The international crime-fighting agency's Cybersecurity Directorate said that its private sector partners reported receiving 907,000 spam messages, having 737 incidents related to malware, and discovering 48,000 malicious links all "related" to the pandemic between January and April alone.
In a 20-page report, Interpol said that it has seen "a significant target shift" in recent months from individuals and small companies to "major corporations, governments and critical infrastructure, which play a crucial role in responding to the outbreak," with criminals attempting to maximize damage and profit.
"Concurrently, due to the sudden, and necessary, global shift to teleworking, organizations have had to rapidly deploy remote systems, networks and applications," Interpol's cybersecurity analysts added. "As a result, criminals are taking advantage of the increased security vulnerabilities arising from remote working to steal data, generate profits and cause disruption."
Recently reported incidents included a spike in ransomware attacks in the first two weeks of April "by multiple threat groups which had been relatively dormant for the past few months," Interpol said. Attackers in most of those cases appear were savvy enough to know how high of a ransom victims could afford to pay, the agency reported, saying "the majority of attackers estimated quite accurately the maximum amount of ransom they could demand from targeted organizations."
Other threats include a spike in COVID-19-themed phishing emails, with cybercriminals often impersonating government and health authorities in efforts to lure potential victims into divulging sensitive data, Interpol said. There has also been a "significant increase" in cybercriminals creating fraudulent domain names containing keywords like "coronavirus" or "COVID," aiming to dupe people seeking information on the virus into clicking on malicious software, the agency said.
Interpol urged victims of cyberattacks to report the incidents to law enforcement and warned that there will likely be another wave of cyberattacks on health care institutions when a vaccination or medication for the coronavirus becomes available.
Tuesday's report comes after Interpol warned in April that cybercriminals were targeting overburdened hospitals during the pandemic by trying to lock them out of critical systems and extort them into paying ransoms.
Authorities in the U.S., U.K. and Canada have also accused hackers backed by the Russian and Chinese governments of targeting organizations in the West that are researching potential vaccines, in threats that drive home the need for companies to think beyond their regulatory obligations to protect personal data and ensure that their intellectual property is kept secure.
-- Additional reporting by Allison Grande. Editing by Jay Jackson Jr.
For a reprint of this article, please contact reprints@law360.com.