Cyber-criminals exploit government announcements during pandemic unique study suggests

A woman sitting at computer screens

A unique study analysing cyber-crimes reported during the Covid-19 pandemic suggests criminals are exploiting official government announcements to target victims.

Cyber-crime – such as ‘phishing’ – where an individual’s personal information is targeted using deceptive emails and other fraudulent practices - has soared during the global pandemic as fraudsters seek to exploit the unique circumstances.

The research paper, ‘Cyber Security in the Age of Covid-19: A Timeline and Analysis of Cyber-Crime and Cyber-Attacks during the Pandemic’, published in the Elsevier Computers & Security journal, analyses the pandemic from a cyber-crime perspective and highlights the range of global cyber-attacks experienced during the first five months of the pandemic in 2020.

The authors compiled a time-line and analysis of 43 cyber-attacks related to Covid-19 in order to assist in understanding the attacks and how they are crafted, and as a result, to better prepare to confront them if ever seen again.

They believe they have revealed a link between cyber-crime and governmental policy announcements, as well as media coverage including cyber-crime campaigns.


Researchers note a pattern between specific announcements – such as one on the shortage of PPE equipment – and scams which then used the public information as ‘bait’. One example shows that two days after the first lockdown on March 23, 2020, the UK Government issued a warning about fake messages being sent about fines for contravening lockdown rules.

Dr Xavier Bellekens from the Department Electronic and Electrical Engineering at the University of Strathclyde, who jointly wrote the paper with academics from the universities of Abertay, Kent, Oxford and Warwick, said:

Over the last year we have seen a surge in cyber-attacks targeting critical infrastructures, governments, organisations and end-users, influenced by governmental announcements. These have ranged from targeted attacks to selling counterfeited respirators to hospitals, denying of essential services through ransomware, selling fake online Covid-19 testing equipment as well as more recently, generating fake Covid travel tests.

These techniques, while common, had never been observed in relation to an event of this magnitude, making this study unique.

Cyber attacks

The analysis, which covered a period from mid-March to mid May 2020, shows that following what appeared to be large gaps between the initial outbreak of the pandemic in China and the first Covid-19 related cyber-attack, attacks steadily became much more prevalent, with up to four unique cyber-attacks reported across a single day.

The cyber-attacks were categorised, and it was found that 86% involved phishing and/or smishing, 65% involved malware and 34% involved financial fraud. Hacking and denial of service were involved in five per cent of cases respectively.

Dr Bellekens added: “It takes a couple of days for the first cybercrime after the announcement of the initial Covid-19 outbreak in China, but the more we've advanced in time, subsequent attacks were launched very close in time to announcements.

“We found links that government announcements may actually accelerate cyber-crime, which is then targeted at the people affected by the announcement. As well as the UK, we looked at different announcements in different countries, and then we also linked cyber-attacks to those announcements.

“By using the corresponding cyber-attack campaign as a hook, the cyber-criminals are increasing the likelihood of success.”

Home workers

The paper also documents the increased vulnerability to cyber-criminals of the new army of home workers and Dr Bellekens added: “The pandemic leaves many organisations exposed to cyber-attacks, with companies and governments rolling out new technologies to accommodate remote working and ensure business continuity.

“When you're in your work environment you usually have protections like Firewalls and intrusion detection systems to protect your computer. But working remotely means some will be using personal laptops that have not been vetted by their employers and might be working on sensitive and critical projects.

“The increased anxiety generated by the pandemic has also heightened the likelihood of cyber-attacks succeeding and governments and the media should be aware that announcements and the publication of stories could give rise to the associated cyber-attack campaigns which leverage these events.”