Global Cybercrime Surging During PandemicInterpol: Fraudsters Shifting Focus to Governments, Health Infrastructure, Corporations
Cybercriminals have shifted their focus from individuals and smaller businesses to target governments, critical health infrastructure and major corporations to maximize their profits and disruption during the COVID-19 pandemic, Interpol warns in a new report.
Due to the sudden global shift to a remote workforce during the COVID-19 crisis, organizations have had to rapidly deploy remote systems, networks and applications, notes the report issued Tuesday by the global law enforcement organization, which has 194 member countries. "As a result, criminals are taking advantage of the increased security vulnerabilities arising from remote working to steal data, generate profits and cause disruption," the report notes.
For example, from January to April, approximately 907,000 spam messages, 737 incidents related to malware and 48,000 malicious URLs - all related to COVID-19 - were detected by one of Interpol's private-sector partners, the report says.
Threat actors have revamped their online scams and phishing schemes, often impersonating government and health authorities to trick victims into providing personal data and download malicious content, the report notes.
"Cybercriminals are increasingly using disruptive malware against critical infrastructure and healthcare institutions, due to the potential for high impact and financial benefit," Interpol reports. "Such ransomware or distributed-denial-of-service attacks can result in regular disruptions or a total shutdown of business operations as well as a temporary or permanent loss of critical information."
For instance, during the first two weeks of April 2020, there was a spike in ransomware attacks by threat groups that had been relatively dormant in previous months, the report notes. "Law enforcement investigations show the majority of attackers estimated quite accurately the maximum amount of ransom they could demand from targeted organizations."
The deployment of data-harvesting malware - such as Remote Access Trojans, info stealers, spyware and banking Trojans - by cybercriminals is on the rise, Interpol reports. "Using COVID-19-related information as a lure, threat actors infiltrate systems to compromise networks, steal data, divert money and build botnets," the report says.
Cybercriminals are also taking advantage of the spiking demand for medical supplies as well as timely information about COVID-19, with fraudsters increasingly registering domain names that contain related keywords, such as "coronavirus" or "COVID," the report says.
"These fraudulent websites underpin a wide variety of malicious activities, including C2 [command and control] servers, malware deployment and phishing," Interpol says.
Meanwhile, an increasing amount of misinformation and fake news is rapidly spreading, the report notes. "Fueled by the uncertain social and economic situation in the world, unverified information, inadequately understood threats and conspiracy theories have contributed to anxiety in communities and in some cases facilitated the execution of cyberattacks," Interpol states.
Ideal Enviroment for Crime
The stress and uncertainty caused by the COVID-19 crisis is creating the ideal environment for cybercriminals looking to cash in or create chaos.
"Given the impact and scale of COVID-19, cyberattacks related to organizations involved in COVID-19 research or those firms providing relief services have continued to evolve, morph and expand," says Stanley Mierzwa, director of the Center for Cybersecurity at Kean University in Union, New Jersey.
"Threat actors will continue to look for areas of vulnerability, and this could potentially reside in 'local' or 'satellite' offices of larger global for-profit, non-profit and non-governmental organizations that may not be utilizing centrally managed or administered systems," Mierzwa says.
Craig Jones, who leads the global cybercrime program for Interpol, said in a recent interview with Information Security Media Group: "Certainly in relation to the COVID-19 pandemic, we're seeing a unique combination of events that have led to a whole range of specific criminal opportunities."
Criminals haven't shied away from attempting to seize those opportunities, as demonstrated by their rush to rebrand attacks and even "fake news" campaigns to give them a COVID-19 theme, as well as unleash scams involving personal protective equipment, he told ISMG.
As a result, all organizations need to remain vigilant, Mierzwa suggests. "Global organizations need to take additional precautions and ensure that their affiliates are situationally aware of the threats," he says.
As the pandemic persists, "fear lends itself to insecurity and insecurity and uncertainty lead to poor cyber defense," says attorney Jason G. Weiss a cyber forensics expert and retired FBI agent who now works at the law firm Faegre Drinker, Biddle and Reath.
"It is more important than ever that people re-evaluate their commitment to cyber defense and work to educate themselves on ways to secure their networks and to identify common social engineering attacks like phishing attacks," he says.
"As COVID drags on and cases continue to grow, it is safe to assume that cybercrime and fraud will only grow and become more sophisticated, especially as the economy shrinks and people being to suffer from the financial consequences of COVID-19. The key now is to minimize and limit potential threat attack matrixes and to improve cyber hygiene education."
The Interpol report says the surge in cybercrime shows no signs of subsiding.
"Vulnerabilities related to working from home and the potential for increased financial benefit will see cybercriminals continue to ramp up their activities and develop more advanced and sophisticated modi operandi," the report notes.
"Threat actors are likely to continue proliferating coronavirus-themed online scams and phishing campaigns to leverage public concern about the pandemic. Business email compromise schemes will also likely surge due to the economic downturn and shift in the business landscape, generating new opportunities for criminal activities," Interpol predicts.
And once a COVID-19 vaccine is available, "it is highly probable that there will be another spike in phishing related to these medical products as well as network intrusion and cyberattacks to steal data," the report states.
Last month, authorities in the U.S., U.K. and Canada issued a joint advisory warning that the Russian hacker gang Cozy Bear - or APT20 - was targeting research organizations involved with COVID-19 vaccine development (see: US, UK, Canada: Russian Hackers Targeting COVID-19 Research).
Then in late July, the U.S. Department of Justice announced it had charged two Chinese nationals with hacking into the computer systems of hundreds of organizations in the U.S. and abroad to steal intellectual property. Prosecutors say the suspects' activities included probing for vulnerabilities in systems at companies developing COVID-19 vaccines, treatments and testing technologies (see: DOJ: Chinese Hackers Targeted COVID-19 Vaccine Research).
To help battle the surge in cybercrime, organizations need to take several critical steps, Weiss says.
"The time has come for everyone to consider using the cybersecurity framework models provided by organizations like the National Institute of Standards and Technology and the International Organization for Standardization, to harden their internal networks and ensure that they are doing everything they can to prevent as many cyberattacks as possible," he says.