Latest News

The Covid-19 cybercrime trends that are here to stay

Mantas Sasnauskas, Senior Researcher at CyberNews, considers the trends which have emerged during the pandemic that show no signs of leaving

As Covid-19 cases skyrocketed across the globe, another pandemic followed swiftly on its heels: the rise of cybercrime. Following instructions to stay at home, we moved our entire lives online. Our sudden dependence on the web to work, shop and socialise gave bad actors brand new opportunities to capitalise on sudden change and confusion.

However quickly businesses could set up new software, governments could promise financial relief and pharmaceutical giants could develop a vaccine, criminal gangs could set up scams to exploit them.

Concerned about staying safe over the coming months? Major attacks over the past year and new forms of cybercrime gaining momentum in  2021 offer a few clues on what to expect.

Phishing for pandemic profits

The events of 2020 pushed everyone to adapt – and enterprising cybercriminals enjoyed better results than most.

State-sponsored hacking groups capitalised on the pandemic to further their attacks on businesses and individuals, and steal vaccine data. In June 2020, Cyfirma exposed a large-scale campaign by North Korea’s Lazarus Group, targeting 5 million individuals and businesses across six different countries. Their method involved using phishing emails impersonating local authorities in charge of dispensing government-funded pandemic support initiatives. The emails were designed to drive recipients to fake websites where they would be tricked into sharing personal and financial information.

Criminals go where the money is, and state-sponsored groups weren’t alone: Webroot found an overall 336% increase in phishing domains since the world’s first person received their dose of the Covid-19 vaccine. Nick Emanuel, Webroot’s Senior Director of Product observed that, “scams using keywords based on emotive subjects concerning medical safety and the pandemic are always going to be more effective, especially when they’re in the public interest.”

When it comes to organisations, one of the main purposes of phishing is to deliver some form of malware or ransomware, and figures make it easy to understand its surging popularity: ransomware is expected to net cybercriminals $20 billion in 2021. 70% of enterprise ransomware victims have paid their ransoms, with sums between $20,000-$40,000, and consumer victims are paying out sums between $500-$1,000.

In a sinister twist, a relatively new ransomware technique called “double extortion” has exploded as gangs sought to maximise profits from IT changes and business interruptions during the pandemic. This technique not only locks companies’ files, but also forces them to pay ransoms to prevent criminals leaking their data to the public. Data shows no businesses are immune: double extortion is on the rise across every major industry, and so far, criminals haven’t discriminated based on the size of businesses.

New careers for criminals

Lockdowns and social distancing measures sparked a worldwide employment crisis. Job losses in hospitality, travel and retail hit headlines, while fashion and liquor brands switched up their strategies to manufacture face masks and hand sanitiser. But few may have realised that the criminal underworld faced the same challenges as the legitimate economy.

Gangsters engaged in brick-and-mortar organized crime were forced to find ways to do business online to replace lost income, as their usual activity was constrained by virus-control measures. Meanwhile, veteran bad actors seized opportunities to exploit Covid chaos with sophisticated scams and attacks.

‘Crimeware as a Service’, or CaaS, is one of the key trends to emerge from the pandemic. Enterprising criminals have begun to operate as consultants, boosting their profits by helping others get into the game.

This model allows scammers with no technical knowledge to buy or rent malware from established cybercriminals, or to hire them to work on their behalf. Infrastructure and knowledge from tech-savvy cybercriminals can be purchased to help spread Covid-related phishing scams and spam emails – securing valuable data or ransoms for bad actors. This could be a significant cause behind the spike in Covid-related cybercrime.

CaaS has also won popularity with advanced threat actors, who use it to rapidly arrange sophisticated ‘hit and run’ operations. The CaaS model makes it difficult to attribute a crime to any particular individual, reducing the risk of getting caught.

The arrival of crimeware-as-a-service has dramatically lowered the bar of entry to life in the online shadows. As technical knowledge is no longer necessary, we can expect scams to proliferate through this method.

Vaccine victims are next in line

Optimism and impatience surrounding the vaccine roll-out revealed some vulnerabilities in the public psyche. A sense of urgency, coupled with general goodwill towards vaccination initiatives, has caused people to let their guard down, and cybercriminals are doing their best to take advantage.

Covid-related cybercrime will continue well into 2021, with tactics evolving to play on new developments in the ongoing fight against the virus. Criminals have already been caught advertising fake (or non-existent) vaccines for sale on the dark web for as much as $1,000 worth of bitcoin, and fundraising campaigns by anti-vaccine groups may present future opportunities for scammers to claim donors’ cash for themselves.

It’s tempting to look at the pandemic as an aberration: to daydream about joining colleagues for happy hour after a hard day in the office, or flying home for the holidays without a second thought for spreading the virus. But the evolution of cybercrime throughout this period is certain to leave a lasting impact.

Criminals have developed new techniques and abilities which are here to stay, and no vaccine will grant immunity to scams or cyberattacks.

Just as we’ve remained vigilant to guidance on Covid, it’s crucial to stay aware of scams, exercise caution online and avoid them wherever possible.