The impact of COVID-19 on the state of cybercrime

The unfortunate arrival of COVID-19 has forced many of us to stay at home to prevent the spread of the virus.

This ‘new normal’ has led to millions of people relying on the internet more than ever to continue with essential activities like shopping, working, and schooling.

Businesses and organizations have rushed to deploy effective remote systems and networks to support working from home. However, although the web has become more indispensable than ever, its dark side has also become more dangerous too. 

Opportunistic cybercriminals are often quick to take advantage of chaotic times. The first quarter of 2020 saw 737 malware attacks, 48,000 malicious URLs, and 907,000 spam messages related to COVID-19. Cyberattackers are using the pandemic to steal money from organizations, access personal data belonging to individuals, and exploit gullible children. Here are the many ways COVID-19 has impacted the state of cybercrime.

The Sudden Shift to Remote Work

The pandemic has sped up the shift to a new, widely adopted way of remote working. This remote set-up has stretched the limits of IT infrastructures well beyond their comfort zones.

Within an office setting, IT experts can impose security standards and protect the internal network. Unfortunately, they have much less control over private devices and home networks. Instead of fortifying the corporate network, the IT department is forced to set up interfaces that allow remote access and, thus, compromise security.

The rush to shift working arrangements to a remote set up has offered a window of opportunity to cybercriminals looking to infiltrate systems with their army of trojans, spyware, and info stealers.

Increasingly Vulnerable Children

Isolated due to the pandemic, child abuse offenders are expressing a growing interest in image trading. Children are also spending more time online because of lockdowns. More than 1.5 billion underage people across the world have been affected by school closures. These huge changes have increased children’s exposure to threats of sexual exploitation.

With institutions and schools switching to video teleconferencing, the ‘new normal’ has seen a boom in the so-called Zoom-bombing. The FBI has received several reports of Zoom conferences being hijacked with threatening language and pornographic or hate images.

In one such incident, a cybercriminal disrupted an online class with profanities. In another case, the attacker revealed his swastika tattoos in an online school meeting.

Preying on People’s Fears

Deeply concerned about their health, many people have become hungrier for information than ever before. They’re endlessly searching for answers and possible treatments for themselves or loved ones, often neglecting the rules of protection online. And cybercriminals are using the situation to their advantage to carry out attacks.

One such coronavirus-related attack involves an Android app that claims to provide real-time virus-tracking but actually distributes ransomware. The app is laced with CovidLock malware, which denies access to the phone owner, holds the device hostage, and charges around $100 to unlock it.

Using social engineering or human hacking, attackers explicitly target senior citizens,  displaced workers and anyone else unfamiliar with online risks. They use deceptive emails and links to trick their unwitting victims into downloading ransomware. This is done through domain names, email subject lines, and file names with the word “Coronavirus” in them.

Targeting Healthcare Organizations

IT security experts have raised the alarm on the increasing number of cyberattacks against healthcare institutions. Hackers are looking to capitalize on the crisis by harvesting demographic and financial information or holding systems hostage.

On March 13, 2020, the Brno University Hospital was forced to turn away new patients and postpone urgent surgeries as they grappled with a cyberattack. A key COVID-19 testing site in the Czech Republic, the hospital had to shut down its entire IT network. The following day, Hammersmith Medicines Research, a London-based lab researching vaccines, fell victim to ransomware called Maze.

These incidents happened shortly after hacking groups pledged to refrain from attacking hospitals and medical organizations while the outbreak continues.

State-Sponsored Attacks

Cyberspies rarely miss out on opportunities to exploit disasters. Government-backed hacking groups believed to be from Russia, North Korea, and China are using coronavirus-based phishing lures to infiltrate government infrastructures and infect targets with malware.

North Korean hackers injected malware into documents containing information about South Korea’s response to the pandemic. The files are believed to have been sent to South Korean government officials.

The Russian Hades group released trojan-infected documents that appeared to contain the latest COVID-19 news. Disguised as emails sent from the Ministry of Health of Ukraine, the documents were part of a disinformation campaign that eventually led to panic and violent riots in Ukraine.

A Vietnamese cybersecurity firm detected a trojan-infected RAR file attachment that appeared to carry a coronavirus-related message from the Vietnamese Prime Minister. The file was sent out by the Chinese state-sponsored hacking group called Mustang Panda.

Diverted Resources

Several countries have been forced to divert counter-cybercrime law enforcement officers from fighting attacks to supporting government measures against the COVID-19 outbreak. Some officials have also fallen ill, further reducing their capability to counter the increasing barrage of online threats.

Cyberattacks are expected to evolve and continue to harm individuals, businesses, organizations, and critical infrastructures. And since hackers are keeping up with the changing social and economic landscape brought about by the pandemic, cybersecurity measures and protocols will have to evolve just as quickly too.