Table 1.
Descriptions of COVID-19 related cyber-attacks.
| ID | Ref. | Country | Attack type | Description | Article date | Attack date |
|---|---|---|---|---|---|---|
| 1 | Henderson et al. (2020) | China | P.M | Vietnam accused of launching a METALJACK phishing campaign against the Wuhan district offices | 22/04 | 06/01 |
| 2 | AON (2020) | Global | P.M | International reports that both phishing and smishing campaigns are taking place | 19/01 | - |
| 3 | Forbes (2020) | China, Mongolia | P.M | Chinese hackers accused of distributing the Vicious Panda malware to Mongolia through emails purporting to come from the Mongolian ministry of affairs | 12/03 | 20/01 |
| 4 | F-Secure (2020) | Phillipines | P.M.F | REMCOS malware distributed to Phillipino citizens | 13/03 | 23/01 |
| 5 | Kaspersky (2020) | Singapore | P | Phishing campaign steals email log-in credentials | 28/01 | - |
| 6 | Walter (2020) | Japan | P.M.F | Safety measures phishing campaign distributes Emotet malware | 28/01 | 28/01 |
| 7 | smzdm.com (2020) | China | P.M.F | ’Safety measure’ email from a ’Singaporian specialist’ distributes Emotet malware | 06/02 | 29/01 |
| 8 | Kaspersky (2020) | USA | P | Email purporting list of COVID-19 cases in victim’s city takes user to website which steals credentials | 11/02 | 31/01 |
| 9 | CSDN (2020) | China | H | DoS on epidemic prevention units | 09/02 | 02/02 |
| 10 | CSDN (2020) | China | P | Phishing campaign steals email log-in credentials | 09/02 | 02/02 |
| 11 | TechRepublic (2020) | World | P.M.F | First cases of AZORult a data theft malware | 10/02 | - |
| 12 | cqgbxa.com (2020) | China | P.M | Email purporting specialist safety measures from WHO prompts malware download | 12/02 | - |
| 13 | F-Secure (2020) | Vietnam | P.M | LOKIBOT malware spread through email purporting incorrect invoice payment | 13/03 | 03/02 |
| 14 | Patranobis (2020) | China | P.Ph | Phishing attack on medical groups in China (from India) | 06/02 | 06/02 |
| 15 | freebuf.com (2020) | China | P.M.E | Distribution of CXK-NMSL ransomware through COVID-19 themed emails | 18/02 | 09/02 |
| 16 | freebuf.com (2020) | China | P.M.E | Distribution of Dharma/Crysis ransomware through COVID-19 themed emails | 18/02 | 13/02 |
| 17 | F-Secure (2020) | Italy | P.M | Trickbot malware distributed through email | 13/03 | 02/03 |
| 18 | Stonefly (2020) | Global | P.M.F | MBR wiper malware disguised as contact tracing information | 04/03 | - |
| 19 | F-Secure (2020) | USA | P.M | FORMBOOK malware distributed through email purporting parcel shipment advice | 13/03 | 08/03 |
| 20 | The Register (2020) | USA | M | Health systems in Champaign Urbana Public Health District (Illinois) affected by the netwalker ransomware | 12/03 | 10/03 |
| 21 | F-Secure (2020) | Spain | P.M | Email purports COVID-19 remedy as mooted by Israeli scientists days in advance | 13/03 | 10/03 |
| 22 | Millman (2020) | Czech | H | Cyber-attack on Czech hospital | 14/03 | 14/03 |
| 23 | Stein and Jacobs (2020) | USA | H | Denial of Service on U.S. Health Agency | 16/03 | - |
| 24 | Rosso (2020) | Libya | P.M | Corona live 1.1 is the SpyMax malware which in this case is a trojanised app which exfiltrates user data | 18/03 | - |
| 25 | Desai (2020) | World | P.M | Corona mask offer installs what appears to be a harmless malware which distributes an SMS to all contacts. Presumably an update to the app will mobilise the malware | 19/03 | - |
| 26 | FitzGerald (2020) | Global | P.E | Extortion campaign threatens to infect the recipient with COVID-19 unless a $4,000 bitcoin payment is made | 17/04 | 20/03 |
| 27 | Murica Today (2020) | Spain | P.M | Netwalker ransomware attack disguised as an email advising on restroom use | 24/03 | - |
| 28 | Koenig (2020) | USA | P.M | SMS asks recipient to take a mandatory COVID-19 ‘preparation’ test, points to website which downloads malware | 24/03 | 24/03 |
| 29 | Glos Safe Cyber (2020) | UK | P.M | SMS informs recipient to stay at home with a link for more information. Link directs recipient to a malware ridden website | 24/03 | - |
| 30 | Rodger (2020) | UK | P.Ph.F | Free school meal SMS directs recipient to website which steals payment credentials | 25/03 | 24-03 |
| 31 | Muncaster (2020) | World | M.F | Ginp Trojan distributed in an Android app. App charges € 0.75 for information on infected persons in the recipients region. In actual fact, it steals the payment information | 25/03 | - |
| 32 | O’Donnell (2020) | Global | P | Skype credentials stolen through a crafted phishing campaign | 23/04 | 31/03 |
| 33 | Strawbridge (2020) | World | P.Ph.M.F | Free Netflix offer directs users to a malware ridden website | 27/03 | - |
| 34 | de Seguridad del Internauta (2020a) | Spain | P.F | Fake SMS asking to introduce bank details to get the furlough pay | 27/03 | - |
| 35 | Chadwick (2020) | UK | M | Fake NHS website gathers user credentials | 28/04 | - |
| 36 | Magazine (2020) | UK | P.M | Email purports to offer job retention payment as per the UK governmental announcement | 30/04 | 19/04 |
| 37 | Abrams (2020) | Global | M | Coronalocker locks a computer and appears to cause rather more annoyance than any real damage | 21/04 | - |
| 38 | Dark Reading (2020) | Global | P.M | Docusign recipients directed to fake website offering COVID-19 information | 08/05 | - |
| 39 | Smithers (2020) | UK | P.M | Recipients are directed to a fake track and trace website which collects user credentials | 13/05 | - |
key: P:Phishing (or smishing); Ph:Pharming; E:Extortion; M:Malware; F:Financial fraud; H:Hacking.