INTERPOL Assessment Shows Significant Spike in Cybercrime During COVID-19 Pandemic
10 August 2020
An INTERPOL assessment of the impact of COVID-19 on cybercrime has shown a significant spike across the globe during the pandemic. The report further indicates a shift in targets from individuals and small businesses to major corporations, governments and critical infrastructure, which play a crucial role in responding to the outbreak.
Cybercriminals are exploiting the fear and uncertainty caused by the unstable social and economic situation around the world. At the same time, the higher dependency on connectivity and digital infrastructure due to the global lockdown increases security vulnerabilities and opportunities for cyber intrusion and attacks.
In a single four-month period (Jan to Apr 2020) some 907,000 spam messages, 737 malware related incidents and 48,000 malicious URLs – all related to COVID-19 – were detected by one of INTERPOL’s private sector partners.
While cybercrime has spiked across the globe during the COVID-19 pandemic; comprehensive analysis of data received from INTERPOL’s member countries, private partners and Cyber Fusion Centre, revealed crime trends vary from region to region.
- Two-thirds of member countries reported a significant increase in the malicious domains registered with the keywords’ COVID’ or ‘Corona’ aiming to take advantage of the growing number of people searching for information about COVID-19 online.
- Cybercriminals are taking advantage of the pandemic to deploy ransomware against critical infrastructure and healthcare institutions responsible for COVID-19 response.
- Cloning of official government websites is increasingly occurring to steal sensitive user data, which can later be used in further cyberattacks.
- European law enforcement agencies are registering widespread phishing campaigns.
Distribution of the key COVID-19 inflicted cyberthreats based on member countries’ feedback
Figure 1 via INTERPOL COVID-19 Cybercrime Analysis Report
Secrutiny’s Chief Security Advisor Dr Shane Shook explains there are two primary modern evolutions in the cybercrime ecosystem that are being exercised.
Firstly, with more people working from home, security defences of related endpoints and home networks are weaker. Bad actors have more opportunity for successful email spoofing and phishing, as well as DNS redirection of internet domains for websites that users rely upon (news, social media, personal finance and online shopping sites, etc.), creating bigger botnets of infected computers. This offers bad actors direct enrichment from stolen financial accounts information and online advertising impression revenues, ransomware and extortion of stolen information. It can even lead to business interruption as infected at-home computers that utilise VPN access to corporate network services, and information resources can provide access for bad actors; as well as the many other forms of cybercrime that we have learned occur.
Secondly, with more people choosing to rely upon social media for news rather than the perceived bias in professional news media outlets (largely due to social media influence and “mis/dis information” campaigns by propaganda sites and actors), bad actors have more opportunity to use “passive targeting” by relying upon social graphs of your connections with others to engender trust on requests for connection, or deliberate mis/dis information relay. This creates market, social, and political changes that serve bad actors’ interests. While these are longer-term developments; even short-term gains such as misinformation about corporate bankruptcies or celebrity/political figures can cause market fluctuations that have immediate benefits for those performing related “information scams”.
The full INTERPOL COVID-19 Cybercrime Analysis Report, including the COVID-19 cyberthreat landscape from a regional perspective for Africa, Americas, Asia and South Pacific and the Middle East and North Africa, is available for download here.
A critical privilege escalation exploit in Windows Server (CVE-2020-1472), codenamed Zerologon, allows an attacker to become a domain admin, even without any credentials.
Microsoft’s September Patch Tuesday fixes 129 security holes (23 of which are rated ‘critical’) in numerous versions of its Windows operating system and related software. One of the more critical patches could allow remote code execution by sending an email to a victim.
Secrutiny Awarded Position on Crown Commercial Services “Cyber Security Services 3 Dynamic Purchasing System”
We are thrilled to announce that Secrutiny has been awarded a position on Crown Commercial Service’s Cyber Security Services 3 Dynamic Purchasing System (DPS).