OTTAWA -- Canada鈥檚 top cybersecurity agency has initiated the takedown of more than 1,000 鈥渕alicious imitation鈥 websites attempting to scam or misinform people about the government鈥檚 COVID-19 financial aid programs. It has also observed phishing attempts preying on people鈥檚 anxiety around the pandemic鈥攕ome by state-sponsored actors鈥 masquerading as messages from public health officials.
A (CSE)鈥 one of Canada鈥檚 central intelligence agencies鈥攆ound that in the last two months cybercriminals have set up fake Government of Canada websites, the majority of which were pretending to be the Canada Revenue Agency or related to the Canada Emergency Response Benefit (CERB).
Through these webpages鈥攄escribed as 鈥渃onvincing copies鈥 of official sites鈥 the cyber actors attempt to trick people into divulging personal financial information they thought was going to the federal government. CSE said that is has made moves to have these sites taken down.
These sites are just some of the more than 120,000 newly registered COVID-19-themed domains that the agency is aware of in the last month. Further, cyber actors are also using phishing schemes鈥攁sking people to click links that download malicious and information-stealing software.
In the report released on May 26, the agency said most of the phishing attempts they have pinpointed deliver malware 鈥渁ssociated with either state-sponsored groups or well-known cybercriminals.鈥
鈥淐anadian public health responses and initiatives are being repurposed by state-sponsored cyber threat actors and cybercriminals as COVID-19 lures for the purpose of targeting Canadians and Canadian organizations,鈥 the report found.
One such example happened on March 10, when phishing emails impersonating the Public Health Agency of Canada鈥檚 Chief Public Health Officer Dr. Theresa Tam were used to embed malware from an attachment, cloaked as an 鈥渋mportant COVID-19 update.鈥
Other examples have been emails advertising medical supplies, or to elicit donations.
鈥淐yber threat actors know that affected populations are anxious about the future and less likely to act prudently when presented with emails, SMS messages, or advertisements involving COVID-19 that would otherwise seem suspicious,鈥 said the agency.
It is anticipating that these kinds of cyber-attacks and impersonations will continue as long as COVID-19 remains a key public health concern.
鈥淐ybercriminals appear to be becoming more adept at targeting severely affected regions and municipalities with COVID-19 lures as well. As social distancing efforts begin to 鈥減lank the curve鈥 and the wider public grows increasingly anxious for a return to normalcy, we expect that cybercriminals will likely begin crafting phishing lures which play on an increased appetite for information around COVID-19 vaccine development and production,鈥 reads the report.
COVID-19 RESEARCH AT RISK
These findings come just weeks after CSE issued a joint statement with the Canadian Security Intelligence Service (CSIS) warning that the research being conducted by health authorities across the country into COVID-19 faces an 鈥渆levated level of risk鈥 for foreign-backed hacking or other malicious activity.
Now, CSE says it has already seen two attempts to infiltrate Canadian research into COVID-19. Both taking place in April, the agency said that in one instance a provincial health agency and individuals associated with a Canadian university engaged in research into the novel coronavirus were the targets of a phishing attack.
As well, a Canadian biopharmaceutical company was compromised by a foreign cyber threat actor 鈥渁lmost certainly attempting to steal its intellectual property.鈥
Further, CSE noted that while physical distancing and travel restrictions may be limiting 鈥渢raditional espionage activities,鈥 it is seeing an uptick in online operations.
