branch, wrote in a recent op-ed in the Washington Post,

“Fraudsters around the world are already developing methods to steal the critical financial support intended for communities, companies and individuals,” they wrote. “This is unacceptable. We cannot tolerate criminals profiting off an unprecedented crisis and targeting people when they are at their most vulnerable.”

A funeral director, left, with corpse
A funeral director, left, collects a body at the Brooklyn Hospital Center in New York City. (John Minchillo/AP)

On the espionage side, Hultquist tells Yahoo News, spies are up to their old tricks — just putting more resources and urgency into it.

“You can expect all kinds of espionage in this kind of environment,” he said.

Interestingly, while nations have devoted intense energy to fighting global cybercrime and theft of intellectual property in recent years, a crisis like the coronavirus pandemic, in which nations are fighting dire public health challenges, might lead to an increase in bolder attempts at espionage, Hultquist speculated, though he says this kind of activity is certainly not new.

“We have definitely seen theft of [intellectual property] around medical [institutions] for a long time,” he said. But if nations are struggling to survive, seeking information on a vaccine for the deadly virus to save citizens’ lives, maybe “they can kind of take the gloves off because it’s not about commercial advantage, it’s about this existential threat,” he said.

In response, some cybersecurity experts are taking a more active role in fighting back.

Marc Rogers, executive director of cybersecurity at Okta, a cloud software company based in San Francisco, spoke during the Aspen webinar about a new effort called the Cyber Threat Intelligence League. Thus far, the league has drawn together around 1,400 security experts from 76 countries who are helping proactively track and defend against cybercrime relating to the pandemic.

The organization is partnering with law enforcement to share intelligence on these attacks, and to date has identified and taken down over 2,000 malicious internet domains, many of them masquerading as official institutions like the World Health Organization and even national governments. It is also scanning the internet for vulnerabilities that would affect hospitals before hackers can exploit them; already it has discovered over 2,000 potential insecurities.

“Whenever anything happens that causes uncertainty or disruption … [criminals] can use that as a lure,” explained Rogers. In response, “people are throwing themselves at us to help.”


Click here for the latest coronavirus news and updates. According to experts, people over 60 and those who are immunocompromised continue to be the most at risk. If you have questions, please refer to the CDC’s and WHO’s resource guides.

Read more: