Cybercriminals are taking advantage of COVID-19 and the new reality it has imposed: telecommuting hitting peak levels and huge amounts of information — and misinformation — circulating the Internet. Scammers are ramping up their activities as they try to maximize ill-gotten gains. We explain how these organized groups work, what attacks are the most common, and what we can do to protect ourselves.
Like the hotel industry where there is not one single hotel chain that caters to everyone, the world of cybercrime comes in different sizes and flavors: there are large and small groups of organized crime, and even some independent rogues. Of course, the difference is that cybercrime is an illicit sector, and therefore operating outside official limits; nonetheless they still organize themselves into formal structures. These groups are numerous and each one operates to its own philosophy and specialization.
A complete underground economy supporting the concept of Cybercrime as a Service (CaaS) has emerged from these various cybercrime groups. The use of botnets, networks comprising hosts of ‘zombie’ computers and IT equipment infected by malware, is one example of ‘services’ that can be rented from these groups. They also rent servers and even sell ready-to-use malware and viruses. This is the face of cybercriminal democratization, which now facilitates a greater number and variety of attacks, attacks that are occurring more and more frequently with the spread of the coronavirus.
How cybercrime has changed
Starting at the beginning of this century, as large and small companies began generally ramping up their IT system security measures, cybercriminal groups have been gradually changing tactics, moving from technical to social engineering attacks. With the latter, criminals take advantage of human vulnerability to steal user data.
In recent weeks, the number of attacks has skyrocketed, fueled by fear of COVID-19 and exacerbated by a reduced level of security at some companies (resulting from the unexpected and rapid rise in tele-working). The following kind of attacks are typical of those used:
- Social Engineering: This is a tactic used by criminals to hook their victims. It consists of sending emails, text messages, or creating viral chains on social media platforms with malicious links to files that are downloaded or forms that will reveal sensitive user information and/or credentials if they are filled out.
- Trojan: This malware aims to make users’ devices available to cybercriminals. Once accessible, they are used to conduct fraudulent transactions with an innocent IP address or build the botnets previously described, among other activities.
- Spyware: This malware has the primary goal of obtaining data that can later be used or sold, generally information of a medical or financial nature.
- Ransomware: Also malware, it encrypts the victim's device with an unknown code. The criminals will demand a ransom in exchange for the code that will let the victim recover his or her device and data.
Just as COVID-19 is having a global impact, so too are the actions of cyber criminals who are exploiting the current situation with a significant surge of activity worldwide. It would appear that the vast majority of these attacks are spreading from country to country at a pace similar to that of the pandemic and its fallout.
The following table breaks down the most successful cyber attacks that have occurred around the world since he World Health Organization’s Emergency Committee met on January 22, 2020.
As can be seen that internationally, the most successful threats have been the propagation of false maps tracking the virus, as well as ‘CEO Fraud’ which has been used to take advantage of these unusually, vulnerable times to convince targets that it was a legitimate contact.
While it is true that these types of attacks have been common at other times and security recommendations addressing them are periodically disseminated, given the surge of cases detected in the wake of the COVID-19, we wanted to remind you of some key tips that will help you hamstring the cybercriminals:
- Confirm the origin of communications you receive.
- Only share proven information and use official sources in order to avoid inadvertently spreading scams, false information, and/or messages containing fraudulent links.
- Do not download or install programs from unofficial repositories.
- Do not provide medical or financial information unless it is via an official channel, confirmed by a competent authority.
Remember, even with the best security technologies installed on your devices: You are the best defense!
If you want to find out the best ways to protect yourself online during the COVID-19 crisis, read the following articles: