There is a high risk of disinformation campaigns designed to spread panic and fear about the COVID-19 crisis, according to IT firm Fujitsu. In particular, it expects social engineering attacks to focus on fuelling uncertainty and doubt surrounding the effectiveness of COVID-19 vaccines as they begin to be rolled out across the world.
The company said that both criminal gangs and nation state actors will focus on controversial aspects of vaccine programs, including mandatory vaccination, health passports, mass immunity testing and lockdowns in these campaigns. These will target both businesses and individuals through a range of attack vectors, with phishing the most prominent.
There has been a huge rise in phishing campaigns observed since the start of the pandemic last year, with cyber-villains frequently using COVID-19 topics as lures.
The most sophisticated of these attacks will sow division between opposing sides, leading to more polarization and mistrust of information sources. This has been evident during recent elections such as the Brexit referendum in 2016 and the US elections last year.
Fujitsu added that it is already seeing malicious actors leverage issues around personal liberty linked to the pandemic, such as restrictions on movements and requirements to wear a facemask.
Paul McEvatt, head of cybersecurity innovation at Fujitsu, commented: “Phishing is at the heart of these attacks – the targeting of individuals based on their beliefs, or their circumstances, to socially engineer them into a compromised situation. People are more likely to fall for a phish when related to a topic they believe in or identify with. Today, the coronavirus pandemic is a global issue and a highly-emotional one, too, especially since it involves personal liberties and factors such as restriction on movement. There has probably never been a bigger topic for a disinformation attack.”
Earlier today, the European Medicines Agency revealed that documents related to COVID-19 medicines and vaccines have been leaked online following a cyber-attack on the regulator in December.