For many cybercriminals, the global coronavirus pandemic has been a golden opportunity for fraud.
And we haven’t even seen the worst of it yet.
Scammers love crises. From the criminal’s perspective, few things are better for cultivating new victims than a natural disaster or a social crisis.
Why? Because scams work best when people aren’t thinking clearly. When people are highly emotional, scared or anxious, as they usually are during a crisis, they tend to make impulsive decisions. This is exactly what the scammers want.
Cybercriminals are opportunists, and during a “normal” crisis — like a natural disaster — the opportunities are often short-lived. But the current crisis (or, rather, crises) is different. The pandemic isn’t going away anytime soon. Companies are not going to bring back all of their employees into the office. Instead, remote work will become a permanent fixture of the corporate world.
The health crisis has also provoked an economic crisis that won’t be resolved in a year, and probably not even in two. While the stock market may rebound, unemployment will remain high. And amid all of this chaos, a social crisis is brewing. The George Floyd protests could be the beginning of wider social anger and disarray, as the pandemic exacerbates long simmering issues such as racial tension and economic inequality.
All of these changes are affecting cybercrime too. Cybercriminals are nothing if not adaptive and creative, and they smell opportunity amid all of this disorder. What began as N95 mask scams and CDC spoofing is now evolving into more organized and determined criminal efforts.
Here are seven ways cybercrime is changing amid the pandemic:
WFH will be a major target for hackers
Get ready for a wave of corporate and small business data breaches.
With so many companies shifting to remote workforces, hackers see an unprecedented opportunity to bypass the corporate firewall and get access to coveted data they can sell on the black market. This ranges from customer card numbers to corporate logins, employee information, intellectual property, bank accounts, tax IDs, insurance accounts and more.
Hackers will exfiltrate as much data as they can, and sell it on the Dark Web. Businesses will have a hard time stopping these attacks, because WFH undermines the ‘security perimeter,’ makes monitoring difficult and puts employees in charge of security. After all, remote desktop tools are essentially commercial backdoors that you pipe into the company’s network.
And with most employees working from insecure environments (consumer-grade WiFi routers, home PCs that probably have malware on them already, game consoles sharing the network, etc.), the chances of compromise are going through the roof. Employee isolation is another factor. Phishing emails are a lot more effective when you can’t peak over the cubicle to ask your co-worker if that email really came from them.
Ransomware gangs are getting more aggressive
While crises are usually a boon for cybercriminals, the current economic crisis could make it harder for some ransomware victims to pay up. Perhaps because of this, ransomware groups are getting more aggressive in their tactics. The most significant change is the use of “business shaming”. If the victim refuses to pay, the hackers will threaten to publicly expose or auction their data.
The REvil ransomware group recently debuted an eBay-like auction site for stolen information. The Maze ransomware group also created a new data leak site to advertise the stolen information. Going forward, businesses that get infected with ransomware could face higher costs than before, not only in the extortion fee, but in the reputational damage and long-term business implications from this type of exposure.
Cybercrime alliances are forming
This may be the beginning of a broader trend in the crime industry, as hacking groups increase cooperation with one another to become more profitable and prolific during the economic downturn.
Already, criminals frequently “rent” botnets and other services from hackers in the Dark Web, so it wouldn’t be a stretch to see a greater collaboration.
Hacktivism will make a comeback
Ok, so “hacktivism” never really went away, but it’s certainly been a lot less prolific than it was during the heydays of the early 2010s. Hacktivists could stage a comeback very soon, spurred on by the social justice causes that are gaining new urgency amid the pandemic.
The hacktivist group Anonymous has already claimed credit for disabling the Minneapolis Police Department website during the George Floyd protests, and unknown activists also reportedly jammed the Chicago Police Department’s emergency radio system. Hacktivists have traditionally latched onto social causes and issues, such as the 2014 Ferguson protests, Iran’s disputed 2009 election, and countering the Westboro Baptist Church.
Digital skimmers are the new credit card threat
Brick-and-mortar retail was already on life support, but the pandemic may have just pulled the plug. With in-store sales plunging even more than they were before, and more consumers moving online, the hackers are following.
Expect to see a major increase in the stealthy digital attack known as “formjacking” (aka “Magecart” and “e-skimming”) throughout the year and into the next, as hackers follow the money. Formjacking was already prolific, but as more shoppers skip the store to avoid exposing themselves to the virus, that makes point-of-sale RAM scrapers less profitable for criminals.
In recent weeks, Claire’s and Fitness Depot became the latest victim of this online crime wave, and many more companies will follow. Formjacking isn’t just a threat to retailers. Any company that accepts user-submitted information, from online forms to logins, can be at risk. According to one security firm, less than 1% of website operators have implemented the right security measures to prevent these attacks.
HR in the crosshairs
In recent weeks, there’s been a lot of discussion about the growing risk of job scams for out of work Americans.
But cybercriminals are also doing the reverse — targeting human resource departments with fake job applications, in order to get a backdoor into the company. The latter is going to be one of the major threats for businesses going forward, as it will often be very difficult for HR officers to tell the difference between real and fake job applicants.
Sophisticated crime groups like TA505 have already been actively involved in “poisoned CV” campaigns, and other hacking groups are using bogus CVs to steal financial information. Since HR departments are used to receiving email attachments, or links to online resumes, from unknown parties, they are more susceptible to these phishing campaigns.
Hackers are also using using legitimate tools (ex: Windows’ Task Scheduler) instead of malware to spread the infection or sending malicious messages through LinkedIn.
Business identity theft will entangle more companies
You’ve heard of personal identity theft, but did you know the same thing can happen to companies?
Cybercriminals that are able to steal a company’s employer identification number (EIN), insurance information, credit card number, vendor number or business email accounts can effectively impersonate that company in order to defraud it. They can claim tax refunds, place orders, make fake insurance claims, transfer money or defraud other businesses on your company’s behalf.
With so many businesses in disarray following the outbreak and economic shutdown, cybercriminals are going to take advantage of this distraction to pull off more of this fraud. Business identity theft was already taking place before the pandemic, but it’s going to get a lot worse over the coming year — and beyond.
The bottom line is that businesses can expect a rocky year ahead, not only from the pandemic, but from an overall rise in cybercrime activity. We’ll see more technically savvy individuals around the world turn to cybercrime to pay the bills — and few targets are as rich as American businesses.
Jason Glassberg is co-founder of Casaba Security, a cybersecurity and ethical hacking firm that advises cryptocurrency businesses, traditional financial institutions, technology companies and Fortune 500s. He is a former cybersecurity executive for Ernst & Young and Lehman Brothers.